Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I can't attach files on YAHOO/Hotmail any more !

Started by kony , Jun 04 2010 03:49 AM

  • Please log in to reply

#1
kony
Posted 04 June 2010 - 03:49 AM

kony

    Member

  • Member
  • PipPip
  • 16 posts
HELLO TO all,

here is my problem...down below you also will find the different tests have been running on advise by sweettech :

i'm running windows 7 with a HP PAVILION DV6-1330 laptop bought last year...i have a fair internet connexion (3G)

I am absolutely desperate cause since 4 days i cannot attach any file to my emails wether it is under yahoo mail or hotmail !!! Nothing new i have installed lately that could explain this problem

Im accessing those usual mail platforms through the webmail adress (yahoo.com and hotmail.com) and NOT through Windows Live Mail which i don't like much by the way (i don't use Outlook neither)

i can download and read attachements people send me but when it comes for me to attach documents in my emails, it loads forever and actually never attach anything. I have to say i can send emails without attachments though

Also the documents i tried to send are very light photos or word documents (under 100 or 200 ko usually) . Picture under 50 ko are attached but whatever above 50 ko fail on both yahoo and HOTMAIL...


i went through so many help forums trying to find a solution in other people's posts but i failed...i tried everything :

1) i have kasperky anti virus updated so i scanned my system many time in search of viruses...nothing !
2) the windows firewall is not activated
3) i came back to YAHOO CLASSIC and back again to Yahoo NEW MAIL , it doesn't help in neither
4) i installed C.CLEANER and cleaned my whole system (delete cache, cookies, check and repair registry etc...) then restarted the computer
5) i tried to attach various light documents on both yahoo and hotmail and of both Firefox 3.6 and Internet explorer 8
6) i desactivated Windows defender thinking it could be the cause and even tried to desactivate the Kaspersky's mail control tool for 10 minutes...
7) Windows critical update have been executed

None of those have allowed me to be able to send attachments again !

i even tried to restore windows system to an earlier date just to realize the formest date it proposed me was 2 days ago...when my email attachment problem appeared 4 days back..so didn't do it

The only indication i got after all those tests is that this problem comes from my computer cause i tried from a friend's computer today with my internet connection and then i was able to attach files above 50 ko on both my yahoo and hotmail.com email accounts

Thanx for your help cause at this point i'm really desperate and i don't want to reach the painful point where i have to reinstall windows...

HP PAVILION DV6-1330
WINDOWS 7
FIREFOX 3.6.4
IE8
KASPERSKY ANTI-VIRUS 2010
=================================

This is what i did to try to solve by myself

1) TFC (Temp File Cleaner)
2) ERUNT
3) MBAM : no malware was found (see log below)
4) New complete scann with KASPERSKY : nothing was found
5) restarted system
6) rootkit detection : first got an error message on launch telling me the specified files was not found on C/windows/system32/confif/system...then decided to download the zip file again from the main site and unzipped and ran the .exe file(with random name) again..same error message on launch, decided to run the scann anyway and after it got completed got the "GMR hasn't found any system modification" message.

as a matter of fact the GMR log notepad is empty...

7)i did the OTL.

After all this my problem remains...

i post the MBAM report down bellow and will post the very long OTL and EXTRA on request.

thanx

MBAM (translated from french)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

databasis version: 4168

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04/06/2010 01:19:50
mbam-log-2010-06-04 (01-19-50).txt

Type d'examen : Examen rapide (QUICK SCANN)
checked files: 125124
Time elapsed : 5 minute(s), 7 seconde(s)

Processus mémoire infected: 0
Module(s) mémoire infecté(s): 0
registry key infected: 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Infected folders: 0
Infected files : 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Edited by kony, 04 June 2010 - 03:52 AM.

  • 0

Advertisements

#2
RKinner
Posted 05 June 2010 - 05:34 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Please post OTL and Extras logs.

Ron
  • 0

#3
kony
Posted 06 June 2010 - 01:00 AM

kony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
hello Ron,

Here u go

OTL :

OTL logfile created on: 04/06/2010 11:15:48 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Program Files (x86)\MALWARE ERADICATION KITCHEN
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,92 Gb Total Space | 159,81 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 12,97 Gb Total Space | 2,17 Gb Free Space | 16,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1863,01 Gb Total Space | 620,64 Gb Free Space | 33,31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPERTED
Current User Name: TEDDY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/02 00:16:36 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Program Files (x86)\MALWARE ERADICATION KITCHEN\OTL.exe
PRC - [2010/02/04 18:52:57 | 001,228,208 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/04 18:52:57 | 000,814,160 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/03 21:50:50 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/07 16:09:06 | 000,282,624 | R--- | M] (France Telecom SA) -- C:\Program Files (x86)\CardDetector\HUAWEI\CardDetector.exe
PRC - [2009/10/07 14:09:06 | 001,368,064 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Connection Kit\Deskboard\Deskboard.exe
PRC - [2009/10/07 14:09:06 | 001,110,016 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Connection Kit\Phonetools\TextMessaging.exe
PRC - [2009/10/07 14:09:06 | 001,007,616 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Connection Kit\Connectivity\ConnectivityManager.exe
PRC - [2009/10/07 14:09:06 | 000,725,744 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Connection Kit\Launcher\Launcher.exe
PRC - [2009/10/07 14:09:06 | 000,544,768 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Connection Kit\Connectivity\Corecom\CoreCom.exe
PRC - [2009/10/07 14:09:06 | 000,245,760 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Connection Kit\Systray\SystrayApp.exe
PRC - [2009/10/07 14:09:06 | 000,094,208 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
PRC - [2009/10/07 14:09:06 | 000,094,208 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
PRC - [2009/10/07 14:09:06 | 000,077,824 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2009/08/17 22:59:28 | 000,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/07/26 16:44:52 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/24 19:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009/07/23 21:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 12:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/02/20 14:22:34 | 004,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/12/06 01:48:08 | 000,699,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe
PRC - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/06/03 08:02:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2006/01/19 13:06:18 | 000,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files (x86)\Musicmatch\Musicmatch Jukebox\mm_tray.exe
PRC - [2006/01/19 13:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files (x86)\Musicmatch\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/01/19 13:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files (x86)\Musicmatch\Musicmatch Jukebox\mim.exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 00:16:36 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Program Files (x86)\MALWARE ERADICATION KITCHEN\OTL.exe
MOD - [2009/07/14 04:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 04:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 04:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/02 21:54:23 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/07/22 04:33:00 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 04:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 04:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 04:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 04:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 04:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 04:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 04:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 04:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 04:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 04:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 04:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 04:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 04:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/14 04:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 04:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 04:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 04:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 04:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 04:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 04:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (ezSharedSvc)
SRV:64bit: - [2009/07/14 04:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 04:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/03 00:16:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/03 00:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2010/02/04 18:52:57 | 001,228,208 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/10/07 14:09:06 | 000,077,824 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2009/07/14 06:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 06:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/14 04:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 04:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 23:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 23:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/22 21:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/04 18:53:02 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/12/11 13:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/11/17 07:55:54 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2009/10/14 20:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/02 18:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/26 09:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/09/14 13:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/09/01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/23 02:36:42 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/08/04 12:04:26 | 000,115,072 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/08/04 12:04:26 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009/07/22 04:33:00 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/21 06:39:00 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/15 02:16:00 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 04:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 04:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/14 04:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 04:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/14 04:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/14 04:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 04:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/14 04:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/14 04:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/14 03:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/14 03:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/14 03:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/14 03:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/14 03:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/14 03:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/14 03:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/14 03:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/14 03:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/14 03:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) Périphérique vidéo USB (WDM)
DRV:64bit: - [2009/07/14 03:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/14 03:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/14 03:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/14 03:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/14 03:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/14 03:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/14 03:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/14 02:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/14 02:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/14 02:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/14 02:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/14 02:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/14 02:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/14 02:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/14 02:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/14 01:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/03 00:51:00 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 21:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/29 20:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/11 00:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 00:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 00:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 00:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 23:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 23:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 23:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/05/02 16:34:30 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdsax64.sys -- (nmwcdsax64)
DRV:64bit: - [2007/05/02 16:33:38 | 000,017,408 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdsacjx64.sys -- (nmwcdsacjx64)
DRV:64bit: - [2007/05/02 16:33:36 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdsacx64.sys -- (nmwcdsacx64)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 04:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/14 04:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/11 00:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/11 00:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://fr.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.11.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:2.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/03 21:51:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/23 13:35:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3\components [2010/04/19 18:02:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3\plugins [2010/05/23 13:35:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 1\components [2009/11/23 21:26:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 1\plugins [2010/05/23 13:35:09 | 000,000,000 | ---D | M]

[2009/11/03 23:52:36 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Extensions
[2009/11/13 23:57:32 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions
[2009/11/03 23:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/11/08 10:43:26 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/11/03 23:53:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/05 23:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2009/11/03 23:53:42 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\[email protected]
[2009/11/04 00:03:56 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\[email protected]
[2009/11/08 01:20:33 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\unplug@compunach
[2010/04/03 18:34:58 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\ftlo06dh.3avril2010\extensions
[2010/06/04 00:57:24 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\tjml7s8o.SUPERTED\extensions
[2010/03/30 19:58:07 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\tjml7s8o.SUPERTED\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/11/19 22:31:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/06/24 15:31:33 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/06/24 15:31:33 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/06/24 15:31:33 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/06/24 15:31:33 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/06/24 15:31:33 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\TEDDY\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (NTIECatcher Class) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files (x86)\Xi\NetTransport 2\NTIEHelper.dll (Xi)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BEWINTERNET-RTUSessionManager] C:\Program Files (x86)\Connection Kit\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorHUAWEI] C:\Program Files (x86)\CardDetector\HUAWEI\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [MimBoot] C:\Program Files (x86)\Musicmatch\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files (x86)\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [S60 PC Suite Tray] C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O8:64bit: - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files (x86)\Xi\NetTransport 2\NTAddLink.html ()
O8:64bit: - Extra context menu item: Download all by FlashGet3 - C:\Users\TEDDY\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Users\TEDDY\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm ()
O8:64bit: - Extra context menu item: Télécharger avec IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files (x86)\Xi\NetTransport 2\NTAddList.html ()
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files (x86)\Xi\NetTransport 2\NTAddLink.html ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\TEDDY\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\TEDDY\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files (x86)\Xi\NetTransport 2\NTAddList.html ()
O9:64bit: - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{a28185b4-d1e9-11de-9cb0-00269e262285}\Shell - "" = AutoRun
O33 - MountPoints2\{a28185b4-d1e9-11de-9cb0-00269e262285}\Shell\AutoRun\command - "" = G:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{e4f210d3-c398-11de-87f8-00269e262285}\Shell - "" = AutoRun
O33 - MountPoints2\{e4f210d3-c398-11de-87f8-00269e262285}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/14 06:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - C:\Windows\SysNative\vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/06/04 01:10:43 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\AppData\Roaming\Malwarebytes
[2010/06/04 01:10:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/04 01:10:32 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/04 01:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/04 01:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/04 01:02:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/04 01:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/06/04 00:50:46 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\Documents\MALWARE ERADICATION KITCHEN
[2010/06/04 00:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWARE ERADICATION KITCHEN
[2010/06/03 21:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2010/06/03 21:14:29 | 004,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Program Files (x86)\everesthome220.exe
[2010/06/03 10:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/06/03 10:02:32 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\AdSigner
[2010/06/03 09:36:39 | 003,387,040 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup232.exe
[2010/06/02 21:54:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/06/02 21:54:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/06/02 19:29:54 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/06/02 19:27:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/02 19:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/06/02 19:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/06/02 19:25:09 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Program Files (x86)\Ad-AwareInstaller.exe
[2010/05/27 20:51:47 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\Documents\District 9
[2010/05/03 17:33:06 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\Documents\PHOTOS CHINE
[2010/05/03 05:23:21 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\Documents\Mes fichiers reçus
[2010/03/30 21:25:16 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\Documents\Downloads
[2010/03/30 21:25:11 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\AppData\Roaming\IDM
[2010/03/30 21:25:11 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\AppData\Roaming\DMCache
[2010/03/30 21:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2010/03/30 19:57:19 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\AppData\Roaming\BITS
[2010/03/30 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\AppData\Roaming\FlashGetBHO
[2010/03/30 19:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet Network
[2010/03/30 19:55:47 | 006,146,304 | ---- | C] (Trend Media Corporation Limited.) -- C:\Program Files (x86)\flashget3.3.0.1092en.exe

========== Files - Modified Within 90 Days ==========

[2010/06/04 11:20:54 | 004,980,736 | -HS- | M] () -- C:\Users\TEDDY\ntuser.dat
[2010/06/04 11:12:37 | 000,052,537 | ---- | M] () -- C:\Users\TEDDY\Documents\Gmer when launched.JPG
[2010/06/04 11:11:44 | 000,050,532 | ---- | M] () -- C:\Users\TEDDY\Documents\GMR no modification.JPG
[2010/06/04 11:05:09 | 000,293,376 | ---- | M] () -- C:\Users\TEDDY\Documents\pgot2p52.exe
[2010/06/04 10:43:40 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/04 10:43:40 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/04 10:36:38 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/04 10:35:17 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/04 10:35:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/04 10:34:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/04 10:34:56 | 3195,420,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/04 10:33:59 | 004,249,911 | -H-- | M] () -- C:\Users\TEDDY\AppData\Local\IconCache.db
[2010/06/04 01:10:36 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/04 01:02:27 | 000,000,909 | ---- | M] () -- C:\Users\TEDDY\Desktop\ERUNT.lnk
[2010/06/03 21:15:08 | 000,001,106 | ---- | M] () -- C:\Users\TEDDY\Desktop\EVEREST Home Edition.lnk
[2010/06/03 18:29:47 | 000,084,240 | ---- | M] () -- C:\Users\TEDDY\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/03 18:28:50 | 000,354,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/03 10:48:54 | 000,001,889 | ---- | M] () -- C:\Users\TEDDY\Desktop\CCleaner.lnk
[2010/06/03 10:36:53 | 000,768,512 | ---- | M] () -- C:\Users\TEDDY\Documents\MON COMPTE.xls
[2010/06/03 09:42:15 | 000,049,664 | ---- | M] () -- C:\Users\TEDDY\Documents\ARCHIVES DISQUE DUR.xls
[2010/06/03 09:38:07 | 001,524,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/03 09:38:07 | 000,695,004 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/06/03 09:38:07 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/03 09:38:07 | 000,127,684 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/06/03 09:38:07 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/02 21:32:33 | 000,000,336 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat
[2010/06/02 19:52:44 | 000,000,891 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat
[2010/06/02 19:27:15 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/02 07:34:24 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTEDDY.job
[2010/06/01 20:18:30 | 000,303,370 | ---- | M] () -- C:\Users\TEDDY\Documents\shopping cart preview.jpg
[2010/06/01 20:00:27 | 000,101,402 | ---- | M] () -- C:\Users\TEDDY\Documents\mural customized.JPG
[2010/06/01 01:10:35 | 000,330,752 | ---- | M] () -- C:\Users\TEDDY\Documents\MES CONGES.xls
[2010/05/26 12:36:41 | 003,387,040 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup232.exe
[2010/05/05 15:45:03 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/05/05 15:45:03 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/05/01 08:49:52 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/05/01 08:08:46 | 000,002,563 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/05/01 08:08:23 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/30 19:57:33 | 000,000,025 | ---- | M] () -- C:\Windows\libem.INI
[2010/03/30 19:57:26 | 000,001,217 | ---- | M] () -- C:\Users\TEDDY\Desktop\FlashGet 3.3.lnk
[2010/03/21 19:19:47 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/03/12 17:06:29 | 000,015,620 | ---- | M] () -- C:\Users\TEDDY\AppData\Roaming\NMM-MetaData.db
[2010/03/10 03:35:00 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWow64\ezsvc7x.dll

========== Files Created - No Company Name ==========

[2010/06/04 11:12:37 | 000,052,537 | ---- | C] () -- C:\Users\TEDDY\Documents\Gmer when launched.JPG
[2010/06/04 11:11:43 | 000,050,532 | ---- | C] () -- C:\Users\TEDDY\Documents\GMR no modification.JPG
[2010/06/04 11:05:04 | 000,293,376 | ---- | C] () -- C:\Users\TEDDY\Documents\pgot2p52.exe
[2010/06/04 01:10:36 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/04 01:02:27 | 000,000,909 | ---- | C] () -- C:\Users\TEDDY\Desktop\ERUNT.lnk
[2010/06/03 21:15:08 | 000,001,106 | ---- | C] () -- C:\Users\TEDDY\Desktop\EVEREST Home Edition.lnk
[2010/06/03 10:48:54 | 000,001,889 | ---- | C] () -- C:\Users\TEDDY\Desktop\CCleaner.lnk
[2010/06/02 21:47:39 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/06/02 19:27:15 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/01 20:18:30 | 000,303,370 | ---- | C] () -- C:\Users\TEDDY\Documents\shopping cart preview.jpg
[2010/06/01 20:00:27 | 000,101,402 | ---- | C] () -- C:\Users\TEDDY\Documents\mural customized.JPG
[2010/05/17 21:05:09 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForTEDDY.job
[2010/04/06 21:55:23 | 000,330,752 | ---- | C] () -- C:\Users\TEDDY\Documents\MES CONGES.xls
[2010/03/31 21:04:50 | 000,000,336 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2010/03/30 19:58:49 | 000,000,891 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2010/03/30 19:57:33 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/03/30 19:57:26 | 000,001,217 | ---- | C] () -- C:\Users\TEDDY\Desktop\FlashGet 3.3.lnk
[2010/03/21 19:19:47 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/12/19 23:09:50 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/15 18:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/06/02 21:32:33 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\BITS
[2010/05/31 08:10:42 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\DMCache
[2010/03/30 19:57:18 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\FlashGet
[2010/03/30 19:57:16 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\FlashGetBHO
[2010/03/31 20:08:48 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\IDM
[2009/12/06 15:52:21 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\Megaupload
[2009/10/27 02:45:31 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\Musicmatch
[2009/11/23 19:57:50 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\PC Suite
[2010/01/21 20:20:32 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\PhotoFiltre
[2010/02/04 07:50:51 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\Samsung
[2010/05/04 04:14:50 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\uTorrent
[2010/06/01 20:20:00 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\VSO
[2009/07/14 08:08:49 | 000,024,406 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/04 10:34:56 | 000,001,266 | ---- | M] () -- C:\aaw7boot.log
[2009/07/14 04:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/06/04 10:34:56 | 3195,420,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/04 10:34:56 | 4260,560,896 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 04:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
< End of report >



EXTRA : i had to translate some of the EXTRA report lines since they were in french !!! Also i see some issues with ADAWARE. Please note that ADAWARE was installed 3 days ago after i started noticing the unability to attach files over 50 ko on my email accounts. It always ran smoothly on my computer...

OTL Extras logfile created on: 04/06/2010 11:15:48 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Program Files (x86)\MALWARE ERADICATION KITCHEN
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,92 Gb Total Space | 159,81 Gb Free Space | 56,09% Space Free | Partition Type: NTFS
Drive D: | 12,97 Gb Total Space | 2,17 Gb Free Space | 16,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1863,01 Gb Total Space | 620,64 Gb Free Space | 33,31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPERTED
Current User Name: TEDDY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Connection Kit\Connectivity\ConnectivityManager.exe" = C:\Program Files (x86)\Connection Kit\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files (x86)\Connection Kit\Connectivity\ConnectivityManager.exe" = C:\Program Files (x86)\Connection Kit\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{16AD84C0-E7A0-F64D-D55A-15D274C4439A}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83715090-142B-D305-36EC-7538A007D336}" = ATI Catalyst Install Manager
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{8FCDACA0-E090-4A9A-AC71-A96E7371DC6E}" = HP 3D DriveGuard
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{27B0C2FD-9739-8D7D-6552-307C786D9097}" = Catalyst Control Center InstallProxy
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{38022B5C-0C69-389F-DA48-B87480B5705A}" = CCC Help Turkish
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3BBBF379-6C7E-0985-18F6-6C60D6C36EC6}" = CCC Help Portuguese
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.0.140
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4B2F56AC-C043-C84F-3EF1-E6D6F21E934F}" = Catalyst Control Center Graphics Full Existing
"{4F2C2E34-5A3E-0E70-BDFC-A5B1E3C2FFAC}" = Catalyst Control Center Graphics Light
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{532715CE-CFD6-E4F8-53C3-2F1DE31C04DA}" = CCC Help Hungarian
"{53B20C18-D8D4-4588-8737-9BBFE303C354}" = Windows Live Movie Maker
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{558CC8A3-F1A2-9C31-7B90-F61E476B8622}" = CCC Help Dutch
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5D76ABD5-262B-6D65-6C13-F38175C7A5AF}" = CCC Help Korean
"{5D92E608-E454-0C8C-D577-7F7C06151117}" = CCC Help Greek
"{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{79EECA21-CDFA-6012-5E8B-6CF2623D647A}" = Catalyst Control Center Graphics Full New
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE6BC10-6737-CD9D-8363-F919B8D6D917}" = Catalyst Control Center Core Implementation
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{80FBA7A7-ABD1-4910-A916-023075C45593}" = CCC Help Danish
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8797DE34-22BC-CA33-6B67-A0CC2765B545}" = CCC Help German
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89D1C17B-90DE-650A-073A-A7FA7BC6ECE5}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C664716-FD23-9902-A29E-863D056F46FC}" = CCC Help Russian
"{8F36B221-F483-B7CE-4DDA-7BDA4D81E306}" = CCC Help English
"{8FB16749-1235-D027-AF25-1D22A9FEC0D5}" = CCC Help Thai
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91A3A4DE-656A-5C7A-5B61-75FB6D167A6A}" = CCC Help Polish
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EDB805A-E11C-8842-2393-FDFDA17963AC}" = CCC Help Chinese Traditional
"{A16D1BBD-BE86-0183-4152-2E85FECC31F7}" = CCC Help Finnish
"{A19856E3-C9D7-988E-5B8C-70C87342B8DD}" = Catalyst Control Center Localization All
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.2 MUI
"{AD777154-A573-4FCA-C730-D7C33437262C}" = CCC Help Czech
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B66D2CC9-652D-EBE5-497F-74BBC1029FB4}" = CCC Help Japanese
"{B6A4D07E-725F-07CD-DE49-8AB76939631D}" = CCC Help Norwegian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BEWINTERNET-RTU}.UninstallSuite" = Internet Everywhere
"{BF930A5D-4F36-5158-C8DA-DECD5B51A78E}" = CCC Help Chinese Standard
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activer Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6FCE95C-0072-40C0-9AB2-3EF88DA6CED9}" = Catalyst Control Center Graphics Previews Common
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF166A93-835F-DF13-E974-FD73E8D7F4F6}" = CCC Help Swedish
"{E09F7D2B-C1C1-D80B-7775-6FFE9D713C60}" = CCC Help Spanish
"{E26EEBF8-3A50-8095-5877-AE243C8852EF}" = Catalyst Control Center Graphics Previews Vista
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{EC8049FF-B0E3-A963-408C-1B1D8F20DD55}" = CCC Help Italian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FD1D88FA-E5E0-BA76-73C8-7362E9703842}" = ccc-core-static
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"CardDetectorHUAWEI" = Card Detector for Huawei
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EasyBits Magic Desktop" = Magic Desktop
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FairUse Wizard 2" = FairUse Wizard 2
"FlashGet 3.3" = FlashGet 3.3
"FLVPlayer" = FLV Player 1.3.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"Net Transport_is1" = Net Transport 1.94.280
"QuickShot_is1" = QuickShot 1.52
"RealPlayer 12.0" = RealPlayer
"Samsung PC Studio 7" = Samsung PC Studio 7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"Windows Movie Maker 6.0" = Windows Movie Maker 6.0
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0

========== Last 10 Event Log Errors ==========

[ Media Center Events ]
Error - 14/12/2009 09:01:29 | Computer Name = SUPERTED | Source = MCUpdate | ID = 0
Description = 16:01:28 - Internet connexion error. 16:01:28 - Unable
to contact the service..

Error - 14/12/2009 09:02:10 | Computer Name = SUPERTED | Source = MCUpdate | ID = 0
Description = 16:01:58 - Erreur de connexion à Internet. 16:01:58 - Impossible
de contacter le service..

Error - 15/12/2009 09:52:17 | Computer Name = SUPERTED | Source = MCUpdate | ID = 0
Description = 16:52:17 - failure to rescue Directory (Error : operation has timed out.)

Error - 15/12/2009 09:55:25 | Computer Name = SUPERTED | Source = MCUpdate | ID = 0
Description = 16:54:44 - failure to rescue MCEClientUX (Error : operation has timed out.)

Error - 16/12/2009 09:19:33 | Computer Name = SUPERTED | Source = MCUpdate | ID = 0
Description = 16:19:33 - failure to rescue Directory (Error : the connexion
has been closed : an unexpected error occured during reception)


Error - 16/12/2009 09:21:34 | Computer Name = SUPERTED | Source = MCUpdate | ID = 0
Description = 16:21:34 - failure to rescue ClientUpdate (Error : operation has timed out.)

Error - 17/12/2009 09:52:07 | Computer Name = SUPERTED | Source = MCUpdate | ID = 0
Description = 16:52:07 - Internet connexion error. 16:52:07 - Unable
to contact the service..

Error - 17/12/2009 09:53:16 | Computer Name = SUPERTED | Source = MCUpdate | ID = 0
Description = 16:52:57 - Internet connexion error. 16:52:57 - Unable
to contact the service..

Error - 17/12/2009 10:54:14 | Computer Name = SUPERTED | Source = MCUpdate | ID = 0
Description = 17:54:13 - Internet connexion error. 17:54:13 - Unable
to contact the service..

Error - 17/12/2009 10:55:08 | Computer Name = SUPERTED | Source = MCUpdate | ID = 0
Description = 17:55:01 - Internet connexion error. 17:55:01 - Unable
to contact the service..

[ OSession Events ]
Error - 26/10/2009 19:28:04 | Computer Name = SUPERTED | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.

Error - 26/01/2010 10:03:11 | Computer Name = SUPERTED | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 281
seconds with 180 seconds of active time. This session ended with a crash.

Error - 26/01/2010 10:04:29 | Computer Name = SUPERTED | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 59
seconds with 0 seconds of active time. This session ended with a crash.

Error - 26/01/2010 10:05:18 | Computer Name = SUPERTED | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27/03/2010 15:32:38 | Computer Name = SUPERTED | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 55
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 02/06/2010 00:34:20 | Computer Name = SUPERTED | Source = EventLog | ID = 6008
Description = The previous shut down at 07:32:49 on ?02/?06/?2010 was not planned.

Error - 02/06/2010 12:29:42 | Computer Name = SUPERTED | Source = Service Control Manager | ID = 7030
Description = Lavasoft Ad-Aware Service is marked as being interactive. Nethertheless the system is set up not to authorize interative services. The service cannot work properly.

Error - 02/06/2010 15:33:38 | Computer Name = SUPERTED | Source = Disk | ID = 262155
Description = Driver detected an error on controller \Device\Harddisk2\DR2.

Error - 03/06/2010 02:34:52 | Computer Name = SUPERTED | Source = Disk | ID = 262155
Description = Driver detected an error on controller \Device\Harddisk2\DR2.

Error - 03/06/2010 11:47:39 | Computer Name = SUPERTED | Source = Disk | ID = 262155
Description = Driver detected an error on controller on \Device\Harddisk1\DR1.

Error - 03/06/2010 14:15:29 | Computer Name = SUPERTED | Source = Service Control Manager | ID = 7000
Description = Lavalys EVEREST Kernel Driver service could not start due to error : %%577

Error - 03/06/2010 14:15:29 | Computer Name = SUPERTED | Source = Service Control Manager | ID = 7000
Description = Lavalys EVEREST Kernel Driver service could not start due to error : %%577

Error - 03/06/2010 17:51:09 | Computer Name = SUPERTED | Source = Service Control Manager | ID = 7031
Description = Lavasoft Ad-Aware Service ended unexpectedly.
This happened 1 time. The following corrective action is going to happen in
5000 milliseconds : Restart the service.

Error - 03/06/2010 17:55:52 | Computer Name = SUPERTED | Source = Service Control Manager | ID = 7031
Description = Lavasoft Ad-Aware Service ended unexpectedly.
This happened 1 time. The following corrective action is going to happen in
5000 milliseconds : Restart the service.

Error - 04/06/2010 03:35:00 | Computer Name = SUPERTED | Source = EventLog | ID = 6008
Description = The previous shut down at 10:33:58 on ?04/?06/?2010 was not planned.


< End of report >


Edited by kony, 06 June 2010 - 01:07 AM.

  • 0

#4
RKinner
Posted 06 June 2010 - 02:10 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I'm not seeing any active malware. There may have been a MyDoom infestation at some time in the past:

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

http://www.f-secure..../mydoom_b.shtml

Copy the text between the lines of stars by highlighting and Ctrl + c
***********************************************************************
:OTL
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


You definitely need to uninstall Ad-Aware. It is not happy.

I would also uninstall

"FlashGet 3.3" = FlashGet 3.3
"Internet Download Manager" = Internet Download Manager
"{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager
"Net Transport_is1" = Net Transport 1.94.280

Too many download managers - they may be fighting each other.

You also have Magic Desktop which I'm not familiar with but presumably when you use the adult password you can operate normally.

Kaspersky has a firewall so it might be blocking your uploads. I'm not sure what protocol Yahoo uses to upload files.

Let's check your mbr:

ownload mbr.exe from

http://www2.gmer.net/mbr/mbr.exe

and save it to your desktop.


Then run it. It should create a log file on your desktop. Open it and copy the text and paste it into a reply.

Then run a couple of online scans. The first one may take a few hours.

Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Also do the BitDefender scan

http://www.bitdefend...nline/free.html

Ron
  • 0

#5
kony
Posted 06 June 2010 - 01:10 PM

kony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
hello Ron, thanx for your help.

yeah i'll definately remove 2 of my download managers which i don't really use, megamanager and IDM

now for AD AWARE i have no idea what's the problem, since each time i ran it in the past 3 days, everything went normally

for magic desktop, i had no idea what that was untill i googled it after u mentionned it being present in my system...i will consider removing it since i'm the only one to use my laptop

here are the reports...Bit defender scann seems to fail on my system (i trie dnumerous times with IE8 and Firefox)....on IE8 it doesn't go further than 62 %...will try again later

For the eset scann, god u were right, it took 8 hours !!! maybe i should have removed my 2 TO EXTERNAL HARD DISK BEFORE RUNNING THE SCANN

anyway here are the results

MBR

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: error reading MBR


OTL

OTL logfile created on: 06/06/2010 12:44:16 - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Program Files (x86)\MALWARE ERADICATION KITCHEN
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,92 Gb Total Space | 157,26 Gb Free Space | 55,19% Space Free | Partition Type: NTFS
Drive D: | 12,97 Gb Total Space | 2,17 Gb Free Space | 16,70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1863,01 Gb Total Space | 620,64 Gb Free Space | 33,31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPERTED
Current User Name: TEDDY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/05 19:36:35 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/05 19:36:17 | 001,352,320 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/02 00:16:36 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Program Files (x86)\MALWARE ERADICATION KITCHEN\OTL.exe
PRC - [2010/04/19 18:02:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3\firefox.exe
PRC - [2009/12/03 21:50:50 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2009/10/07 16:09:06 | 000,282,624 | R--- | M] (France Telecom SA) -- C:\Program Files (x86)\CardDetector\HUAWEI\CardDetector.exe
PRC - [2009/10/07 14:09:06 | 001,368,064 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Connection Kit\Deskboard\Deskboard.exe
PRC - [2009/10/07 14:09:06 | 001,110,016 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Connection Kit\Phonetools\TextMessaging.exe
PRC - [2009/10/07 14:09:06 | 001,007,616 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Connection Kit\Connectivity\ConnectivityManager.exe
PRC - [2009/10/07 14:09:06 | 000,725,744 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Connection Kit\Launcher\Launcher.exe
PRC - [2009/10/07 14:09:06 | 000,544,768 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Connection Kit\Connectivity\Corecom\CoreCom.exe
PRC - [2009/10/07 14:09:06 | 000,245,760 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Connection Kit\Systray\SystrayApp.exe
PRC - [2009/10/07 14:09:06 | 000,094,208 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
PRC - [2009/10/07 14:09:06 | 000,094,208 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
PRC - [2009/10/07 14:09:06 | 000,077,824 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2009/07/26 16:44:52 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/24 19:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009/07/23 21:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 12:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/02/20 14:22:34 | 004,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/12/06 01:48:08 | 000,699,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe
PRC - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/06/03 08:02:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2006/01/19 13:06:18 | 000,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files (x86)\Musicmatch\Musicmatch Jukebox\mm_tray.exe
PRC - [2006/01/19 13:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files (x86)\Musicmatch\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/01/19 13:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files (x86)\Musicmatch\Musicmatch Jukebox\mim.exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 00:16:36 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Program Files (x86)\MALWARE ERADICATION KITCHEN\OTL.exe
MOD - [2009/07/14 04:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 04:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 04:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/02 21:54:23 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/07/22 04:33:00 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 04:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 04:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 04:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 04:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 04:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 04:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 04:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 04:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 04:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 04:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 04:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 04:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 04:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/14 04:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 04:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 04:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 04:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 04:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 04:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 04:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (ezSharedSvc)
SRV:64bit: - [2009/07/14 04:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 04:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/03 00:16:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/03 00:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2010/06/05 19:36:17 | 001,352,320 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/20 19:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/10/07 14:09:06 | 000,077,824 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2009/07/14 06:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 06:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/14 04:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 04:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 23:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 23:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/22 21:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/05 19:39:23 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/12/11 13:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/11/17 07:55:54 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2009/10/14 20:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/02 18:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/26 09:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/09/14 13:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/09/01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/23 02:36:42 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/08/04 12:04:26 | 000,115,072 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/08/04 12:04:26 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009/07/22 04:33:00 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/21 06:39:00 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/15 02:16:00 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 04:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 04:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/14 04:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 04:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/14 04:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/14 04:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 04:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/14 04:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/14 04:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/14 03:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/14 03:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/14 03:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/14 03:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/14 03:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/14 03:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/14 03:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/14 03:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/14 03:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/14 03:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) Périphérique vidéo USB (WDM)
DRV:64bit: - [2009/07/14 03:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/14 03:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/14 03:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/14 03:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/14 03:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/14 03:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/14 03:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/14 02:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/14 02:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/14 02:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/14 02:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/14 02:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/14 02:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/14 02:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/14 02:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/14 01:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/03 00:51:00 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 21:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/29 20:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/11 00:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 00:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 00:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 00:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 23:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 23:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 23:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/05/02 16:34:30 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdsax64.sys -- (nmwcdsax64)
DRV:64bit: - [2007/05/02 16:33:38 | 000,017,408 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdsacjx64.sys -- (nmwcdsacjx64)
DRV:64bit: - [2007/05/02 16:33:36 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdsacx64.sys -- (nmwcdsacx64)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 04:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/14 04:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/11 00:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/11 00:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://fr.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.11.5
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:2.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/12/03 21:51:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/23 13:35:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3\components [2010/04/19 18:02:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3\plugins [2010/05/23 13:35:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 1\components [2009/11/23 21:26:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 1\plugins [2010/05/23 13:35:09 | 000,000,000 | ---D | M]

[2009/11/03 23:52:36 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Extensions
[2009/11/13 23:57:32 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions
[2009/11/03 23:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/11/08 10:43:26 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/11/03 23:53:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/05 23:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2009/11/03 23:53:42 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\[email protected]
[2009/11/04 00:03:56 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\[email protected]
[2009/11/08 01:20:33 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\0oaamba9.default\extensions\unplug@compunach
[2010/04/03 18:34:58 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\ftlo06dh.3avril2010\extensions
[2010/06/04 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\tjml7s8o.SUPERTED\extensions
[2010/03/30 19:58:07 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\TEDDY\AppData\Roaming\mozilla\Firefox\Profiles\tjml7s8o.SUPERTED\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/11/19 22:31:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/06/24 15:31:33 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/06/24 15:31:33 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/06/24 15:31:33 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/06/24 15:31:33 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/06/24 15:31:33 | 000,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\TEDDY\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (NTIECatcher Class) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files (x86)\Xi\NetTransport 2\NTIEHelper.dll (Xi)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BEWINTERNET-RTUSessionManager] C:\Program Files (x86)\Connection Kit\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorHUAWEI] C:\Program Files (x86)\CardDetector\HUAWEI\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [MimBoot] C:\Program Files (x86)\Musicmatch\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files (x86)\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [S60 PC Suite Tray] C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O8:64bit: - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files (x86)\Xi\NetTransport 2\NTAddLink.html ()
O8:64bit: - Extra context menu item: Download all by FlashGet3 - C:\Users\TEDDY\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Users\TEDDY\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm ()
O8:64bit: - Extra context menu item: Télécharger avec IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files (x86)\Xi\NetTransport 2\NTAddList.html ()
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files (x86)\Xi\NetTransport 2\NTAddLink.html ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\TEDDY\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\TEDDY\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files (x86)\Xi\NetTransport 2\NTAddList.html ()
O9:64bit: - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{a28185b4-d1e9-11de-9cb0-00269e262285}\Shell - "" = AutoRun
O33 - MountPoints2\{a28185b4-d1e9-11de-9cb0-00269e262285}\Shell\AutoRun\command - "" = G:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{e4f210d3-c398-11de-87f8-00269e262285}\Shell - "" = AutoRun
O33 - MountPoints2\{e4f210d3-c398-11de-87f8-00269e262285}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/06 12:34:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/05 19:44:28 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/06/05 19:44:03 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/06/04 01:10:43 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\AppData\Roaming\Malwarebytes
[2010/06/04 01:10:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/04 01:10:32 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/06/04 01:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/04 01:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/04 01:02:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/04 01:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/06/04 00:50:46 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\Documents\MALWARE ERADICATION KITCHEN
[2010/06/04 00:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWARE ERADICATION KITCHEN
[2010/06/03 21:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2010/06/03 21:14:29 | 004,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Program Files (x86)\everesthome220.exe
[2010/06/03 10:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/06/03 10:02:32 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\AdSigner
[2010/06/03 09:36:39 | 003,387,040 | ---- | C] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup232.exe
[2010/06/02 21:54:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/06/02 21:54:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/06/02 19:27:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/02 19:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/06/02 19:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/06/02 19:25:09 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Program Files (x86)\Ad-AwareInstaller.exe
[2010/05/27 20:51:47 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\Documents\District 9
[2010/05/03 17:33:06 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\Documents\PHOTOS CHINE
[2010/05/03 05:23:21 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\Documents\Mes fichiers reçus
[2010/03/30 21:25:16 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\Documents\Downloads
[2010/03/30 21:25:11 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\AppData\Roaming\IDM
[2010/03/30 21:25:11 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\AppData\Roaming\DMCache
[2010/03/30 21:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2010/03/30 19:57:19 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\AppData\Roaming\BITS
[2010/03/30 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\TEDDY\AppData\Roaming\FlashGetBHO
[2010/03/30 19:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet Network
[2010/03/30 19:55:47 | 006,146,304 | ---- | C] (Trend Media Corporation Limited.) -- C:\Program Files (x86)\flashget3.3.0.1092en.exe

========== Files - Modified Within 90 Days ==========

[2010/06/06 12:49:00 | 005,242,880 | -HS- | M] () -- C:\Users\TEDDY\ntuser.dat
[2010/06/06 12:45:08 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 12:45:08 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 12:37:49 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/06 12:37:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/06 12:37:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/06 12:37:30 | 3195,420,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/06 12:35:18 | 004,261,417 | -H-- | M] () -- C:\Users\TEDDY\AppData\Local\IconCache.db
[2010/06/06 12:17:57 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/06 09:58:37 | 000,038,186 | ---- | M] () -- C:\Users\TEDDY\Documents\Nouveau Document Word 2007.docx
[2010/06/06 09:24:56 | 000,000,336 | ---- | M] () -- C:\Windows\SysWow64\secustat.dat
[2010/06/05 19:44:00 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/06/05 19:39:23 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/06/05 09:45:02 | 001,524,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/05 09:45:02 | 000,695,004 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/06/05 09:45:02 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/05 09:45:02 | 000,127,684 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/06/05 09:45:02 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/05 09:15:38 | 000,768,512 | ---- | M] () -- C:\Users\TEDDY\Documents\MON COMPTE.xls
[2010/06/04 11:12:37 | 000,052,537 | ---- | M] () -- C:\Users\TEDDY\Documents\Gmer when launched.JPG
[2010/06/04 11:11:44 | 000,050,532 | ---- | M] () -- C:\Users\TEDDY\Documents\GMR no modification.JPG
[2010/06/04 01:10:36 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/04 01:02:27 | 000,000,909 | ---- | M] () -- C:\Users\TEDDY\Desktop\ERUNT.lnk
[2010/06/03 21:15:08 | 000,001,106 | ---- | M] () -- C:\Users\TEDDY\Desktop\EVEREST Home Edition.lnk
[2010/06/03 18:29:47 | 000,084,240 | ---- | M] () -- C:\Users\TEDDY\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/03 18:28:50 | 000,354,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/03 10:48:54 | 000,001,889 | ---- | M] () -- C:\Users\TEDDY\Desktop\CCleaner.lnk
[2010/06/03 09:42:15 | 000,049,664 | ---- | M] () -- C:\Users\TEDDY\Documents\ARCHIVES DISQUE DUR.xls
[2010/06/02 19:52:44 | 000,000,891 | ---- | M] () -- C:\Windows\SysWow64\secushr.dat
[2010/06/02 19:27:15 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/02 07:34:24 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTEDDY.job
[2010/06/01 20:18:30 | 000,303,370 | ---- | M] () -- C:\Users\TEDDY\Documents\shopping cart preview.jpg
[2010/06/01 20:00:27 | 000,101,402 | ---- | M] () -- C:\Users\TEDDY\Documents\mural customized.JPG
[2010/06/01 01:10:35 | 000,330,752 | ---- | M] () -- C:\Users\TEDDY\Documents\MES CONGES.xls
[2010/05/26 12:36:41 | 003,387,040 | ---- | M] (Piriform Ltd) -- C:\Program Files (x86)\ccsetup232.exe
[2010/05/05 15:45:03 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/05/05 15:45:03 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/05/01 08:49:52 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/05/01 08:08:46 | 000,002,563 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 7.lnk
[2010/05/01 08:08:23 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/30 19:57:33 | 000,000,025 | ---- | M] () -- C:\Windows\libem.INI
[2010/03/30 19:57:26 | 000,001,217 | ---- | M] () -- C:\Users\TEDDY\Desktop\FlashGet 3.3.lnk
[2010/03/21 19:19:47 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/03/12 17:06:29 | 000,015,620 | ---- | M] () -- C:\Users\TEDDY\AppData\Roaming\NMM-MetaData.db
[2010/03/10 03:35:00 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWow64\ezsvc7x.dll

========== Files Created - No Company Name ==========

[2010/06/06 12:34:04 | 036,233,216 | ---- | C] () -- C:\Users\TEDDY\Documents\DEMO B-FULL RECORDING-38 Minutes.mp3
[2010/06/06 12:28:10 | 035,710,976 | ---- | C] () -- C:\Users\TEDDY\Documents\DEMO A-FULL RECORDING-38 Minutes.mp3
[2010/06/06 10:40:44 | 002,610,739 | ---- | C] () -- C:\Users\TEDDY\Documents\000007.jpg
[2010/06/06 10:40:44 | 002,511,230 | ---- | C] () -- C:\Users\TEDDY\Documents\000008.jpg
[2010/06/06 10:40:44 | 001,981,762 | ---- | C] () -- C:\Users\TEDDY\Documents\000003.jpg
[2010/06/06 10:40:44 | 001,956,273 | ---- | C] () -- C:\Users\TEDDY\Documents\000002.jpg
[2010/06/06 10:40:44 | 001,871,776 | ---- | C] () -- C:\Users\TEDDY\Documents\000005.jpg
[2010/06/06 10:40:44 | 001,824,112 | ---- | C] () -- C:\Users\TEDDY\Documents\000001.jpg
[2010/06/06 10:40:44 | 001,745,815 | ---- | C] () -- C:\Users\TEDDY\Documents\000006.jpg
[2010/06/06 10:40:44 | 001,689,286 | ---- | C] () -- C:\Users\TEDDY\Documents\000009.jpg
[2010/06/06 10:40:44 | 001,507,715 | ---- | C] () -- C:\Users\TEDDY\Documents\000004.jpg
[2010/06/06 10:36:12 | 002,571,833 | ---- | C] () -- C:\Users\TEDDY\Documents\IMG_1967.JPG
[2010/06/06 10:36:12 | 002,147,300 | ---- | C] () -- C:\Users\TEDDY\Documents\IMG_1969.JPG
[2010/06/06 10:36:12 | 002,030,777 | ---- | C] () -- C:\Users\TEDDY\Documents\IMG_1970.JPG
[2010/06/06 10:36:12 | 002,009,801 | ---- | C] () -- C:\Users\TEDDY\Documents\IMG_1971.JPG
[2010/06/06 09:58:25 | 000,038,186 | ---- | C] () -- C:\Users\TEDDY\Documents\Nouveau Document Word 2007.docx
[2010/06/04 11:12:37 | 000,052,537 | ---- | C] () -- C:\Users\TEDDY\Documents\Gmer when launched.JPG
[2010/06/04 11:11:43 | 000,050,532 | ---- | C] () -- C:\Users\TEDDY\Documents\GMR no modification.JPG
[2010/06/04 01:10:36 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/04 01:02:27 | 000,000,909 | ---- | C] () -- C:\Users\TEDDY\Desktop\ERUNT.lnk
[2010/06/03 21:15:08 | 000,001,106 | ---- | C] () -- C:\Users\TEDDY\Desktop\EVEREST Home Edition.lnk
[2010/06/03 10:48:54 | 000,001,889 | ---- | C] () -- C:\Users\TEDDY\Desktop\CCleaner.lnk
[2010/06/02 21:47:39 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/06/02 19:27:15 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/06/01 20:18:30 | 000,303,370 | ---- | C] () -- C:\Users\TEDDY\Documents\shopping cart preview.jpg
[2010/06/01 20:00:27 | 000,101,402 | ---- | C] () -- C:\Users\TEDDY\Documents\mural customized.JPG
[2010/05/17 21:05:09 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForTEDDY.job
[2010/04/06 21:55:23 | 000,330,752 | ---- | C] () -- C:\Users\TEDDY\Documents\MES CONGES.xls
[2010/03/31 21:04:50 | 000,000,336 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2010/03/30 19:58:49 | 000,000,891 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2010/03/30 19:57:33 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/03/30 19:57:26 | 000,001,217 | ---- | C] () -- C:\Users\TEDDY\Desktop\FlashGet 3.3.lnk
[2010/03/21 19:19:47 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/12/19 23:09:50 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/15 18:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/06/06 09:24:56 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\BITS
[2010/05/31 08:10:42 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\DMCache
[2010/03/30 19:57:18 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\FlashGet
[2010/03/30 19:57:16 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\FlashGetBHO
[2010/03/31 20:08:48 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\IDM
[2009/12/06 15:52:21 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\Megaupload
[2009/10/27 02:45:31 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\Musicmatch
[2009/11/23 19:57:50 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\PC Suite
[2010/01/21 20:20:32 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\PhotoFiltre
[2010/02/04 07:50:51 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\Samsung
[2010/05/04 04:14:50 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\uTorrent
[2010/06/01 20:20:00 | 000,000,000 | ---D | M] -- C:\Users\TEDDY\AppData\Roaming\VSO
[2009/07/14 08:08:49 | 000,024,700 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >




ESET

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f6334b71061aeb4f93eb52d9f71bc638
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-06 06:36:25
# local_time=2010-06-06 09:36:25 )
# country="France"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1280 16777215 100 0 18539394 18539394 0 0
# compatibility_mode=5893 16776574 100 94 314138 27448865 0 0
# compatibility_mode=8192 67108863 100 0 455 455 0 0
# scanned=329269
# found=0
# cleaned=0
# scan_time=30370


  • 0

#6
RKinner
Posted 07 June 2010 - 10:27 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I'm not happy with mbr's results but not sure what we can do about it. 64 bit Win7 doesn't let many of our tools run. Eset didn't find anything and your other logs look clean so I don't think it's malware.

I just ran a test to attach files to yahoo. They don't use anything but HTML so the Kaspersky firewall shouldn't care.

I know Yahoo is very fond of setting cookies and will not work correctly if it is not allowed to read or write its cookies. Have you done anything recently to keep it from doing so? In IE, Tools, Internet Options, Privacy. Make sure it is set to Medium. Then under Security it should be Medium High. If you make any changes, make sure you apply them then restart IE and try again.

Start, Programs, Mozila Firefox, Mozila FireFox (Safe Mode) and try it now. This eliminates any add-ons which might be blocking us.


I don't see the usual
127.0.0.1 localhost
::1 localhost

in your hosts file in the OTL log but OTL has problems with 64bits. Wouldn't hurt to verify that it is there.

Start, Programs, Accessories, then right click on Command Prompt and select Run As Administrator.

cd \windows\system32\driver\etc

(SPACE after cd. Prompt should show you are in etc directory.)

attrib -r -h -s hosts

(SPACE before each - and before hosts. Prompt should return without an error.)

notepad hosts

(SPACE before hosts)

This is what you should see more or less:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#	  102.54.94.97	 rhino.acme.com		  # source server
#	   38.25.63.10	 x.acme.com			  # x client host

127.0.0.1	   localhost
::1			 localhost



The lines that start with # can be ignored. The first localhost entry is required for standard TCP. The second one is for future use. Delete anything below these two. (Add them if they are missing). File, Save and Exit. (I have had problems getting Vista to save this file so it may not work for Win7 either so hopefully you don't really need to change it.

Have you tried gmail.com? Get an account there and see if they will let you attach files.

Ron
  • 0

#7
kony
Posted 08 June 2010 - 01:52 PM

kony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
hello Ron,

Thanx for your reply...

I first followed your advice and created a gmail account...and there again the same limitation as in yahoo or hotmail appear : any file above the 110 - 130 ko size would just fail...

I notice nethertheless while yahoo or hotmail would not attach files above 110 ko any more, gmail push that limit up to files around 130-140 ko...

This was done under firefox (safe mode as u suggested)

And i also checked my cookies settings under IE8 are they are at medium ...and internet security was already set at medium high

so nothing wrong on that side

As u may see on the pix i tried to attach to this post I also did the command prompt thing and the first line you asked me to type (cd \windows\system32\driver\etc) i just copied and pasted it then it wrote something under the line "specified root/adress could not be found"

then the second prompt you told me to type (attrib -r -h -s hosts), the result was "file could not be found - hosts"

now after i created my gmail account and i noticed attachment of files over 130 ko were failing, i clicked on "gmail help on attachment" and among the many reasons they gave for attachment failure they mentioned this can happen when flash (adobe) is not installed in one's system

i know for sure flash is on my system since i updated it some weeks ago...but out of desperation i'll try to give that a closer look tomorow and will download it again

though i'm sure it's not the reasons of my problem...

PS : i'm just doing now a test on that very post to check my upload capabilities : the printscreen about the prompt command is just 40 ko so this should go

but i also try to upload a 200 ko pix to check the result on that post

Attached Thumbnails

  • Capture.JPG

Edited by kony, 08 June 2010 - 02:06 PM.

  • 0

#8
kony
Posted 08 June 2010 - 02:05 PM

kony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
it seems the attachment of the larger 200 ko files inside this post failed...so more than an email attachment issue it seems my general issue is regarding uploading capabilities...but why this happens all of a sudden (since 5 days) when it never did this before

and why my friend who has the exact same internet connection as me in my home does not have this problem on his computer (i already tried to put my orange internet 3G simcard into his computer and it doesn't get those uploading problems )??
  • 0

#9
RKinner
Posted 08 June 2010 - 06:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OTL claims the hosts file is in:
C:\Windows\SysNative\drivers\etc\hosts

but in the past I have been told it was in C:\Windows\System32\drivers\etc\hosts

I don't have a 64 bit system yet so can't be sure.

See if you can create the file hosts - From notepad, just type in

127.0.0.1 localhost

then File, Save As, to \windows\system32\drivers\etc "hosts" OK. (You need the quotes around the file name or it will add a .txt to the name which won't work.)

We have had reports of TDSS infections keeping you from posting large posts but the limit was more like 10K. I wonder if TDSSKiller will run.

  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Ron
  • 0

#10
kony
Posted 09 June 2010 - 09:10 AM

kony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
hello Ron,

i tried to create the hosts files but then i realized it already exists at this location :\windows\system32\drivers\etc "hosts"

so i decided not to overwrite it

This is what is included in the original file:

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost


For TDSS i think the procedure you advised me failed due to me running x64 operating system it seems...it didn't even rebooted...i then clicked directly on the TDSS exe file on my desktop but it said the same thing


18:05:33:220 4276 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
18:05:33:220 4276 ================================================================================
18:05:33:220 4276 SystemInfo:

18:05:33:220 4276 OS Version: 6.1.7600 ServicePack: 0.0
18:05:33:220 4276 Product type: Workstation
18:05:33:221 4276 ComputerName: SUPERTED
18:05:33:221 4276 UserName: TEDDY
18:05:33:221 4276 Windows directory: C:\Windows
18:05:33:222 4276 Running under WOW64
18:05:33:222 4276 Processor architecture: Intel x64
18:05:33:222 4276 Number of processors: 2
18:05:33:222 4276 Page size: 0x1000
18:05:33:230 4276 Boot type: Normal boot
18:05:33:230 4276 ================================================================================
18:05:33:230 4276 Utility doesn't support x64 operating systems!
18:05:33:231 4276 KLMD_Unload(ARK) error 87


Edited by kony, 09 June 2010 - 09:13 AM.

  • 0

Advertisements

#11
RKinner
Posted 09 June 2010 - 11:22 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Thanks for the text of the hosts file. Interesting that on 64 bit they no longer need the localhost stuff. Appears we are barking up the wrong tree there. Sorry.

Looks like we can't get there from here with TDSSKiller either.

Did we try Safe Mode with Networking and see if the problem remains?

Reboot and when you hear the beep, see the maker's logo or it tells you to hit F8, start tapping F8 slowly. Keep tapping until it gets to the Safe Mode Menu. Select Safe Mode with Networking. Test an upload then reboot back into regular mode.

Start, Programs, Accessories, then Right Click on Command Prompt and select Run As Administrator

ping -n 100 f1.com

(ping SPACE -n SPACE 100 SPACE F ONE .com. When it finishes - did it lose any pings?)

You might check with your ISP to make sure they haven't put a throttle on your link for some reason.

Ron
  • 0

#12
kony
Posted 09 June 2010 - 01:07 PM

kony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ok thanx, i tried safe mode with network...but couldn't connect to the internet since when i tried launching my orange 3g network, i got a "corecom whatever" is missing so couldn't work

then i did the ping and then the message i got was ping request couldn't locate the f1.com host, asking me to check the name and try again

for my ISP i doubt it comes from there otherwise when my friend is using my orange simcard in his 3G connector he would get the same issue as me...but we did the test and he doesn't have any upload issue...

i think after all that it seems the last resort is to reinstall windows which i really didn't want to do

but first i will go to orange and try with a wired connection to see if i see any change.

thanx for your help Ron

Edited by kony, 09 June 2010 - 01:08 PM.

  • 0

#13
RKinner
Posted 09 June 2010 - 02:34 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Suspicious that it can't resolve f1.com.

Should be:

Name: fi.com
Address: 207.214.127.24

Try

ping -n 100 207.214.127.24


Also try

nslookup

server 4.2.2.1
(SPACE before 4)

f1.com



If that works you may have a DNS hijacker.

1. Click "Start," (click "Settings,") click "Control Panel," click "Network and Sharing Center," and then click "View Status", Click "Properties,"
2. Click on Internet Protocol Version 4 (TCP/IPv4) (On the text not the check box) then Click on Properties

3. Click "Use the following DNS server addresses," and then type 4.2.2.1 in the Preferred DNS server box.

4. Click "OK" and close all of the windows that have opened.

Reboot and try again.

Ron
  • 0

#14
kony
Posted 09 June 2010 - 03:12 PM

kony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
what is a DNS hijacker exactly ? let me google it...wow that sounds scary and most of all it looks as if it's a common practice on the way to fishing activities !!!

what can i do to be sure that's what i'm dealing with ?

i tried the 2 command prompts you gave me and here are the printscreens...but i have to admit i'm a bit reluctant to play with my computer's DNS figures.


are u familiar with "hijack this" i just read about it on the net as a DNS hijacker remover ? i wonder if that could be a good thing to try...but god i've been installing so many malware remover tools on my laptop lately i'm just confused :http://www.hijackthis.de/en

let me try to download this

Attached Thumbnails

  • Capture.JPG

  • 0

#15
kony
Posted 09 June 2010 - 03:17 PM

kony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
so the first ping which i posted the pix above was given as a result "waiting time timed out"

here is the second

Attached Thumbnails

  • Capture_1.JPG

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP