Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus No Access


  • This topic is locked This topic is locked

#1
tttezzza

tttezzza

    Member

  • Member
  • PipPip
  • 31 posts
Hi,

I hope someone can help, I initially caught a redirect virus, and have been unable to run .exe programs.

I've tried a lot of different things, followed the instructions that are given but nothing works. Now i cant use the internet!

I've tried combofix, rkill (although it now gets detected as a virus), MBAM, tdsskiller etc etc, things run but dont get rid of this virus.. :)

Thank you in advance for your help.

Tezza

PS Here's my HJThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:49, on 04/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\TVTool\TVTool.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Thierry 200910\Desktop\His.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://88.191.120.211:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Spyhunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [TVTool] "C:\Program Files\TVTool\TVTool.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bit...m/qsax/qsax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1255191831465
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-31-0.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.c...oad/vexcast.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail....ol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3B3A3FD-03D2-49EF-95B2-A870D4D2BDBA}: NameServer = 87.194.255.155
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)
--
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, tttezzza! Welcome to GeeksToGo! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Now let's get started!


Step 1.


Now i cant use the internet!

If you cannot you will need a flash drive. Please prepare the drive and your clean computer for use by performing the following procedure to protect your clean computer and your flash drive:

Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

You will need to download the programs in the following steps to your clean computer that has internet service, copy them onto the flash drive, and then insert the flash drive in your infected computer and copy them to the desktop.

Step 2.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it. If it does not run just go on to Step 3.

Click the "Scan" button to start scan
Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 3.

  • Download OTL to your Desktop
    If you still cannot run exe files try these two downloads, one is a .com and the other a .scr.
    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Select Use Safe List under Extra Registry
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT


    or here is a text file for you to copy over to the infected computer, you can then place the contents the Custom Scans/Fixes box.

    Attached File  scan.txt   270bytes   40 downloads
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open OTL.Txt in Notepad window and the Extras.txt file on the task bar.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file, the Extras.txt file, and post them with your next reply.


Step 4.

Post:
aswMBR log (if you can run it)
OTL.txt
Extras.txt
Copies of all the logs of tools you have already run.

Edited by CompCav, 07 October 2011 - 07:34 AM.

  • 0

#3
tttezzza

tttezzza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi CompCav,

A big thank you for trying to help me and sorry for slightly slow reply I was busy with work towards the end of the week.

I've followed your instructions and am posting the log for aswMBR.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-08 14:34:38
-----------------------------
14:34:38.109 OS Version: Windows 5.1.2600 Service Pack 3
14:34:38.109 Number of processors: 2 586 0x4303
14:34:38.109 ComputerName: THIERRY UserName:
14:34:38.843 Initialize success
14:34:40.093 AVAST engine defs: 11090601
14:34:55.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:34:55.328 Disk 0 Vendor: Maxtor_6Y080P0 YAR41BW0 Size: 78167MB BusType: 3
14:34:55.343 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
14:34:55.343 Disk 1 Vendor: ST3250820A 3.AAF Size: 238475MB BusType: 3
14:34:57.375 Disk 0 MBR read successfully
14:34:57.375 Disk 0 MBR scan
14:34:57.375 Disk 0 Windows XP default MBR code
14:34:57.390 Disk 0 scanning sectors +160055595
14:34:57.484 Disk 0 scanning C:\WINDOWS\system32\drivers
14:35:18.468 Service scanning
14:35:21.031 Service Bdfndisf C:\WINDOWS\system32\DRIVERS\bdfndisf.sys **LOCKED** 32
14:35:22.203 Modules scanning
14:35:28.921 Disk 0 trace - called modules:
14:35:28.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:35:28.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ef3ab8]
14:35:28.953 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000083[0x86efbe98]
14:35:28.953 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86f98d98]
14:35:29.218 AVAST engine scan C:\WINDOWS
14:35:39.171 AVAST engine scan C:\WINDOWS\system32
14:35:46.968 File: C:\WINDOWS\system32\bcmwltry.exe **INFECTED** Win32:Patched-WQ [Trj]
14:38:40.546 AVAST engine scan C:\WINDOWS\system32\drivers
14:38:56.593 AVAST engine scan C:\Documents and Settings\Thierry 200910
14:40:43.500 File: C:\Documents and Settings\Thierry 200910\DoctorWeb\Quarantine\scdemu.sys **INFECTED** Win32:Alureon-AJI [Rtk]
14:45:58.796 AVAST engine scan C:\Documents and Settings\All Users
14:48:46.421 Scan finished successfully
14:50:23.953 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
14:50:24.078 The log file has been saved successfully to "F:\aswMBR.txt"


If that's useful i also post the log from HJT that i ran the other day:

HJThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:49, on 04/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\TVTool\TVTool.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Thierry 200910\Desktop\His.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://88.191.120.211:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Spyhunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [TVTool] "C:\Program Files\TVTool\TVTool.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bit...m/qsax/qsax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1255191831465
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-31-0.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.c...oad/vexcast.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail....ol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3B3A3FD-03D2-49EF-95B2-A870D4D2BDBA}: NameServer = 87.194.255.155
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)


Thanks again + have a good week end.
T
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please do Step 3. as well in my previous post (#2) :)

Thanks,

CompCav
  • 0

#5
tttezzza

tttezzza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi,
Sorry i missed that.. i thought it was only if step 2 did not work :)

here is the resulting log from OTL

OTL logfile created on: 08/10/2011 15:21:46 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Thierry 200910\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.42 Mb Total Physical Memory | 511.41 Mb Available Physical Memory | 50.02% Memory free
2.40 Gb Paging File | 1.85 Gb Available in Paging File | 76.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 36.46 Gb Free Space | 47.77% Space Free | Partition Type: NTFS
Drive D: | 585.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 232.88 Gb Total Space | 152.53 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive F: | 983.70 Mb Total Space | 980.11 Mb Free Space | 99.63% Space Free | Partition Type: FAT

Computer Name: THIERRY | User Name: Thierry 200910 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/08 12:54:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.exe
PRC - [2011/09/06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/06/24 15:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/02/06 14:35:14 | 000,843,144 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2010/09/20 06:07:02 | 000,185,784 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2010/03/25 03:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/01/11 22:40:47 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2010/01/11 22:40:46 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 11:20:06 | 002,157,064 | ---- | M] (Xpertvision, Inc.) -- C:\Program Files\XpertVision\TBPANEL.exe
PRC - [2006/08/11 15:56:02 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2004/09/19 15:59:00 | 000,368,128 | ---- | M] () -- C:\Program Files\TVTool\TVTOOL.exe
PRC - [2004/02/23 16:51:32 | 000,032,768 | ---- | M] (XPDisable0Conf) -- C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\WinXPDisableZeroConfigation.exe
PRC - [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
PRC - [2002/04/12 14:39:24 | 000,155,715 | ---- | M] () -- C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/04 22:43:58 | 000,055,816 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
MOD - [2011/09/06 21:11:46 | 001,385,984 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090601\algo.dll
MOD - [2011/09/05 09:17:50 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090601\aswRep.dll
MOD - [2011/06/24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/06/12 00:33:46 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
MOD - [2011/06/12 00:28:28 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
MOD - [2011/06/12 00:28:08 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
MOD - [2011/06/12 00:27:40 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
MOD - [2011/06/12 00:27:18 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
MOD - [2011/06/12 00:27:02 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
MOD - [2011/06/12 00:26:26 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
MOD - [2011/06/12 00:26:05 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
MOD - [2011/06/12 00:25:53 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/06/12 00:25:32 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2011/06/12 00:22:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/06/07 11:13:56 | 000,592,896 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2011/06/07 11:13:56 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2011/06/07 11:13:54 | 000,367,104 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2011/06/07 11:13:54 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2010/12/19 01:18:39 | 000,243,112 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2010/11/02 08:39:46 | 000,866,152 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2010/09/20 06:07:14 | 000,516,864 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\sqlite3.dll
MOD - [2010/01/11 22:40:47 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
MOD - [2010/01/11 22:40:47 | 000,241,664 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\seccenter.ui
MOD - [2009/10/10 17:54:45 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\txmlutil.dll
MOD - [2009/10/10 17:54:42 | 000,073,728 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\tuneupconp.dll
MOD - [2009/10/10 17:54:36 | 000,126,976 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\hmcore.dll
MOD - [2009/10/10 17:54:34 | 000,010,240 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\dbokf.dll
MOD - [2009/10/10 17:54:24 | 000,155,648 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\bdfltlib.dll
MOD - [2009/10/10 17:54:15 | 000,172,032 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\agentreg.dll
MOD - [2009/10/10 17:54:14 | 000,045,056 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\actxcont.dll
MOD - [2009/10/10 17:54:02 | 000,003,584 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\encryption.ui
MOD - [2009/10/10 17:54:01 | 000,009,728 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\bdshelxt.ui
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/01/08 18:53:00 | 001,482,752 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/01/08 18:53:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/04/18 17:11:26 | 000,196,608 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\libexpatw.dll
MOD - [2007/01/31 11:31:06 | 000,032,768 | ---- | M] () -- C:\Program Files\XpertVision\TBPanelExt.dll
MOD - [2004/09/19 15:59:00 | 000,368,128 | ---- | M] () -- C:\Program Files\TVTool\TVTOOL.exe
MOD - [2003/08/25 15:55:00 | 000,006,144 | ---- | M] () -- C:\Program Files\TVTool\TVTOOL.DLL
MOD - [2002/04/12 14:39:24 | 000,155,715 | ---- | M] () -- C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
MOD - [2000/06/12 15:14:50 | 000,360,518 | ---- | M] () -- C:\Program Files\SEC\Natural Color\LowCMS.dll
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\XpertVision\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WLTRYSVC)
SRV - File not found [Auto | Stopped] -- -- (NVSvc)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (LIVESRV)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (Creative Service for CDROM Access)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/11 22:40:46 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2009/10/10 17:53:48 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/07/17 13:06:56 | 000,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2003/03/09 05:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/10/02 19:24:07 | 000,060,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Thierry 200910\Desktop\TrueSight.sys -- (TrueSight)
DRV - [2011/09/06 21:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 21:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 21:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 21:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 21:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 21:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 21:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/06/16 10:22:50 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/06/16 10:22:50 | 000,076,088 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/06/07 11:13:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/05/13 23:05:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/10 17:54:45 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/10/10 17:54:45 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/10/10 17:54:45 | 000,104,456 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2009/10/10 17:54:29 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
DRV - [2009/10/10 17:53:53 | 000,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2009/10/10 17:53:51 | 000,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/10/10 17:53:51 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/10/10 17:53:48 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/10/10 15:27:24 | 000,015,648 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 17:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/04/13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006/09/11 12:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 12:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/21 11:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/11 15:56:36 | 000,008,192 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT)
DRV - [2006/08/11 15:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 15:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 15:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 15:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 15:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 15:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 15:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 15:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 15:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/10 18:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/10/08 02:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/14 16:29:50 | 000,350,299 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VdCap03C.sys -- (Cam5603C)
DRV - [2004/02/19 10:51:00 | 000,300,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [1996/04/03 19:33:00 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\TVTool\TVTOOL.SYS -- (tvtool)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http://88.191.120.211:3128

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2011/02/06 14:43:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/04 12:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2007/10/09 22:56:20 | 000,000,000 | ---D | M]

[2011/02/20 11:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Thierry 200910\Application Data\Mozilla\Extensions
[2011/02/20 11:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Thierry 200910\Application Data\Mozilla\Extensions\[email protected]
[2011/06/17 23:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/11 22:40:47 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/25 14:12:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Spyhunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe ()
O4 - HKLM..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [TVTool] C:\Program Files\TVTool\TVTool.exe ()
O4 - HKLM..\Run: [XpDis0Conf] C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\WinXPDisableZeroConfigation.exe (XPDisable0Conf)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1255191831465 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} http://java.sun.com/...-131_03-win.cab (Java Plug-in 1.3.1_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.c...oad/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{747C9916-C4E9-4B43-808B-7825DC44090B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3B3A3FD-03D2-49EF-95B2-A870D4D2BDBA}: NameServer = 87.194.255.155
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/09 21:12:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011/10/08 12:50:06 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/08 15:17:41 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.exe
[2011/10/08 14:34:34 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Thierry 200910\Desktop\aswMBR.exe
[2011/10/04 23:15:37 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/10/04 23:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/10/04 23:15:36 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/10/04 23:15:33 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/10/04 23:15:33 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/10/04 23:15:32 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/10/04 23:15:31 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/10/04 23:15:31 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/10/04 23:15:31 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/10/04 23:15:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/04 23:14:52 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/10/04 23:14:52 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/10/02 19:14:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Thierry 200910\Recent
[2011/10/02 19:14:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/26 22:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\DoctorWeb
[2011/09/25 23:09:52 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thierry 200910\Desktop\tdsskiller.exe
[2011/09/25 22:59:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/25 19:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\SecurityXploded
[2011/09/25 18:44:58 | 000,167,864 | ---- | C] (Webroot) -- C:\Documents and Settings\Thierry 200910\Desktop\antizeroaccess.exe
[2011/09/25 18:05:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/09/25 13:58:41 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipsec.svs
[2011/09/25 13:54:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/25 13:53:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/25 13:53:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Thierry 200910\Start Menu\Programs\Administrative Tools
[2011/09/25 13:40:16 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Thierry 200910\Desktop\His.exe
[2011/09/24 22:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/24 22:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/24 21:59:46 | 000,000,000 | ---D | C] -- C:\RRTVAULT
[2011/09/24 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\Application Data\SUPERAntiSpyware.com
[2011/09/24 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/23 22:32:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/23 21:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\Desktop\RK_Quarantine
[2011/09/23 20:28:31 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/23 20:28:31 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/09/23 20:28:11 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/09/21 22:28:30 | 001,403,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thierry 200910\Desktop\thierry.com
[2011/09/20 22:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\Application Data\QuickScan
[2011/09/20 21:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/20 20:43:55 | 000,186,946 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Thierry 200910\Desktop\AntiPuper.exe
[2011/09/20 20:41:16 | 000,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Thierry 200910\Desktop\KillBox.exe
[2007/10/09 22:10:25 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/08/11 15:43:00 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/08 15:26:04 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2011/10/08 15:12:13 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2011/10/08 14:54:16 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/08 14:51:08 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1003UA.job
[2011/10/08 14:28:23 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.CDF
[2011/10/08 14:28:08 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/08 14:27:42 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/08 14:27:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/08 12:54:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.exe
[2011/10/08 12:54:34 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Thierry 200910\Desktop\aswMBR.exe
[2011/10/04 23:53:23 | 000,033,232 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/04 23:53:23 | 000,033,232 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/04 23:53:23 | 000,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/04 23:53:23 | 000,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/04 23:53:23 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/04 23:53:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/10/04 23:53:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/10/04 23:53:08 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.BAK
[2011/10/04 23:15:38 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/04 23:15:32 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/02 19:24:07 | 000,060,800 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\TrueSight.sys
[2011/09/26 21:40:08 | 077,904,616 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\launch.exe
[2011/09/25 23:08:14 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thierry 200910\Desktop\tdsskiller.exe
[2011/09/25 19:51:29 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\SpyDLLRemover.lnk
[2011/09/25 18:33:58 | 000,167,864 | ---- | M] (Webroot) -- C:\Documents and Settings\Thierry 200910\Desktop\antizeroaccess.exe
[2011/09/25 17:04:28 | 000,456,828 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\GrantPerms.exe
[2011/09/25 14:12:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/25 13:28:31 | 000,000,239 | -HS- | M] () -- C:\boot.ini
[2011/09/24 21:59:46 | 000,005,036 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ihfeumzb.qzk
[2011/09/24 21:53:30 | 004,223,304 | R--- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\CopFix.exe
[2011/09/24 21:48:46 | 058,948,168 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\setup_av_free.exe
[2011/09/24 20:21:13 | 000,000,618 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/09/24 20:02:38 | 017,190,472 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\SAS_151C8.COM
[2011/09/24 19:59:22 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Thierry 200910\Desktop\His.exe
[2011/09/24 19:59:22 | 000,401,720 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\H45.exe
[2011/09/24 19:59:22 | 000,401,720 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\H.exe
[2011/09/23 21:47:00 | 000,657,920 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\Ro.exe
[2011/09/23 16:20:06 | 101,412,864 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\VIPRERescue10555.exe
[2011/09/23 16:11:58 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\exeHelper.scr
[2011/09/21 22:28:30 | 001,403,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thierry 200910\Desktop\thierry.com
[2011/09/21 21:16:03 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/09/20 21:49:37 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\housecall.guid.cache
[2011/09/20 21:33:02 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\exeHelper.com
[2011/09/20 21:12:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/20 20:43:55 | 000,186,946 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Thierry 200910\Desktop\AntiPuper.exe
[2011/09/20 20:41:16 | 000,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Thierry 200910\Desktop\KillBox.exe
[2011/09/20 18:51:01 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1003Core.job
[2011/09/19 10:36:22 | 004,845,856 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\exp.exe
[2011/09/18 18:05:04 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\SopCast.lnk
[2011/09/11 19:19:34 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/11 18:40:09 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/11 01:32:59 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/04 23:53:08 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.BAK
[2011/10/04 23:15:38 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/26 22:02:02 | 077,904,616 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\launch.exe
[2011/09/25 19:51:29 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\SpyDLLRemover.lnk
[2011/09/25 18:47:11 | 000,456,828 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\GrantPerms.exe
[2011/09/24 22:19:37 | 058,948,168 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\setup_av_free.exe
[2011/09/24 22:18:12 | 004,223,304 | R--- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\CopFix.exe
[2011/09/24 21:59:46 | 000,005,036 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ihfeumzb.qzk
[2011/09/24 21:58:57 | 004,845,856 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\exp.exe
[2011/09/24 20:28:22 | 017,190,472 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\SAS_151C8.COM
[2011/09/24 20:27:45 | 004,346,880 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\Copy r.scr
[2011/09/24 20:25:27 | 004,346,880 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\hhgr.exe
[2011/09/24 20:12:05 | 000,401,720 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\H45.exe
[2011/09/24 20:11:19 | 000,401,720 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\H.exe
[2011/09/23 21:55:56 | 000,060,800 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\TrueSight.sys
[2011/09/23 21:55:50 | 000,657,920 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\Ro.exe
[2011/09/23 20:28:00 | 101,412,864 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\VIPRERescue10555.exe
[2011/09/23 20:26:13 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\exeHelper.scr
[2011/09/20 21:49:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\housecall.guid.cache
[2011/09/20 21:33:02 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\exeHelper.com
[2011/09/18 18:05:04 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\SopCast.lnk
[2011/07/03 22:39:15 | 000,103,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/03 21:48:26 | 000,012,288 | --S- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\8kum22k6t217qt6t0fs10d51118ydm
[2011/07/03 21:48:26 | 000,012,288 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\8kum22k6t217qt6t0fs10d51118ydm
[2011/06/17 23:16:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/12 00:56:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2011/06/07 11:13:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/06/07 11:13:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/06/07 11:13:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/06/07 11:13:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/06/07 11:13:38 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/04/11 22:14:43 | 000,000,195 | ---- | C] () -- C:\WINDOWS\si-chaid.ini
[2011/04/01 17:33:56 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Application Data\setup_ldm.iss
[2011/01/03 15:27:38 | 000,002,996 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/01/03 15:27:27 | 000,002,993 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2011/01/03 15:27:14 | 000,002,863 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/01/03 15:27:04 | 000,002,856 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2011/01/03 15:26:54 | 000,002,865 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/01/03 15:26:44 | 000,002,894 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2011/01/03 15:26:36 | 000,002,830 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/01/03 15:26:18 | 000,002,873 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/01/03 15:24:27 | 000,010,999 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/01/03 15:24:21 | 000,346,800 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/01/03 15:24:21 | 000,014,639 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/01/03 01:01:14 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2011/01/03 01:01:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2010/07/11 10:36:19 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\WebpageIcons.db
[2010/07/09 17:37:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/18 21:08:58 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\wsoviedsini.dll
[2010/05/18 21:08:41 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2010/04/17 23:51:53 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/03/18 23:18:22 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2009/10/26 21:09:22 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/10/11 00:37:30 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/10/10 22:16:08 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Application Data\AVSMediaPlayer.m3u
[2009/10/10 22:07:45 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/10 22:07:45 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/10 18:56:30 | 000,350,299 | ---- | C] () -- C:\WINDOWS\System32\drivers\VdCap03C.sys
[2009/10/10 18:56:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\VfwExtC.dll
[2009/10/10 18:56:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VfwECamC.dll
[2009/10/10 18:56:29 | 000,015,190 | ---- | C] () -- C:\WINDOWS\VdTwn03C.ini
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH3111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH2111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH0121.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH0111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF3111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF2111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF0121.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF0111.bin
[2009/10/10 15:27:23 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/10/10 15:27:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/10/10 15:27:23 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/10/10 15:27:16 | 000,595,968 | ---- | C] () -- C:\WINDOWS\System32\WatchPower.exe
[2009/10/10 15:27:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PowerOff.exe
[2008/04/23 18:34:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007/10/10 13:02:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2007/10/10 13:02:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2007/10/10 13:02:38 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2007/10/10 12:58:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/10/10 12:58:19 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/10/10 12:38:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/10 00:53:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/10 00:53:10 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/09 22:12:03 | 001,247,400 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2007/10/09 22:11:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/10/09 22:11:47 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2007/10/09 22:10:52 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/10/09 22:10:18 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2007/10/09 22:08:47 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/10/09 22:01:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2007/10/09 21:52:46 | 000,001,428 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2007/10/09 21:52:24 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2007/10/09 21:52:24 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/10/09 21:52:11 | 000,033,860 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/10/09 21:52:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/10/09 21:51:57 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/10/09 21:44:23 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2007/10/09 21:42:32 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/09 21:42:30 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/09 21:42:30 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/09 21:42:30 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/09 21:42:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/09 21:42:30 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/09 21:42:30 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/09 21:42:29 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/09 21:42:29 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/09 21:39:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/10/09 21:36:36 | 000,207,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/09 21:14:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/10/09 21:10:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/08/16 05:23:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gpyapi.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/09/13 12:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2006/08/11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/11 15:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/11 15:49:24 | 000,323,640 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/08/11 15:49:24 | 000,044,567 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/08/11 15:45:18 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/08/11 15:45:08 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2006/08/11 15:43:26 | 000,265,042 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2006/08/11 15:43:20 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/11 15:43:18 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/11 15:43:04 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/08/11 15:43:04 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/08/11 15:43:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2006/05/23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/08/04 00:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/10 14:42:20 | 000,013,600 | ---- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2003/03/09 05:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 13:00:00 | 000,443,062 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 000,071,592 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/09/25 14:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitDefender
[2011/10/04 23:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/10/09 22:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/04/10 18:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/04/10 18:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/04/22 15:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/03/18 23:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD X Studios
[2010/08/17 21:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2010/08/17 21:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2010/08/17 21:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2007/10/10 13:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2011/07/03 16:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2007/10/09 23:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/23 20:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/10/09 23:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{56759C22-EA1E-4BE5-A903-72F67D450F43}
[2007/10/09 22:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\BitDefender
[2011/04/22 15:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Canon
[2011/03/05 14:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\dBpoweramp
[2010/11/28 13:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\GrabPro
[2011/06/02 23:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Ildi
[2009/10/10 15:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\InterTrust
[2010/08/05 20:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Leadertech
[2011/02/20 11:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\MaxTV Technologies
[2010/04/11 20:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\MSNInstaller
[2010/11/28 13:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Orbit
[2010/08/17 21:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\PPLive
[2010/11/28 13:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\ProgSense
[2011/09/20 22:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\QuickScan
[2011/07/03 16:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Samsung
[2007/10/10 13:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\SPSSInc
[2009/10/20 20:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\StreamTorrent
[2011/09/09 00:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\uTorrent
[2011/09/18 12:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\VoipDiscount
[2010/10/17 10:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\vShare

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\Thierry 200910\75:Color

< End of report >
  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please go back and get the Extras.txt file that I requested in Step 3.

It will be located on your desktop. :)

Please post it for me!

Thanks,

CompCav
  • 0

#7
tttezzza

tttezzza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi,
Really sorry i had nt seen it -thank you fr your patience. I will read the instructions better.
Here are my logs

Best Regards
T

OTL logfile created on: 08/10/2011 21:57:00 - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Thierry 200910\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.42 Mb Total Physical Memory | 510.43 Mb Available Physical Memory | 49.92% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 36.43 Gb Free Space | 47.73% Space Free | Partition Type: NTFS
Drive D: | 585.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 232.88 Gb Total Space | 152.53 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive F: | 983.70 Mb Total Space | 979.94 Mb Free Space | 99.62% Space Free | Partition Type: FAT

Computer Name: THIERRY | User Name: Thierry 200910 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/08 12:55:36 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.scr
PRC - [2011/09/06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/06/24 15:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/02/06 14:35:14 | 000,843,144 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2010/09/20 06:07:02 | 000,185,784 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2010/03/25 03:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/01/11 22:40:47 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2010/01/11 22:40:46 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 11:20:06 | 002,157,064 | ---- | M] (Xpertvision, Inc.) -- C:\Program Files\XpertVision\TBPANEL.exe
PRC - [2006/08/11 15:56:02 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2004/09/19 15:59:00 | 000,368,128 | ---- | M] () -- C:\Program Files\TVTool\TVTOOL.exe
PRC - [2004/02/23 16:51:32 | 000,032,768 | ---- | M] (XPDisable0Conf) -- C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\WinXPDisableZeroConfigation.exe
PRC - [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
PRC - [2002/04/12 14:39:24 | 000,155,715 | ---- | M] () -- C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/04 22:43:58 | 000,055,816 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
MOD - [2011/09/06 21:11:46 | 001,385,984 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090601\algo.dll
MOD - [2011/09/05 09:17:50 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090601\aswRep.dll
MOD - [2011/06/24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/06/12 00:33:46 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
MOD - [2011/06/12 00:28:28 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
MOD - [2011/06/12 00:28:08 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
MOD - [2011/06/12 00:27:40 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
MOD - [2011/06/12 00:27:18 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
MOD - [2011/06/12 00:27:02 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
MOD - [2011/06/12 00:26:26 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
MOD - [2011/06/12 00:26:05 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
MOD - [2011/06/12 00:25:53 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/06/12 00:25:32 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2011/06/12 00:22:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/06/07 11:13:56 | 000,592,896 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2011/06/07 11:13:56 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2011/06/07 11:13:54 | 000,367,104 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2011/06/07 11:13:54 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2010/12/19 01:18:39 | 000,243,112 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2010/11/02 08:39:46 | 000,866,152 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2010/09/20 06:07:14 | 000,516,864 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\sqlite3.dll
MOD - [2010/01/11 22:40:47 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
MOD - [2010/01/11 22:40:47 | 000,241,664 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\seccenter.ui
MOD - [2009/10/10 17:54:45 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\txmlutil.dll
MOD - [2009/10/10 17:54:42 | 000,073,728 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\tuneupconp.dll
MOD - [2009/10/10 17:54:36 | 000,126,976 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\hmcore.dll
MOD - [2009/10/10 17:54:34 | 000,010,240 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\dbokf.dll
MOD - [2009/10/10 17:54:24 | 000,155,648 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\bdfltlib.dll
MOD - [2009/10/10 17:54:15 | 000,172,032 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\agentreg.dll
MOD - [2009/10/10 17:54:14 | 000,045,056 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\actxcont.dll
MOD - [2009/10/10 17:54:02 | 000,003,584 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\encryption.ui
MOD - [2009/10/10 17:54:01 | 000,009,728 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\bdshelxt.ui
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/01/08 18:53:00 | 001,482,752 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/01/08 18:53:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/04/18 17:11:26 | 000,196,608 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\libexpatw.dll
MOD - [2007/01/31 11:31:06 | 000,032,768 | ---- | M] () -- C:\Program Files\XpertVision\TBPanelExt.dll
MOD - [2004/09/19 15:59:00 | 000,368,128 | ---- | M] () -- C:\Program Files\TVTool\TVTOOL.exe
MOD - [2003/08/25 15:55:00 | 000,006,144 | ---- | M] () -- C:\Program Files\TVTool\TVTOOL.DLL
MOD - [2002/04/12 14:39:24 | 000,155,715 | ---- | M] () -- C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
MOD - [2000/06/12 15:14:50 | 000,360,518 | ---- | M] () -- C:\Program Files\SEC\Natural Color\LowCMS.dll
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\XpertVision\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WLTRYSVC)
SRV - File not found [Auto | Stopped] -- -- (NVSvc)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (LIVESRV)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (Creative Service for CDROM Access)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/11 22:40:46 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2009/10/10 17:53:48 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/07/17 13:06:56 | 000,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2003/03/09 05:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/10/02 19:24:07 | 000,060,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Thierry 200910\Desktop\TrueSight.sys -- (TrueSight)
DRV - [2011/09/06 21:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 21:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 21:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 21:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 21:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 21:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 21:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/06/16 10:22:50 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/06/16 10:22:50 | 000,076,088 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/06/07 11:13:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/05/13 23:05:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/10 17:54:45 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/10/10 17:54:45 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/10/10 17:54:45 | 000,104,456 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2009/10/10 17:54:29 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
DRV - [2009/10/10 17:53:53 | 000,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2009/10/10 17:53:51 | 000,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/10/10 17:53:51 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/10/10 17:53:48 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/10/10 15:27:24 | 000,015,648 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 17:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/04/13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006/09/11 12:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 12:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/21 11:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/11 15:56:36 | 000,008,192 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT)
DRV - [2006/08/11 15:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 15:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 15:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 15:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 15:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 15:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 15:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 15:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 15:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/10 18:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/10/08 02:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/14 16:29:50 | 000,350,299 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VdCap03C.sys -- (Cam5603C)
DRV - [2004/02/19 10:51:00 | 000,300,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [1996/04/03 19:33:00 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\TVTool\TVTOOL.SYS -- (tvtool)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http://88.191.120.211:3128

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2011/02/06 14:43:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/04 12:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2007/10/09 22:56:20 | 000,000,000 | ---D | M]

[2011/02/20 11:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Thierry 200910\Application Data\Mozilla\Extensions
[2011/02/20 11:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Thierry 200910\Application Data\Mozilla\Extensions\[email protected]
[2011/06/17 23:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/11 22:40:47 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/25 14:12:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Spyhunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe ()
O4 - HKLM..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [TVTool] C:\Program Files\TVTool\TVTool.exe ()
O4 - HKLM..\Run: [XpDis0Conf] C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\WinXPDisableZeroConfigation.exe (XPDisable0Conf)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1255191831465 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} http://java.sun.com/...-131_03-win.cab (Java Plug-in 1.3.1_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.c...oad/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{747C9916-C4E9-4B43-808B-7825DC44090B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3B3A3FD-03D2-49EF-95B2-A870D4D2BDBA}: NameServer = 87.194.255.155
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/09 21:12:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011/10/08 12:50:06 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/08 21:55:05 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.scr
[2011/10/08 15:17:41 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.exe
[2011/10/08 14:34:34 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Thierry 200910\Desktop\aswMBR.exe
[2011/10/04 23:15:37 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/10/04 23:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/10/04 23:15:36 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/10/04 23:15:33 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/10/04 23:15:33 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/10/04 23:15:32 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/10/04 23:15:31 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/10/04 23:15:31 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/10/04 23:15:31 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/10/04 23:15:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/04 23:14:52 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/10/04 23:14:52 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/10/02 19:14:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Thierry 200910\Recent
[2011/10/02 19:14:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/26 22:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\DoctorWeb
[2011/09/25 23:09:52 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thierry 200910\Desktop\tdsskiller.exe
[2011/09/25 22:59:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/25 19:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\SecurityXploded
[2011/09/25 18:44:58 | 000,167,864 | ---- | C] (Webroot) -- C:\Documents and Settings\Thierry 200910\Desktop\antizeroaccess.exe
[2011/09/25 18:05:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/09/25 13:58:41 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipsec.svs
[2011/09/25 13:54:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/25 13:53:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/25 13:53:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Thierry 200910\Start Menu\Programs\Administrative Tools
[2011/09/25 13:40:16 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Thierry 200910\Desktop\His.exe
[2011/09/24 22:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/24 22:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/24 21:59:46 | 000,000,000 | ---D | C] -- C:\RRTVAULT
[2011/09/24 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\Application Data\SUPERAntiSpyware.com
[2011/09/24 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/23 22:32:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/23 21:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\Desktop\RK_Quarantine
[2011/09/23 20:28:31 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/23 20:28:31 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/09/23 20:28:11 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/09/21 22:28:30 | 001,403,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thierry 200910\Desktop\thierry.com
[2011/09/20 22:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\Application Data\QuickScan
[2011/09/20 21:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/20 20:43:55 | 000,186,946 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Thierry 200910\Desktop\AntiPuper.exe
[2011/09/20 20:41:16 | 000,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Thierry 200910\Desktop\KillBox.exe
[2007/10/09 22:10:25 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/08/11 15:43:00 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/08 22:02:07 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2011/10/08 21:54:05 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/08 21:51:57 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1003UA.job
[2011/10/08 21:48:50 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.CDF
[2011/10/08 21:48:38 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/08 21:48:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/08 16:36:35 | 000,033,232 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/08 16:36:35 | 000,033,232 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/08 16:36:35 | 000,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/08 16:36:35 | 000,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/08 16:36:35 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/08 16:36:35 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/10/08 16:36:35 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/10/08 16:36:17 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.BAK
[2011/10/08 16:36:16 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2011/10/08 14:27:42 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/08 12:55:36 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.scr
[2011/10/08 12:54:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.exe
[2011/10/08 12:54:34 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Thierry 200910\Desktop\aswMBR.exe
[2011/10/04 23:15:38 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/10/04 23:15:32 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/02 19:24:07 | 000,060,800 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\TrueSight.sys
[2011/09/26 21:40:08 | 077,904,616 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\launch.exe
[2011/09/25 23:08:14 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thierry 200910\Desktop\tdsskiller.exe
[2011/09/25 19:51:29 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\SpyDLLRemover.lnk
[2011/09/25 18:33:58 | 000,167,864 | ---- | M] (Webroot) -- C:\Documents and Settings\Thierry 200910\Desktop\antizeroaccess.exe
[2011/09/25 17:04:28 | 000,456,828 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\GrantPerms.exe
[2011/09/25 14:12:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/25 13:28:31 | 000,000,239 | -HS- | M] () -- C:\boot.ini
[2011/09/24 21:59:46 | 000,005,036 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ihfeumzb.qzk
[2011/09/24 21:53:30 | 004,223,304 | R--- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\CopFix.exe
[2011/09/24 21:48:46 | 058,948,168 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\setup_av_free.exe
[2011/09/24 20:21:13 | 000,000,618 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/09/24 20:02:38 | 017,190,472 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\SAS_151C8.COM
[2011/09/24 19:59:22 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Thierry 200910\Desktop\His.exe
[2011/09/24 19:59:22 | 000,401,720 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\H45.exe
[2011/09/24 19:59:22 | 000,401,720 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\H.exe
[2011/09/23 21:47:00 | 000,657,920 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\Ro.exe
[2011/09/23 16:20:06 | 101,412,864 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\VIPRERescue10555.exe
[2011/09/23 16:11:58 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\exeHelper.scr
[2011/09/21 22:28:30 | 001,403,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thierry 200910\Desktop\thierry.com
[2011/09/21 21:16:03 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/09/20 21:49:37 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\housecall.guid.cache
[2011/09/20 21:33:02 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\exeHelper.com
[2011/09/20 21:12:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/20 20:43:55 | 000,186,946 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Thierry 200910\Desktop\AntiPuper.exe
[2011/09/20 20:41:16 | 000,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Thierry 200910\Desktop\KillBox.exe
[2011/09/20 18:51:01 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1003Core.job
[2011/09/19 10:36:22 | 004,845,856 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\exp.exe
[2011/09/18 18:05:04 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\SopCast.lnk
[2011/09/11 19:19:34 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/11 18:40:09 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/11 01:32:59 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/04 23:53:08 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.BAK
[2011/10/04 23:15:38 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/26 22:02:02 | 077,904,616 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\launch.exe
[2011/09/25 19:51:29 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\SpyDLLRemover.lnk
[2011/09/25 18:47:11 | 000,456,828 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\GrantPerms.exe
[2011/09/24 22:19:37 | 058,948,168 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\setup_av_free.exe
[2011/09/24 22:18:12 | 004,223,304 | R--- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\CopFix.exe
[2011/09/24 21:59:46 | 000,005,036 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ihfeumzb.qzk
[2011/09/24 21:58:57 | 004,845,856 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\exp.exe
[2011/09/24 20:28:22 | 017,190,472 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\SAS_151C8.COM
[2011/09/24 20:27:45 | 004,346,880 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\Copy r.scr
[2011/09/24 20:25:27 | 004,346,880 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\hhgr.exe
[2011/09/24 20:12:05 | 000,401,720 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\H45.exe
[2011/09/24 20:11:19 | 000,401,720 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\H.exe
[2011/09/23 21:55:56 | 000,060,800 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\TrueSight.sys
[2011/09/23 21:55:50 | 000,657,920 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\Ro.exe
[2011/09/23 20:28:00 | 101,412,864 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\VIPRERescue10555.exe
[2011/09/23 20:26:13 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\exeHelper.scr
[2011/09/20 21:49:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\housecall.guid.cache
[2011/09/20 21:33:02 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\exeHelper.com
[2011/09/18 18:05:04 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\SopCast.lnk
[2011/07/03 22:39:15 | 000,103,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/03 21:48:26 | 000,012,288 | --S- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\8kum22k6t217qt6t0fs10d51118ydm
[2011/07/03 21:48:26 | 000,012,288 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\8kum22k6t217qt6t0fs10d51118ydm
[2011/06/17 23:16:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/12 00:56:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2011/06/07 11:13:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/06/07 11:13:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/06/07 11:13:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/06/07 11:13:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/06/07 11:13:38 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/04/11 22:14:43 | 000,000,195 | ---- | C] () -- C:\WINDOWS\si-chaid.ini
[2011/04/01 17:33:56 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Application Data\setup_ldm.iss
[2011/01/03 15:27:38 | 000,002,996 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/01/03 15:27:27 | 000,002,993 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2011/01/03 15:27:14 | 000,002,863 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/01/03 15:27:04 | 000,002,856 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2011/01/03 15:26:54 | 000,002,865 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/01/03 15:26:44 | 000,002,894 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2011/01/03 15:26:36 | 000,002,830 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/01/03 15:26:18 | 000,002,873 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/01/03 15:24:27 | 000,010,999 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/01/03 15:24:21 | 000,346,800 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/01/03 15:24:21 | 000,014,639 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/01/03 01:01:14 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2011/01/03 01:01:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2010/07/11 10:36:19 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\WebpageIcons.db
[2010/07/09 17:37:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/18 21:08:58 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\wsoviedsini.dll
[2010/05/18 21:08:41 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2010/04/17 23:51:53 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/03/18 23:18:22 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2009/10/26 21:09:22 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/10/11 00:37:30 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/10/10 22:16:08 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Application Data\AVSMediaPlayer.m3u
[2009/10/10 22:07:45 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/10 22:07:45 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/10 18:56:30 | 000,350,299 | ---- | C] () -- C:\WINDOWS\System32\drivers\VdCap03C.sys
[2009/10/10 18:56:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\VfwExtC.dll
[2009/10/10 18:56:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VfwECamC.dll
[2009/10/10 18:56:29 | 000,015,190 | ---- | C] () -- C:\WINDOWS\VdTwn03C.ini
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH3111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH2111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH0121.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH0111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF3111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF2111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF0121.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF0111.bin
[2009/10/10 15:27:23 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/10/10 15:27:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/10/10 15:27:23 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/10/10 15:27:16 | 000,595,968 | ---- | C] () -- C:\WINDOWS\System32\WatchPower.exe
[2009/10/10 15:27:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PowerOff.exe
[2008/04/23 18:34:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007/10/10 13:02:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2007/10/10 13:02:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2007/10/10 13:02:38 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2007/10/10 12:58:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/10/10 12:58:19 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/10/10 12:38:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/10 00:53:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/10 00:53:10 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/09 22:12:03 | 001,247,400 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2007/10/09 22:11:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/10/09 22:11:47 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2007/10/09 22:10:52 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/10/09 22:10:18 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2007/10/09 22:08:47 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/10/09 22:01:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2007/10/09 21:52:46 | 000,001,428 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2007/10/09 21:52:24 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2007/10/09 21:52:24 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/10/09 21:52:11 | 000,033,860 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/10/09 21:52:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/10/09 21:51:57 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/10/09 21:44:23 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2007/10/09 21:42:32 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/09 21:42:30 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/09 21:42:30 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/09 21:42:30 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/09 21:42:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/09 21:42:30 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/09 21:42:30 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/09 21:42:29 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/09 21:42:29 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/09 21:39:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/10/09 21:36:36 | 000,207,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/09 21:14:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/10/09 21:10:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/08/16 05:23:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gpyapi.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/09/13 12:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2006/08/11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/11 15:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/11 15:49:24 | 000,323,640 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/08/11 15:49:24 | 000,044,567 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/08/11 15:45:18 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/08/11 15:45:08 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2006/08/11 15:43:26 | 000,265,042 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2006/08/11 15:43:20 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/11 15:43:18 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/11 15:43:04 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/08/11 15:43:04 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/08/11 15:43:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2006/05/23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/08/04 00:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/10 14:42:20 | 000,013,600 | ---- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2003/03/09 05:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 13:00:00 | 000,443,062 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 000,071,592 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/09/25 14:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitDefender
[2011/10/04 23:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/10/09 22:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/04/10 18:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/04/10 18:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/04/22 15:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/03/18 23:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD X Studios
[2010/08/17 21:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2010/08/17 21:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2010/08/17 21:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2007/10/10 13:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2011/07/03 16:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2007/10/09 23:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/23 20:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/10/09 23:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{56759C22-EA1E-4BE5-A903-72F67D450F43}
[2007/10/09 22:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\BitDefender
[2011/04/22 15:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Canon
[2011/03/05 14:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\dBpoweramp
[2010/11/28 13:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\GrabPro
[2011/06/02 23:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Ildi
[2009/10/10 15:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\InterTrust
[2010/08/05 20:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Leadertech
[2011/02/20 11:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\MaxTV Technologies
[2010/04/11 20:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\MSNInstaller
[2010/11/28 13:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Orbit
[2010/08/17 21:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\PPLive
[2010/11/28 13:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\ProgSense
[2011/09/20 22:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\QuickScan
[2011/07/03 16:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Samsung
[2007/10/10 13:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\SPSSInc
[2009/10/20 20:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\StreamTorrent
[2011/09/09 00:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\uTorrent
[2011/09/18 12:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\VoipDiscount
[2010/10/17 10:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\vShare

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\Thierry 200910\75:Color

< End of report >





:---------------------- :EXTRA: -----------------------------------:


OTL Extras logfile created on: 08/10/2011 15:21:46 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Thierry 200910\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.42 Mb Total Physical Memory | 511.41 Mb Available Physical Memory | 50.02% Memory free
2.40 Gb Paging File | 1.85 Gb Available in Paging File | 76.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 36.46 Gb Free Space | 47.77% Space Free | Partition Type: NTFS
Drive D: | 585.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 232.88 Gb Total Space | 152.53 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive F: | 983.70 Mb Total Space | 980.11 Mb Free Space | 99.63% Space Free | Partition Type: FAT

Computer Name: THIERRY | User Name: Thierry 200910 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe ()
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ()
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8118:TCP" = 8118:TCP:*:Enabled:8118
"9050:TCP" = 9050:TCP:*:Enabled:9050
"8123:TCP" = 8123:TCP:*:Enabled:8123

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player -- (StreamTorrent)
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" = C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe:*:Enabled:PPLive -- (PPLive Corporation)
"E:\Gaming\fifa11\Game\fifa.exe" = E:\Gaming\fifa11\Game\fifa.exe:*:Enabled:FIFA 11 -- (Electronic Arts)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\TVO\ressources\mplayer.exe" = C:\TVO\ressources\mplayer.exe:*:Enabled:mplayer -- ()
"C:\TVO\TVO.exe" = C:\TVO\TVO.exe:*:Enabled:TVO -- ()
"C:\Program Files\Vidalia Bundle\Polipo\polipo.exe" = C:\Program Files\Vidalia Bundle\Polipo\polipo.exe:*:Enabled:Polipo -- ()
"C:\Program Files\Vidalia Bundle\Tor\tor.exe" = C:\Program Files\Vidalia Bundle\Tor\tor.exe:*:Enabled:Tor -- ()
"C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" = C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe:*:Enabled:Vidalia -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3F9FB449-93DB-4C47-BB5B-7334C4D1736E}" = SD Formatter
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{43695674-7C8B-494D-A88D-F36C703A4993}" = VideoCAM Slim USB2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45401A03-BDF0-448F-9B0F-3882B96F6692}" = Belkin Wireless Utility
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55CF62B3-04D6-4BBC-9146-CAA1F4551201}" = SPSS Clementine 12.0
"{56A648C2-D185-46A9-BBFF-78AE7A50E900}" = VideoCAM Slim USB2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FCCD531-1B38-4A94-924C-127F722F1033}" = Nero 8
"{6006089C-84B5-4F18-8113-D96792AED0DE}_is1" = ChrisPC Free Anonymous Proxy 1.40
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACF317C-CA66-4363-AEBF-A073B124AA1A}" = BitDefender Total Security 2009
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AD3C4A64-E7DC-11D4-AC4A-00C04F3876CD}" = SAS System 9.0
"{B1493D8A-C782-4ED3-A34D-8A9B8D9925BF}" = MediaCUB
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C994D98C-293D-4825-958E-EB684B4D413F}" = MSN Toolbar
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E1C256F5-58C6-44E9-939A-E1189C8126E2}" = Google SketchUp Pro 7
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioConSole" = Creative Audio Console
"avast" = avast! Free Antivirus
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Canon MP495 series User Registration" = Canon MP495 series User Registration
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpoweramp [Arrange Audio] Codec" = dBpoweramp [Arrange Audio] Codec
"dBpoweramp [Audio Info] Codec" = dBpoweramp [Audio Info] Codec
"dBpoweramp [Channel Split] Codec" = dBpoweramp [Channel Split] Codec
"dBpoweramp [ID Tag Update] Codec" = dBpoweramp [ID Tag Update] Codec
"dBpoweramp [Length Split] Codec" = dBpoweramp [Length Split] Codec
"dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
"dBpoweramp [ReplayGain] Codec" = dBpoweramp [ReplayGain] Codec
"dBpoweramp [Tag From Filename] Codec" = dBpoweramp [Tag From Filename] Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD X Player 4.1 Professional_is1" = DVD X Player 4.1 Professional
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"JRE 1.3.1_03" = Java 2 Runtime Environment Standard Edition v1.3.1_03
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Polipo" = Polipo 1.0.4.1
"PowerISO" = PowerISO
"PPLive" = PPTV V2.6.3.0007
"Registry Mechanic_is1" = Registry Mechanic 7.0
"SopCast" = SopCast 3.4.0
"StreamTorrent 1.0" = StreamTorrent 1.0
"Tor" = Tor 0.2.1.30
"TVAnts 1.0" = TVAnts 1.0
"TVTool" = TVTool
"TVUPlayer" = TVUPlayer 2.5.3.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Vidalia" = Vidalia 0.2.12
"VLC media player" = VLC media player 1.1.10
"vShare" = vShare Plugin
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word Viewer 5.82" = Word Viewer 5.82
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpertVision_is1" = XpertVision 6.1
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/09/2011 16:05:30 | Computer Name = THIERRY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 23/09/2011 16:34:48 | Computer Name = THIERRY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 23/09/2011 17:21:37 | Computer Name = THIERRY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 23/09/2011 17:22:47 | Computer Name = THIERRY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/09/2011 15:57:09 | Computer Name = THIERRY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/09/2011 15:57:41 | Computer Name = THIERRY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 25/09/2011 09:45:41 | Computer Name = THIERRY | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0159110b.

Error - 25/09/2011 09:45:45 | Computer Name = THIERRY | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 25/09/2011 10:02:41 | Computer Name = THIERRY | Source = Application Error | ID = 1000
Description = Faulting application killbox.exe, version 2.0.0.881, faulting module
unknown, version 0.0.0.0, fault address 0x04000000.

Error - 08/10/2011 10:20:42 | Computer Name = THIERRY | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.29.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 08/10/2011 09:36:10 | Computer Name = THIERRY | Source = Service Control Manager | ID = 7003
Description = The TCP/IP Protocol Driver service depends on the following nonexistent
service: IPSec

Error - 08/10/2011 09:36:10 | Computer Name = THIERRY | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%1075

Error - 08/10/2011 09:36:29 | Computer Name = THIERRY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 08/10/2011 09:40:51 | Computer Name = THIERRY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 08/10/2011 09:41:11 | Computer Name = THIERRY | Source = Service Control Manager | ID = 7003
Description = The TCP/IP Protocol Driver service depends on the following nonexistent
service: IPSec

Error - 08/10/2011 09:41:11 | Computer Name = THIERRY | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%1075

Error - 08/10/2011 09:41:29 | Computer Name = THIERRY | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).

Error - 08/10/2011 09:50:57 | Computer Name = THIERRY | Source = Service Control Manager | ID = 7003
Description = The TCP/IP Protocol Driver service depends on the following nonexistent
service: IPSec

Error - 08/10/2011 09:50:57 | Computer Name = THIERRY | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%1075

Error - 08/10/2011 10:09:46 | Computer Name = THIERRY | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 2 time(s).


< End of report >



The other logs were posted in earlier post
:)
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Thank you for retrieving all the logs for me. I am preparing an initial fix but I need to ask you what these files are that are on your desktop:

Copy r.scr

hhgr.exe

H45.exe

H.exe

TrueSight.sys

Ro.exe

exp.exe

Please let me know so I can complete the initial fix.

Thanks,

CompCav
  • 0

#9
tttezzza

tttezzza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi,
These are apps like hjt, combofix or rkill that have been renamed so that I can run them.
Regards
T
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Thanks I will complete an initial post to start the proposed fix and try to get it to you tomorrow!

CompCav
  • 0

Advertisements


#11
tttezzza

tttezzza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thats great thanks again and take your ime I can wait and appreciate your help.

Cheers
T
  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
What are your current problems with the computer and connecting to the internet, etc.??

Thanks,

CompCav
  • 0

#13
tttezzza

tttezzza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi, some programs I can run once and then they get blocked, some other are ok. I have no internet working.
Thanks.
T
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please give me some examples of programs that run only once and some that run OK. Since you have run several tools I want to zero in on the issues.

Thanks,

CompCav
  • 0

#15
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Thank you for the logs and the answers to my questions.

Warning!!
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

  • All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


Step 1.

Please delete your current copy of ComboFix and download a fresh copy following these directions:

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here. Specifically you need to do this for Avast, BitDefender and Teatimer in SpyBot S & D.

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now


Step 2.

  • Download OTL to your Desktop or use the one you already have.\
    If you still cannot run exe files try these two downloads, one is a .com and the other a .scr.
    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Select Use Safe List under Extra Registry
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT


    or here is a text file for you to copy over to the infected computer, you can then place the contents the Custom Scans/Fixes box.

    Attached File  scan.txt   270bytes   35 downloads
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open OTL.Txt in Notepad window and the Extras.txt file on the task bar.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file, the Extras.txt file, and post them with your next reply.


Step 3.

Please Post:

ComboFix.txt
OTL.txt
Extras.txt


Please tell me how the internet and computer are doing.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP