Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus No Access

Started by tttezzza , Oct 06 2011 03:32 PM

  • This topic is locked This topic is locked

#16
tttezzza
Posted 10 October 2011 - 05:29 PM

tttezzza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi,

I followed your instructions and enclose the logs. Quite strange but no
'extra' file was produced from OTL?

FYI, I deleted some of the files on my desktop and for some of them
they seemed infected so i had to use killbox (access was denied).

I have one renamed copy of combofix which i cannot delete.. it's named as
compfix.exe on my desktop.

FYI, when i first got the virus it started with a lot of redirected
searches on google.

The internet is not running. I cannot launch IE.

Hope this helps


Thanks a lot

T



COMBOFIX

ComboFix 11-10-10.04 - Thierry 200910 10/10/2011 23:47:25.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.520 [GMT 1:00]
Running from: c:\documents and settings\Thierry 200910\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\THIERR~1\LOCALS~1\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\documents and settings\Thierry 200910\Local Settings\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\documents and settings\Thierry 200910\My Documents\DPE.DUS
.
.
((((((((((((((((((((((((( Files Created from 2011-09-10 to 2011-10-10 )))))))))))))))))))))))))))))))
.
.
2011-10-10 22:39 . 2011-10-10 22:39 -------- d-----w- C:\!KillBox
2011-10-04 22:15 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-04 22:15 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-04 22:15 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-04 22:15 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-04 22:15 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-04 22:15 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-10-04 22:15 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-10-04 22:15 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-10-04 22:14 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-04 22:14 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-26 21:03 . 2011-09-26 21:03 -------- d-----w- c:\documents and settings\Thierry 200910\DoctorWeb
2011-09-25 18:51 . 2011-09-25 18:51 -------- d-----w- c:\program files\SecurityXploded
2011-09-25 17:05 . 2011-09-25 17:05 -------- d-----w- c:\windows\setup.pss
2011-09-25 13:00 . 2011-09-25 13:13 -------- d-----w- c:\documents and settings\Administrator
2011-09-25 11:42 . 2011-09-25 11:47 90112 ----a-w- c:\windows\DUMP5e9a.tmp
2011-09-25 10:31 . 2011-09-25 10:32 90112 ----a-w- c:\windows\DUMP5ef8.tmp
2011-09-24 21:20 . 2011-10-04 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-24 21:20 . 2011-10-02 18:33 -------- d-----w- c:\program files\AVAST Software
2011-09-24 20:59 . 2011-09-24 20:59 -------- d-----w- C:\RRTVAULT
2011-09-24 19:28 . 2011-09-24 19:28 -------- d-----w- c:\documents and settings\Thierry 200910\Application Data\SUPERAntiSpyware.com
2011-09-24 19:28 . 2011-09-24 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-23 21:32 . 2011-09-23 21:32 -------- d-----w- c:\windows\pss
2011-09-23 19:28 . 2010-11-09 13:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-23 19:28 . 2010-11-09 13:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-09-23 19:28 . 2011-09-23 19:28 -------- d-----w- C:\VIPRERESCUE
2011-09-20 21:46 . 2011-09-20 21:46 -------- d-----w- c:\documents and settings\Thierry 200910\Application Data\QuickScan
2011-09-20 20:54 . 2011-09-20 20:54 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-25 10:06 . 2007-10-09 20:32 90112 ----a-w- c:\windows\DUMP805b.tmp
2011-09-25 10:05 . 2007-10-09 20:32 90112 ----a-w- c:\windows\DUMPa8e2.tmp
2011-09-24 22:12 . 2007-10-09 20:32 90112 ----a-w- c:\windows\DUMP78c9.tmp
2011-09-24 22:11 . 2007-10-09 20:32 90112 ----a-w- c:\windows\DUMP924d.tmp
2011-09-24 22:09 . 2007-10-09 20:32 90112 ----a-w- c:\windows\DUMP7510.tmp
2011-09-24 22:08 . 2007-10-09 20:32 90112 ----a-w- c:\windows\DUMP88c7.tmp
2011-09-24 22:07 . 2007-10-09 20:32 90112 ----a-w- c:\windows\DUMP7b0c.tmp
2011-09-21 21:32 . 2004-08-03 21:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-08-31 16:00 . 2009-10-11 13:55 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 09:42 . 2011-05-22 16:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-14 16:41 . 2011-06-17 22:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-01-11 21:40 . 2010-07-10 22:09 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie8\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-09-25_13.12.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-09 20:15 . 2011-08-14 08:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-09 20:15 . 2011-10-04 22:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-09 20:15 . 2011-08-14 08:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-09 20:15 . 2011-10-04 22:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-10-04 21:43 . 2011-10-04 22:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-10-09 20:15 . 2011-08-14 08:44 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-10 23:37 . 2011-10-08 23:34 81984 c:\windows\system32\bdod.bin
- 2009-10-10 23:37 . 2011-09-11 00:32 81984 c:\windows\system32\bdod.bin
+ 2011-09-25 17:15 . 2011-09-25 17:15 262144 c:\windows\system32\config\systemprofile\NtUser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-10 39408]
"PPAP"="c:\program files\Common Files\PPLiveNetwork\PPAP.exe" [2010-09-20 185784]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-01-29 2157064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"nwiz"="nwiz.exe" [2008-01-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2011-02-06 843144]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-10-10 69632]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Spyhunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 847872]
"XpDis0Conf"="c:\progra~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe" [2004-02-23 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"CTHelper"="CTHELPER.EXE" [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"TVTool"="c:\program files\TVTool\TVTool.exe" [2004-09-19 368128]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-22 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2007-10-9 155715]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\uusee\\UUSeePlayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\PPLiveNetwork\\PPAP.exe"=
"e:\\Gaming\\fifa11\\Game\\fifa.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\TVO\\ressources\\mplayer.exe"=
"c:\\TVO\\TVO.exe"=
"c:\\Program Files\\Vidalia Bundle\\Polipo\\polipo.exe"=
"c:\\Program Files\\Vidalia Bundle\\Tor\\tor.exe"=
"c:\\Program Files\\Vidalia Bundle\\Vidalia\\vidalia.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8118:TCP"= 8118:TCP:8118
"9050:TCP"= 9050:TCP:9050
"8123:TCP"= 8123:TCP:8123
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [04/10/2011 23:15 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/10/2011 23:15 320856]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [23/09/2011 20:28 98392]
R1 tvtool;tvtool;c:\program files\TVTool\TVTOOL.SYS [03/04/1996 19:33 5248]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/10/2011 23:15 20568]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [02/07/2008 13:07 82696]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [11/08/2006 15:56 8192]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/08/2008 18:40 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [14/08/2008 18:54 104456]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\THIERR~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\THIERR~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\THIERR~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\THIERR~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 14:03 133104]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 13:06 118784]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [03/07/2011 16:40 76088]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [03/07/2011 16:38 20032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 14:03 133104]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [03/07/2011 16:40 181432]
S3 TrueSight;TrueSight;\??\c:\documents and settings\Thierry 200910\Desktop\TrueSight.sys --> c:\documents and settings\Thierry 200910\Desktop\TrueSight.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 13:03]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 13:03]
.
2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1003Core.job
- c:\documents and settings\Thierry 200910\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 13:03]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1003UA.job
- c:\documents and settings\Thierry 200910\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 13:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = about:blank
uInternet Settings,ProxyServer = hxxp://88.191.120.211:3128
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D3B3A3FD-03D2-49EF-95B2-A870D4D2BDBA}: NameServer = 87.194.255.155
FF - ProfilePath - c:\documents and settings\Thierry 200910\Application Data\Mozilla\Firefox\Profiles\5whqlwjh.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-11 00:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(624)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSENG.DLL
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2011-10-11 00:08:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-10 23:08
ComboFix2.txt 2011-09-25 13:16
.
Pre-Run: 39,056,367,616 bytes free
Post-Run: 39,430,823,936 bytes free
.
- - End Of File - - 0CDF61010285F918DDC164506C87225A



OTL logfile created on: 11/10/2011 00:11:08 - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Thierry 200910\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.42 Mb Total Physical Memory | 562.69 Mb Available Physical Memory | 55.04% Memory free
2.40 Gb Paging File | 1.90 Gb Available in Paging File | 79.20% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 36.78 Gb Free Space | 48.19% Space Free | Partition Type: NTFS
Drive D: | 585.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 232.88 Gb Total Space | 152.53 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive F: | 983.70 Mb Total Space | 977.19 Mb Free Space | 99.34% Space Free | Partition Type: FAT

Computer Name: THIERRY | User Name: Thierry 200910 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/08 12:54:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.exe
PRC - [2011/09/06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/06/24 15:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/02/06 14:35:14 | 000,843,144 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2010/09/20 06:07:02 | 000,185,784 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2010/03/25 03:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/01/11 22:40:47 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2010/01/11 22:40:46 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 11:20:06 | 002,157,064 | ---- | M] (Xpertvision, Inc.) -- C:\Program Files\XpertVision\TBPANEL.exe
PRC - [2004/09/19 15:59:00 | 000,368,128 | ---- | M] () -- C:\Program Files\TVTool\TVTOOL.exe
PRC - [2004/02/23 16:51:32 | 000,032,768 | ---- | M] (XPDisable0Conf) -- C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\WinXPDisableZeroConfigation.exe
PRC - [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2002/04/12 14:39:24 | 000,155,715 | ---- | M] () -- C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/11 00:01:23 | 000,055,816 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Local Settings\temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
MOD - [2011/09/06 21:11:46 | 001,385,984 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090601\algo.dll
MOD - [2011/09/05 09:17:50 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090601\aswRep.dll
MOD - [2011/06/24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/06/12 00:33:46 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
MOD - [2011/06/12 00:28:28 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
MOD - [2011/06/12 00:28:08 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
MOD - [2011/06/12 00:27:40 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
MOD - [2011/06/12 00:27:18 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
MOD - [2011/06/12 00:27:02 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
MOD - [2011/06/12 00:26:26 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
MOD - [2011/06/12 00:26:05 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
MOD - [2011/06/12 00:25:53 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/06/12 00:25:32 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2011/06/12 00:22:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/06/07 11:13:56 | 000,592,896 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2011/06/07 11:13:56 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2011/06/07 11:13:54 | 000,367,104 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2011/06/07 11:13:54 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2010/12/19 01:18:39 | 000,243,112 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2010/11/02 08:39:46 | 000,866,152 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2010/09/20 06:07:14 | 000,516,864 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\sqlite3.dll
MOD - [2010/01/11 22:40:47 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
MOD - [2010/01/11 22:40:47 | 000,241,664 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\seccenter.ui
MOD - [2009/10/10 17:54:45 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\txmlutil.dll
MOD - [2009/10/10 17:54:42 | 000,073,728 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\tuneupconp.dll
MOD - [2009/10/10 17:54:36 | 000,126,976 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\hmcore.dll
MOD - [2009/10/10 17:54:34 | 000,010,240 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\dbokf.dll
MOD - [2009/10/10 17:54:24 | 000,155,648 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\bdfltlib.dll
MOD - [2009/10/10 17:54:15 | 000,172,032 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\agentreg.dll
MOD - [2009/10/10 17:54:14 | 000,045,056 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\actxcont.dll
MOD - [2009/10/10 17:54:02 | 000,003,584 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\encryption.ui
MOD - [2009/10/10 17:54:01 | 000,009,728 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\bdshelxt.ui
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/01/08 18:53:00 | 001,482,752 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/01/08 18:53:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/04/18 17:11:26 | 000,196,608 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\libexpatw.dll
MOD - [2007/01/31 11:31:06 | 000,032,768 | ---- | M] () -- C:\Program Files\XpertVision\TBPanelExt.dll
MOD - [2004/09/19 15:59:00 | 000,368,128 | ---- | M] () -- C:\Program Files\TVTool\TVTOOL.exe
MOD - [2003/08/25 15:55:00 | 000,006,144 | ---- | M] () -- C:\Program Files\TVTool\TVTOOL.DLL
MOD - [2002/04/12 14:39:24 | 000,155,715 | ---- | M] () -- C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
MOD - [2000/06/12 15:14:50 | 000,360,518 | ---- | M] () -- C:\Program Files\SEC\Natural Color\LowCMS.dll
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\XpertVision\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WLTRYSVC)
SRV - File not found [Auto | Stopped] -- -- (NVSvc)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (LIVESRV)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (Creative Service for CDROM Access)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/11 22:40:46 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2009/10/10 17:53:48 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/07/17 13:06:56 | 000,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2003/03/09 05:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/09/06 21:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 21:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 21:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 21:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 21:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 21:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 21:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/06/16 10:22:50 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/06/16 10:22:50 | 000,076,088 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/06/07 11:13:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/05/13 23:05:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/10 17:54:45 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/10/10 17:54:45 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/10/10 17:54:45 | 000,104,456 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2009/10/10 17:54:29 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
DRV - [2009/10/10 17:53:53 | 000,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2009/10/10 17:53:51 | 000,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/10/10 17:53:51 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/10/10 17:53:48 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/10/10 15:27:24 | 000,015,648 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 17:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/04/13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006/09/11 12:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 12:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/21 11:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/11 15:56:36 | 000,008,192 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT)
DRV - [2006/08/11 15:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 15:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 15:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 15:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 15:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 15:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 15:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 15:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 15:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/10 18:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/10/08 02:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/14 16:29:50 | 000,350,299 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VdCap03C.sys -- (Cam5603C)
DRV - [2004/02/19 10:51:00 | 000,300,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [1996/04/03 19:33:00 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\TVTool\TVTOOL.SYS -- (tvtool)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http://88.191.120.211:3128

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2011/02/06 14:43:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/04 12:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2007/10/09 22:56:20 | 000,000,000 | ---D | M]

[2011/02/20 11:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Thierry 200910\Application Data\Mozilla\Extensions
[2011/02/20 11:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Thierry 200910\Application Data\Mozilla\Extensions\[email protected]
[2011/06/17 23:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/11 22:40:47 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/11 00:00:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Spyhunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe ()
O4 - HKLM..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [TVTool] C:\Program Files\TVTool\TVTool.exe ()
O4 - HKLM..\Run: [XpDis0Conf] C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\WinXPDisableZeroConfigation.exe (XPDisable0Conf)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1255191831465 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} http://java.sun.com/...-131_03-win.cab (Java Plug-in 1.3.1_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.c...oad/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{747C9916-C4E9-4B43-808B-7825DC44090B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3B3A3FD-03D2-49EF-95B2-A870D4D2BDBA}: NameServer = 87.194.255.155
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/09 21:12:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011/10/08 12:50:06 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 00:10:24 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.exe
[2011/10/10 23:43:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/10 23:43:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/10 23:43:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/10 23:43:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/10 23:43:05 | 004,253,235 | R--- | C] (Swearware) -- C:\Documents and Settings\Thierry 200910\Desktop\ComboFix.exe
[2011/10/10 23:39:14 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/10/04 23:15:37 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/10/04 23:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/10/04 23:15:36 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/10/04 23:15:33 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/10/04 23:15:33 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/10/04 23:15:32 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/10/04 23:15:31 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/10/04 23:15:31 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/10/04 23:15:31 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/10/04 23:15:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/04 23:14:52 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/10/04 23:14:52 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/10/02 19:14:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Thierry 200910\Recent
[2011/09/26 22:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\DoctorWeb
[2011/09/25 22:59:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/25 19:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\SecurityXploded
[2011/09/25 18:05:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/09/25 13:58:41 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipsec.svs
[2011/09/25 13:54:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/25 13:53:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/25 13:53:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Thierry 200910\Start Menu\Programs\Administrative Tools
[2011/09/24 22:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/24 22:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/24 21:59:46 | 000,000,000 | ---D | C] -- C:\RRTVAULT
[2011/09/24 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\Application Data\SUPERAntiSpyware.com
[2011/09/24 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/23 22:32:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/23 21:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\Desktop\RK_Quarantine
[2011/09/23 20:28:31 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/23 20:28:31 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/09/23 20:28:11 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/09/20 22:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\Application Data\QuickScan
[2011/09/20 21:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/20 20:41:16 | 000,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Thierry 200910\Desktop\KillBox.exe
[2007/10/09 22:10:25 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/08/11 15:43:00 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/11 00:13:11 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2011/10/11 00:02:43 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2011/10/11 00:01:03 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.CDF
[2011/10/11 00:01:03 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.BAK
[2011/10/11 00:00:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/11 00:00:12 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/10 23:59:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/10 23:58:49 | 000,033,232 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/10 23:58:49 | 000,033,232 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/10 23:58:49 | 000,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/10 23:58:49 | 000,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/10 23:58:49 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/10 23:58:49 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/10/10 23:58:49 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/10/10 23:26:10 | 004,253,235 | R--- | M] (Swearware) -- C:\Documents and Settings\Thierry 200910\Desktop\ComboFix.exe
[2011/10/10 22:55:22 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1003Core.job
[2011/10/10 22:55:17 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/09 22:54:11 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/09 22:51:17 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1003UA.job
[2011/10/09 00:34:42 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2011/10/08 12:54:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.exe
[2011/10/04 23:15:32 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/25 14:12:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111010-234234.backup
[2011/09/25 13:28:31 | 000,000,239 | -HS- | M] () -- C:\boot.ini
[2011/09/24 21:59:46 | 000,005,036 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ihfeumzb.qzk
[2011/09/24 21:53:30 | 004,223,304 | R--- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\CopFix.exe
[2011/09/24 20:21:13 | 000,000,618 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/09/21 21:16:03 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/09/20 21:49:37 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\housecall.guid.cache
[2011/09/20 21:12:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/20 20:41:16 | 000,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Thierry 200910\Desktop\KillBox.exe
[2011/09/18 18:05:04 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\SopCast.lnk
[2011/09/11 19:19:34 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/11 18:40:09 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 23:43:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/10 23:43:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/10 23:43:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/10 23:43:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/10 23:43:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/04 23:53:08 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.BAK
[2011/09/24 22:18:12 | 004,223,304 | R--- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\CopFix.exe
[2011/09/24 21:59:46 | 000,005,036 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ihfeumzb.qzk
[2011/09/20 21:49:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\housecall.guid.cache
[2011/09/18 18:05:04 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\SopCast.lnk
[2011/07/03 22:39:15 | 000,103,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/03 21:48:26 | 000,012,288 | --S- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\8kum22k6t217qt6t0fs10d51118ydm
[2011/07/03 21:48:26 | 000,012,288 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\8kum22k6t217qt6t0fs10d51118ydm
[2011/06/17 23:16:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/12 00:56:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2011/06/07 11:13:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/06/07 11:13:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/06/07 11:13:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/06/07 11:13:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/06/07 11:13:38 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/04/11 22:14:43 | 000,000,195 | ---- | C] () -- C:\WINDOWS\si-chaid.ini
[2011/04/01 17:33:56 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Application Data\setup_ldm.iss
[2011/01/03 15:27:38 | 000,002,996 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/01/03 15:27:27 | 000,002,993 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2011/01/03 15:27:14 | 000,002,863 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/01/03 15:27:04 | 000,002,856 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2011/01/03 15:26:54 | 000,002,865 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/01/03 15:26:44 | 000,002,894 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2011/01/03 15:26:36 | 000,002,830 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/01/03 15:26:18 | 000,002,873 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/01/03 15:24:27 | 000,010,999 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/01/03 15:24:21 | 000,346,800 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/01/03 15:24:21 | 000,014,639 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/01/03 01:01:14 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2011/01/03 01:01:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2010/07/11 10:36:19 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\WebpageIcons.db
[2010/07/09 17:37:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/18 21:08:58 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\wsoviedsini.dll
[2010/05/18 21:08:41 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2010/04/17 23:51:53 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/03/18 23:18:22 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2009/10/26 21:09:22 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/10/11 00:37:30 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/10/10 22:16:08 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Application Data\AVSMediaPlayer.m3u
[2009/10/10 22:07:45 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/10 22:07:45 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/10 18:56:30 | 000,350,299 | ---- | C] () -- C:\WINDOWS\System32\drivers\VdCap03C.sys
[2009/10/10 18:56:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\VfwExtC.dll
[2009/10/10 18:56:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VfwECamC.dll
[2009/10/10 18:56:29 | 000,015,190 | ---- | C] () -- C:\WINDOWS\VdTwn03C.ini
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH3111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH2111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH0121.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH0111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF3111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF2111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF0121.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF0111.bin
[2009/10/10 15:27:23 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/10/10 15:27:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/10/10 15:27:23 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/10/10 15:27:16 | 000,595,968 | ---- | C] () -- C:\WINDOWS\System32\WatchPower.exe
[2009/10/10 15:27:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PowerOff.exe
[2008/04/23 18:34:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007/10/10 13:02:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2007/10/10 13:02:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2007/10/10 13:02:38 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2007/10/10 12:58:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/10/10 12:58:19 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/10/10 12:38:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/10 00:53:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/10 00:53:10 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/09 22:12:03 | 001,247,400 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2007/10/09 22:11:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/10/09 22:11:47 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2007/10/09 22:10:52 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/10/09 22:10:18 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2007/10/09 22:08:47 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/10/09 22:01:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2007/10/09 21:52:46 | 000,001,428 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2007/10/09 21:52:24 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2007/10/09 21:52:24 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/10/09 21:52:11 | 000,033,860 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/10/09 21:52:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/10/09 21:51:57 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/10/09 21:44:23 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2007/10/09 21:42:32 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/09 21:42:30 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/09 21:42:30 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/09 21:42:30 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/09 21:42:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/09 21:42:30 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/09 21:42:30 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/09 21:42:29 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/09 21:42:29 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/09 21:39:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/10/09 21:36:36 | 000,207,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/09 21:14:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/10/09 21:10:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/08/16 05:23:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gpyapi.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/09/13 12:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2006/08/11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/11 15:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/11 15:49:24 | 000,323,640 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/08/11 15:49:24 | 000,044,567 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/08/11 15:45:18 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/08/11 15:45:08 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2006/08/11 15:43:26 | 000,265,042 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2006/08/11 15:43:20 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/11 15:43:18 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/11 15:43:04 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/08/11 15:43:04 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/08/11 15:43:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2006/05/23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/08/04 00:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/10 14:42:20 | 000,013,600 | ---- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2003/03/09 05:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 13:00:00 | 000,443,062 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 000,071,592 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/09/25 14:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitDefender
[2011/10/04 23:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/10/09 22:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/04/10 18:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/04/10 18:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/04/22 15:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/03/18 23:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD X Studios
[2010/08/17 21:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2010/08/17 21:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2010/08/17 21:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2007/10/10 13:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2011/07/03 16:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2007/10/09 23:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/23 20:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/10/09 23:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{56759C22-EA1E-4BE5-A903-72F67D450F43}
[2007/10/09 22:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\BitDefender
[2011/04/22 15:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Canon
[2011/03/05 14:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\dBpoweramp
[2010/11/28 13:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\GrabPro
[2011/06/02 23:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Ildi
[2009/10/10 15:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\InterTrust
[2010/08/05 20:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Leadertech
[2011/02/20 11:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\MaxTV Technologies
[2010/04/11 20:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\MSNInstaller
[2010/11/28 13:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Orbit
[2010/08/17 21:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\PPLive
[2010/11/28 13:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\ProgSense
[2011/09/20 22:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\QuickScan
[2011/07/03 16:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Samsung
[2007/10/10 13:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\SPSSInc
[2009/10/20 20:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\StreamTorrent
[2011/09/09 00:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\uTorrent
[2011/09/18 12:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\VoipDiscount
[2010/10/17 10:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\vShare

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\Thierry 200910\75:Color

< End of report >
  • 0

Advertisements

#17
CompCav
Posted 10 October 2011 - 07:09 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

  • Download OTL to your Desktop or use the one you already have.
    If you still cannot run exe files try these two downloads, one is a .com and the other a .scr.
    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Select Use Safe List under Extra Registry Make sure you do this step!
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    /md5start
    iexplore.exe
    bdod.bin
    cis-2.4.dll
    issacapi_bs-2.3.dll
    issacapi_pe-2.3.dll
    issacapi_se-2.3.dll
    /md5stop


    or here is a text file for you to copy over to the infected computer, you can then place the contents the Custom Scans/Fixes box.

    Attached File  scan.txt   130bytes   130 downloads
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open OTL.Txt in Notepad window and the Extras.txt file on the task bar.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file, the Extras.txt file, and post them with your next reply.


Step 2.

Please Post:

OTL.txt
Extras.txt
  • 0

#18
tttezzza
Posted 11 October 2011 - 03:49 PM

tttezzza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
hi,

Needed quite a few attempts, it seems the virus was trying to block OTL from running and then opened 59 sessions of it. :)

I managed to get the few logs you mentioned.

Best Regards

T
:yes:

Attached Files

  • Attached File  OTL.Txt   144.03KB   116 downloads
  • Attached File  Extras.Txt   46.32KB   147 downloads

  • 0

#19
CompCav
Posted 11 October 2011 - 06:58 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please rerun otl without the extras clicked but make sure you use this:

Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
/md5start
iexplore.exe
bdod.bin
cis-2.4.dll
issacapi_bs-2.3.dll
issacapi_pe-2.3.dll
issacapi_se-2.3.dll
/md5stop


or the attached file in post #17 to check those files.

Thanks,

CompCav
  • 0

#20
CompCav
Posted 12 October 2011 - 01:02 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OK we are making some progress. Just hang in there :)


Step 1.

OTL Fix

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http://88.191.120.211:3128
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Toolbars present
[2011/09/24 21:59:46 | 000,005,036 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ihfeumzb.qzk
[2011/09/24 22:18:12 | 004,223,304 | R--- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\CopFix.exe
[2011/07/03 21:48:26 | 000,012,288 | --S- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\8kum22k6t217qt6t0fs10d51118ydm
[2011/07/03 21:48:26 | 000,012,288 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\8kum22k6t217qt6t0fs10d51118ydm


:files
C:\Documents and Settings\Thierry 200910\Desktop\CompFix.exe
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[Reboot]

    or use the attached file fix.txt if it helps to get it on the infected machine.

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: You have SP3, use the SP2 package.


---------------------------------------------------------------------

Delete your old copy of ComboFix from your desktop. Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.(Avast, BitDefender, & SpyBot Teatimer) They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.


Step 3.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image


Step 4.

Please post:

OTL fix log
ComboFix.txt
AVp thread detection log

Please attach:

avptool sysinfo.zip

Please tell me how your programs are running and if your internet is back.
  • 0

#21
tttezzza
Posted 12 October 2011 - 05:01 PM

tttezzza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
:)

Hi,
Thks again, here are the logs you requested.

Regards
T
PS i still cannot launch internet explorer (says i dont have access rights) and cannot connect to wireless internet... :yes:

All processes killed
========== OTL ==========
HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars\ not found.
Registry key HKEY_USERS\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Toolbars\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\ihfeumzb.qzk moved successfully.
C:\Documents and Settings\Thierry 200910\Desktop\CopFix.exe moved successfully.
C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\8kum22k6t217qt6t0fs10d51118ydm moved successfully.
C:\Documents and Settings\All Users\Application Data\8kum22k6t217qt6t0fs10d51118ydm moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Thierry 200910\Desktop\CompFix.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\Thierry 200910\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Thierry 200910\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Thierry 200910
->Temp folder emptied: 14954551 bytes
->Temporary Internet Files folder emptied: 323593 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38820602 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3094966 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2973291 bytes
%systemroot%\System32 .tmp files removed: 2932753 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2176 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Thierry 200910
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10122011_215519

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...












ComboFix 11-10-10.04 - Thierry 200910 12/10/2011 22:07:21.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.370 [GMT 1:00]
Running from: c:\documents and settings\Thierry 200910\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Thierry 200910\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\THIERR~1\LOCALS~1\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\documents and settings\Thierry 200910\Local Settings\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 20:55 . 2011-10-12 20:55 -------- d-----w- C:\_OTL
2011-10-10 22:39 . 2011-10-10 22:39 -------- d-----w- C:\!KillBox
2011-10-04 22:15 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-04 22:15 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-04 22:15 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-04 22:15 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-04 22:15 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-04 22:15 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-10-04 22:15 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-10-04 22:15 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-10-04 22:14 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-04 22:14 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-26 21:03 . 2011-09-26 21:03 -------- d-----w- c:\documents and settings\Thierry 200910\DoctorWeb
2011-09-25 18:51 . 2011-09-25 18:51 -------- d-----w- c:\program files\SecurityXploded
2011-09-25 13:00 . 2011-09-25 13:13 -------- d-----w- c:\documents and settings\Administrator
2011-09-24 21:20 . 2011-10-04 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-24 21:20 . 2011-10-02 18:33 -------- d-----w- c:\program files\AVAST Software
2011-09-24 20:59 . 2011-09-24 20:59 -------- d-----w- C:\RRTVAULT
2011-09-24 19:28 . 2011-09-24 19:28 -------- d-----w- c:\documents and settings\Thierry 200910\Application Data\SUPERAntiSpyware.com
2011-09-24 19:28 . 2011-09-24 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-23 19:28 . 2010-11-09 13:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-23 19:28 . 2010-11-09 13:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-09-23 19:28 . 2011-09-23 19:28 -------- d-----w- C:\VIPRERESCUE
2011-09-20 21:46 . 2011-09-20 21:46 -------- d-----w- c:\documents and settings\Thierry 200910\Application Data\QuickScan
2011-09-20 20:54 . 2011-09-20 20:54 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 21:32 . 2004-08-03 21:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-08-31 16:00 . 2009-10-11 13:55 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 09:42 . 2011-05-22 16:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-14 16:41 . 2011-06-17 22:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-01-11 21:40 . 2010-07-10 22:09 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie8\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-09-25_13.12.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-09 20:15 . 2011-10-04 22:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-09 20:15 . 2011-08-14 08:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-10 23:37 . 2011-10-12 21:19 81984 c:\windows\system32\bdod.bin
- 2009-10-10 23:37 . 2011-09-11 00:32 81984 c:\windows\system32\bdod.bin
+ 2011-09-25 17:15 . 2011-09-25 17:15 262144 c:\windows\system32\config\systemprofile\NtUser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-10 39408]
"PPAP"="c:\program files\Common Files\PPLiveNetwork\PPAP.exe" [2010-09-20 185784]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-01-29 2157064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"nwiz"="nwiz.exe" [2008-01-08 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2011-02-06 843144]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-10-10 69632]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Spyhunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 847872]
"XpDis0Conf"="c:\progra~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe" [2004-02-23 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"CTHelper"="CTHELPER.EXE" [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"TVTool"="c:\program files\TVTool\TVTool.exe" [2004-09-19 368128]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-22 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2007-10-9 155715]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\uusee\\UUSeePlayer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\PPLiveNetwork\\PPAP.exe"=
"e:\\Gaming\\fifa11\\Game\\fifa.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\TVO\\ressources\\mplayer.exe"=
"c:\\TVO\\TVO.exe"=
"c:\\Program Files\\Vidalia Bundle\\Polipo\\polipo.exe"=
"c:\\Program Files\\Vidalia Bundle\\Tor\\tor.exe"=
"c:\\Program Files\\Vidalia Bundle\\Vidalia\\vidalia.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8118:TCP"= 8118:TCP:8118
"9050:TCP"= 9050:TCP:9050
"8123:TCP"= 8123:TCP:8123
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [04/10/2011 23:15 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/10/2011 23:15 320856]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [23/09/2011 20:28 98392]
R1 tvtool;tvtool;c:\program files\TVTool\TVTOOL.SYS [03/04/1996 19:33 5248]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/10/2011 23:15 20568]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [02/07/2008 13:07 82696]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [11/08/2006 15:56 8192]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [12/08/2008 18:40 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [14/08/2008 18:54 104456]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\THIERR~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\THIERR~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\THIERR~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\THIERR~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 14:03 133104]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 13:06 118784]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [03/07/2011 16:40 76088]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [03/07/2011 16:38 20032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 14:03 133104]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [03/07/2011 16:40 181432]
S3 TrueSight;TrueSight;\??\c:\documents and settings\Thierry 200910\Desktop\TrueSight.sys --> c:\documents and settings\Thierry 200910\Desktop\TrueSight.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 13:03]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 13:03]
.
2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1003Core.job
- c:\documents and settings\Thierry 200910\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 13:03]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1003UA.job
- c:\documents and settings\Thierry 200910\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 13:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D3B3A3FD-03D2-49EF-95B2-A870D4D2BDBA}: NameServer = 87.194.255.155
FF - ProfilePath - c:\documents and settings\Thierry 200910\Application Data\Mozilla\Firefox\Profiles\5whqlwjh.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-12 22:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(2972)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSENG.DLL
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\windows\system32\wscntfy.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2011-10-12 22:29:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-12 21:29
ComboFix2.txt 2011-10-10 23:08
ComboFix3.txt 2011-09-25 13:16
.
Pre-Run: 39,334,699,008 bytes free
Post-Run: 39,297,867,776 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 7F4E2703292D95894FE079282DBEA2C7









Status: Deleted (events: 1)
12/10/2011 23:19:08 Deleted Trojan program Backdoor.Win32.ZAccess.ang C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir High

Attached Files


  • 0

#22
CompCav
Posted 12 October 2011 - 06:01 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thanks for the logs they will help me plan the next step. :)

Overall:

How is the computer performing as far as running programs, startup, etc?


The Internet:

Does wired internet run?

If so do other browsers run?

If so which Browsers run??


Thanks,

CompCav
  • 0

#23
CompCav
Posted 13 October 2011 - 01:18 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please answer the questions in my previous post!


Step 1.


Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2.

OTL Fix

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
MOD - [2011/10/11 00:01:23 | 000,055,816 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Local Settings\temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll


:files
C:\Documents and Settings\Thierry 200910\Local Settings\temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
C:\Documents and Settings\Thierry 200910\Local Settings\temp\b01d42a6-0948-4bd0-8dea-54d68f50a791
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
ipconfig /all /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 3.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    C:\WINDOWS\assembly\GAC_MSIL\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.


Step 4.

Please post the following logs:


TDSSKiller log
OTL fix
OTL.txt
Extras.txt

Please tell me how the computer is running and the wired and wireless internet.
  • 0

#24
tttezzza
Posted 13 October 2011 - 01:49 PM

tttezzza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi,
Sorry for slow reply I was tied up at work all day..
I only have wireless internet I don't have a cable.. But it seems the adaptor is blocked, I can't even scan for wireless networks.
I can't run ie, but firefox is fine..
Apart from that other programs like ms office are ok ..
  • 0

#25
CompCav
Posted 13 October 2011 - 02:06 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thanks so your FireFox connects but the wireless search does not work and other programs are fine.

Please do the steps in post #23 and we will go from there!! :)

Thanks,

CompCav
  • 0

Advertisements

#26
tttezzza
Posted 13 October 2011 - 03:32 PM

tttezzza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
hi,
i followed the instructions but no 'extra.txt' came up, either as a pop or a saved file on the desktop..?

i tried several times..!

regards

T

Attached Files


  • 0

#27
CompCav
Posted 13 October 2011 - 03:49 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please read carefully!! You did not click fix on step 2 you clicked scan.

Step 2 is a fix, you need to use that information in the code box and click fix.


Step 3. is just an OTL scan so please do step 2 first then step 3 to confirm that the removals have completed properly.

Thanks,

CompCav
  • 0

#28
CompCav
Posted 13 October 2011 - 03:49 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Also please post the scans do not attach them.
  • 0

#29
tttezzza
Posted 13 October 2011 - 04:18 PM

tttezzza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi,
sorry again about that.

Here are the logs. The PC still does not work, it's same situation as before.
Regards
T

21:36:16.0703 2816 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
21:36:16.0718 2816 ============================================================
21:36:16.0718 2816 Current date / time: 2011/10/13 21:36:16.0718
21:36:16.0718 2816 SystemInfo:
21:36:16.0718 2816
21:36:16.0718 2816 OS Version: 5.1.2600 ServicePack: 3.0
21:36:16.0718 2816 Product type: Workstation
21:36:16.0718 2816 ComputerName: THIERRY
21:36:16.0718 2816 UserName: Thierry 200910
21:36:16.0718 2816 Windows directory: C:\WINDOWS
21:36:16.0718 2816 System windows directory: C:\WINDOWS
21:36:16.0718 2816 Processor architecture: Intel x86
21:36:16.0718 2816 Number of processors: 2
21:36:16.0718 2816 Page size: 0x1000
21:36:16.0718 2816 Boot type: Normal boot
21:36:16.0718 2816 ============================================================
21:36:18.0343 2816 Initialize success
21:36:44.0500 2740 ============================================================
21:36:44.0500 2740 Scan started
21:36:44.0500 2740 Mode: Manual; SigCheck; TDLFS;
21:36:44.0500 2740 ============================================================
21:36:44.0796 2740 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
21:36:44.0890 2740 Aavmker4 - ok
21:36:44.0921 2740 Abiosdsk - ok
21:36:44.0937 2740 abp480n5 - ok
21:36:45.0015 2740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:36:45.0218 2740 ACPI - ok
21:36:45.0281 2740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:36:45.0406 2740 ACPIEC - ok
21:36:45.0437 2740 adpu160m - ok
21:36:45.0515 2740 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
21:36:45.0625 2740 aec - ok
21:36:45.0687 2740 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
21:36:45.0734 2740 AFD - ok
21:36:45.0796 2740 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
21:36:45.0906 2740 AFS2K - ok
21:36:45.0953 2740 Aha154x - ok
21:36:46.0000 2740 aic78u2 - ok
21:36:46.0031 2740 aic78xx - ok
21:36:46.0062 2740 AliIde - ok
21:36:46.0078 2740 amsint - ok
21:36:46.0156 2740 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:36:46.0265 2740 Arp1394 - ok
21:36:46.0312 2740 asc - ok
21:36:46.0343 2740 asc3350p - ok
21:36:46.0375 2740 asc3550 - ok
21:36:46.0453 2740 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:36:46.0453 2740 aswFsBlk - ok
21:36:46.0500 2740 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
21:36:46.0515 2740 aswMon2 - ok
21:36:46.0562 2740 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
21:36:46.0562 2740 aswRdr - ok
21:36:46.0609 2740 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
21:36:46.0640 2740 aswSnx - ok
21:36:46.0718 2740 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
21:36:46.0734 2740 aswSP - ok
21:36:46.0781 2740 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
21:36:46.0781 2740 aswTdi - ok
21:36:46.0828 2740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:36:46.0953 2740 AsyncMac - ok
21:36:47.0000 2740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:36:47.0109 2740 atapi - ok
21:36:47.0156 2740 Atdisk - ok
21:36:47.0203 2740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:36:47.0312 2740 Atmarpc - ok
21:36:47.0390 2740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:36:47.0500 2740 audstub - ok
21:36:47.0593 2740 BCM43XX (ae96075a3aed5c40f1ead477ea94acd7) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:36:47.0609 2740 BCM43XX ( UnsignedFile.Multi.Generic ) - warning
21:36:47.0609 2740 BCM43XX - detected UnsignedFile.Multi.Generic (1)
21:36:47.0656 2740 bdfm (ced6717bd8b67284afcf692b9316b464) C:\WINDOWS\system32\drivers\bdfm.sys
21:36:47.0656 2740 bdfm - ok
21:36:47.0718 2740 Bdfndisf (dd3a1af8bdacbf45919f087caa99579b) C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
21:36:47.0718 2740 Bdfndisf - ok
21:36:47.0781 2740 bdfsfltr (70975049e22b2efec260816cf505e6e7) C:\WINDOWS\system32\drivers\bdfsfltr.sys
21:36:47.0796 2740 bdfsfltr - ok
21:36:47.0937 2740 bdftdif (a7bdb1958d9b8245a0ba83f46abb630c) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
21:36:47.0937 2740 bdftdif - ok
21:36:48.0000 2740 BDSelfPr (5eaf583c0b1cc2499761ea3b065f5db2) C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys
21:36:48.0015 2740 BDSelfPr ( UnsignedFile.Multi.Generic ) - warning
21:36:48.0015 2740 BDSelfPr - detected UnsignedFile.Multi.Generic (1)
21:36:48.0031 2740 BDVEDISK (bc79b27bc351436b07f57d80bec76036) C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys
21:36:48.0046 2740 BDVEDISK - ok
21:36:48.0109 2740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:36:48.0234 2740 Beep - ok
21:36:48.0328 2740 Cam5603C (af9faa8d1e739f875efc40f27937db3a) C:\WINDOWS\system32\Drivers\VdCap03C.sys
21:36:48.0390 2740 Cam5603C - ok
21:36:48.0437 2740 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
21:36:48.0437 2740 Cardex - ok
21:36:48.0437 2740 catchme - ok
21:36:48.0531 2740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:36:48.0656 2740 cbidf2k - ok
21:36:48.0718 2740 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:36:48.0843 2740 CCDECODE - ok
21:36:48.0890 2740 cd20xrnt - ok
21:36:48.0937 2740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:36:49.0062 2740 Cdaudio - ok
21:36:49.0109 2740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:36:49.0234 2740 Cdfs - ok
21:36:49.0265 2740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:36:49.0390 2740 Cdrom - ok
21:36:49.0421 2740 Changer - ok
21:36:49.0453 2740 CmdIde - ok
21:36:49.0484 2740 Cpqarray - ok
21:36:49.0578 2740 ctac32k (fb06bb39860340c6fa84867f0288d1dd) C:\WINDOWS\system32\drivers\ctac32k.sys
21:36:49.0671 2740 ctac32k - ok
21:36:49.0718 2740 ctaud2k (b810fa12cf726b200e057834eaebb1ac) C:\WINDOWS\system32\drivers\ctaud2k.sys
21:36:49.0765 2740 ctaud2k - ok
21:36:49.0890 2740 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys
21:36:49.0937 2740 ctdvda2k - ok
21:36:50.0031 2740 ctprxy2k (1fa95c8cf34b9911e352a07ea7a200fc) C:\WINDOWS\system32\drivers\ctprxy2k.sys
21:36:50.0109 2740 ctprxy2k - ok
21:36:50.0156 2740 ctsfm2k (400cb754b91f73bee2655686a57269d2) C:\WINDOWS\system32\drivers\ctsfm2k.sys
21:36:50.0171 2740 ctsfm2k - ok
21:36:50.0203 2740 dac2w2k - ok
21:36:50.0234 2740 dac960nt - ok
21:36:50.0296 2740 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
21:36:50.0312 2740 dgderdrv - ok
21:36:50.0375 2740 dg_ssudbus (846517582e1ddbde54fd2fdb60b6aa3a) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:36:50.0375 2740 dg_ssudbus - ok
21:36:50.0453 2740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:36:50.0578 2740 Disk - ok
21:36:50.0656 2740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:36:50.0859 2740 dmboot - ok
21:36:50.0906 2740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:36:51.0093 2740 dmio - ok
21:36:51.0140 2740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:36:51.0250 2740 dmload - ok
21:36:51.0328 2740 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
21:36:51.0406 2740 DMusic - ok
21:36:51.0453 2740 dpti2o - ok
21:36:51.0500 2740 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
21:36:51.0593 2740 drmkaud - ok
21:36:51.0625 2740 dwshd - ok
21:36:51.0687 2740 emupia (7bb488ec082d40645936d9e583f560dc) C:\WINDOWS\system32\drivers\emupia2k.sys
21:36:51.0718 2740 emupia - ok
21:36:51.0812 2740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:36:51.0937 2740 Fastfat - ok
21:36:52.0000 2740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:36:52.0109 2740 Fdc - ok
21:36:52.0156 2740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:36:52.0281 2740 Fips - ok
21:36:52.0328 2740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:36:52.0421 2740 Flpydisk - ok
21:36:52.0468 2740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:36:52.0578 2740 FltMgr - ok
21:36:52.0640 2740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:36:52.0750 2740 Fs_Rec - ok
21:36:52.0828 2740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:36:53.0000 2740 Ftdisk - ok
21:36:53.0078 2740 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:36:53.0171 2740 gameenum - ok
21:36:53.0250 2740 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:36:53.0250 2740 GEARAspiWDM - ok
21:36:53.0296 2740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:36:53.0390 2740 Gpc - ok
21:36:53.0453 2740 ha10kx2k (9bb84b1dff8bce7fdddea746f6819fcf) C:\WINDOWS\system32\drivers\ha10kx2k.sys
21:36:53.0546 2740 ha10kx2k - ok
21:36:53.0703 2740 hap16v2k (1418833169b29780fbdab127623b8767) C:\WINDOWS\system32\drivers\hap16v2k.sys
21:36:53.0750 2740 hap16v2k - ok
21:36:53.0859 2740 hap17v2k (8b3148391dc121d96d513785d588e75b) C:\WINDOWS\system32\drivers\hap17v2k.sys
21:36:53.0875 2740 hap17v2k - ok
21:36:53.0953 2740 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:36:54.0062 2740 HDAudBus - ok
21:36:54.0109 2740 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:36:54.0218 2740 hidusb - ok
21:36:54.0250 2740 hpn - ok
21:36:54.0328 2740 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:36:54.0359 2740 HPZid412 - ok
21:36:54.0406 2740 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:36:54.0437 2740 HPZipr12 - ok
21:36:54.0484 2740 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:36:54.0515 2740 HPZius12 - ok
21:36:54.0593 2740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:36:54.0640 2740 HTTP - ok
21:36:54.0671 2740 i2omgmt - ok
21:36:54.0703 2740 i2omp - ok
21:36:54.0765 2740 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:36:54.0890 2740 i8042prt - ok
21:36:55.0000 2740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:36:55.0109 2740 Imapi - ok
21:36:55.0140 2740 ini910u - ok
21:36:55.0218 2740 IntelIde - ok
21:36:55.0312 2740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:36:55.0421 2740 Ip6Fw - ok
21:36:55.0500 2740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:36:55.0625 2740 IpFilterDriver - ok
21:36:55.0687 2740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:36:55.0812 2740 IpInIp - ok
21:36:55.0875 2740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:36:56.0031 2740 IpNat - ok
21:36:56.0093 2740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:36:56.0140 2740 IRENUM - ok
21:36:56.0187 2740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:36:56.0281 2740 isapnp - ok
21:36:56.0375 2740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:36:56.0484 2740 Kbdclass - ok
21:36:56.0531 2740 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:36:56.0640 2740 kbdhid - ok
21:36:56.0703 2740 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
21:36:56.0781 2740 kmixer - ok
21:36:56.0875 2740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:36:56.0937 2740 KSecDD - ok
21:36:56.0984 2740 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
21:36:56.0984 2740 L8042Kbd - ok
21:36:57.0031 2740 lbrtfdc - ok
21:36:57.0093 2740 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:36:57.0109 2740 LHidFilt - ok
21:36:57.0140 2740 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:36:57.0156 2740 LMouFilt - ok
21:36:57.0218 2740 MDC8021X (e68cf7be06219f22ed5d3a36159424dc) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
21:36:57.0218 2740 MDC8021X ( UnsignedFile.Multi.Generic ) - warning
21:36:57.0218 2740 MDC8021X - detected UnsignedFile.Multi.Generic (1)
21:36:57.0281 2740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:36:57.0406 2740 mnmdd - ok
21:36:57.0468 2740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:36:57.0562 2740 Modem - ok
21:36:57.0640 2740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:36:57.0750 2740 Mouclass - ok
21:36:57.0812 2740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:36:57.0921 2740 mouhid - ok
21:36:57.0984 2740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:36:58.0109 2740 MountMgr - ok
21:36:58.0140 2740 mraid35x - ok
21:36:58.0171 2740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:36:58.0281 2740 MRxDAV - ok
21:36:58.0375 2740 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:36:58.0406 2740 MRxSmb - ok
21:36:58.0484 2740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:36:58.0593 2740 Msfs - ok
21:36:58.0656 2740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:36:58.0750 2740 MSKSSRV - ok
21:36:58.0812 2740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:36:58.0937 2740 MSPCLOCK - ok
21:36:59.0000 2740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:36:59.0109 2740 MSPQM - ok
21:36:59.0171 2740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:36:59.0281 2740 mssmbios - ok
21:36:59.0328 2740 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:36:59.0437 2740 MSTEE - ok
21:36:59.0515 2740 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:36:59.0546 2740 MTsensor - ok
21:36:59.0593 2740 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:36:59.0687 2740 Mup - ok
21:36:59.0734 2740 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:36:59.0859 2740 NABTSFEC - ok
21:36:59.0921 2740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:37:00.0031 2740 NDIS - ok
21:37:00.0078 2740 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:37:00.0187 2740 NdisIP - ok
21:37:00.0234 2740 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:37:00.0328 2740 NdisTapi - ok
21:37:00.0359 2740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:37:00.0453 2740 Ndisuio - ok
21:37:00.0484 2740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:37:00.0578 2740 NdisWan - ok
21:37:00.0640 2740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:37:00.0687 2740 NDProxy - ok
21:37:00.0718 2740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:37:00.0828 2740 NetBIOS - ok
21:37:00.0890 2740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:37:01.0031 2740 NetBT - ok
21:37:01.0109 2740 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:37:01.0218 2740 NIC1394 - ok
21:37:01.0265 2740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:37:01.0359 2740 Npfs - ok
21:37:01.0406 2740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:37:01.0546 2740 Ntfs - ok
21:37:01.0625 2740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:37:01.0734 2740 Null - ok
21:37:02.0000 2740 nv (54281e0eeb10143ec4327bb5d123f125) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:37:02.0484 2740 nv - ok
21:37:02.0546 2740 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\DRIVERS\nvata.sys
21:37:02.0593 2740 nvata - ok
21:37:02.0640 2740 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:37:02.0671 2740 NVENETFD - ok
21:37:02.0718 2740 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:37:02.0750 2740 nvnetbus - ok
21:37:02.0828 2740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:37:02.0921 2740 NwlnkFlt - ok
21:37:02.0968 2740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:37:03.0062 2740 NwlnkFwd - ok
21:37:03.0109 2740 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:37:03.0218 2740 ohci1394 - ok
21:37:03.0296 2740 ossrv (01e1ab8249f9dde5978c6b4af18eda7c) C:\WINDOWS\system32\drivers\ctoss2k.sys
21:37:03.0328 2740 ossrv - ok
21:37:03.0375 2740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:37:03.0500 2740 Parport - ok
21:37:03.0578 2740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:37:03.0703 2740 PartMgr - ok
21:37:03.0796 2740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:37:03.0890 2740 ParVdm - ok
21:37:03.0937 2740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:37:04.0031 2740 PCI - ok
21:37:04.0078 2740 PCIDump - ok
21:37:04.0125 2740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:37:04.0218 2740 PCIIde - ok
21:37:04.0296 2740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:37:04.0406 2740 Pcmcia - ok
21:37:04.0453 2740 PDCOMP - ok
21:37:04.0500 2740 PDFRAME - ok
21:37:04.0546 2740 PDRELI - ok
21:37:04.0578 2740 PDRFRAME - ok
21:37:04.0625 2740 perc2 - ok
21:37:04.0671 2740 perc2hib - ok
21:37:04.0750 2740 PfDetNT (fda352035c58a5c0ca6de13e66c0bf80) C:\WINDOWS\system32\drivers\PfModNT.sys
21:37:04.0765 2740 PfDetNT - ok
21:37:04.0843 2740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:37:04.0968 2740 PptpMiniport - ok
21:37:05.0015 2740 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:37:05.0125 2740 Processor - ok
21:37:05.0265 2740 Profos (1bfe86c679a43994e36e623fb6898cdb) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
21:37:05.0281 2740 Profos ( UnsignedFile.Multi.Generic ) - warning
21:37:05.0281 2740 Profos - detected UnsignedFile.Multi.Generic (1)
21:37:05.0328 2740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:37:05.0421 2740 PSched - ok
21:37:05.0484 2740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:37:05.0562 2740 Ptilink - ok
21:37:05.0625 2740 ql1080 - ok
21:37:05.0671 2740 Ql10wnt - ok
21:37:05.0703 2740 ql12160 - ok
21:37:05.0750 2740 ql1240 - ok
21:37:05.0796 2740 ql1280 - ok
21:37:05.0843 2740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:37:05.0937 2740 RasAcd - ok
21:37:05.0984 2740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:37:06.0093 2740 Rasl2tp - ok
21:37:06.0156 2740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:37:06.0250 2740 RasPppoe - ok
21:37:06.0296 2740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:37:06.0390 2740 Raspti - ok
21:37:06.0437 2740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:37:06.0531 2740 Rdbss - ok
21:37:06.0609 2740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:37:06.0718 2740 RDPCDD - ok
21:37:06.0781 2740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:37:06.0921 2740 rdpdr - ok
21:37:06.0984 2740 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:37:07.0078 2740 RDPWD - ok
21:37:07.0140 2740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:37:07.0234 2740 redbook - ok
21:37:07.0390 2740 SASDIFSV - ok
21:37:07.0406 2740 SASKUTIL - ok
21:37:07.0484 2740 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
21:37:07.0484 2740 SBRE - ok
21:37:07.0562 2740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:37:07.0625 2740 Secdrv - ok
21:37:07.0703 2740 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:37:07.0812 2740 serenum - ok
21:37:07.0843 2740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:37:07.0984 2740 Serial - ok
21:37:08.0046 2740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:37:08.0140 2740 Sfloppy - ok
21:37:08.0187 2740 Simbad - ok
21:37:08.0250 2740 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:37:08.0328 2740 SLIP - ok
21:37:08.0375 2740 Sparrow - ok
21:37:08.0453 2740 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
21:37:08.0531 2740 splitter - ok
21:37:08.0593 2740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:37:08.0656 2740 sr - ok
21:37:08.0750 2740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:37:08.0828 2740 Srv - ok
21:37:08.0937 2740 ssudmdm (a96126953bb5cbf83c5a8cd101a4ec23) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
21:37:08.0953 2740 ssudmdm - ok
21:37:09.0015 2740 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:37:09.0125 2740 streamip - ok
21:37:09.0187 2740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:37:09.0281 2740 swenum - ok
21:37:09.0375 2740 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
21:37:09.0390 2740 swmidi ( UnsignedFile.Multi.Generic ) - warning
21:37:09.0390 2740 swmidi - detected UnsignedFile.Multi.Generic (1)
21:37:09.0437 2740 symc810 - ok
21:37:09.0468 2740 symc8xx - ok
21:37:09.0515 2740 sym_hi - ok
21:37:09.0562 2740 sym_u3 - ok
21:37:09.0671 2740 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
21:37:09.0750 2740 sysaudio - ok
21:37:09.0828 2740 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
21:37:09.0843 2740 taphss - ok
21:37:09.0921 2740 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
21:37:09.0921 2740 TBPanel - ok
21:37:10.0015 2740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:37:10.0078 2740 Tcpip - ok
21:37:10.0156 2740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:37:10.0265 2740 TDPIPE - ok
21:37:10.0312 2740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:37:10.0406 2740 TDTCP - ok
21:37:10.0468 2740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:37:10.0562 2740 TermDD - ok
21:37:10.0609 2740 TosIde - ok
21:37:10.0734 2740 TrueSight - ok
21:37:10.0890 2740 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
21:37:10.0906 2740 Trufos ( UnsignedFile.Multi.Generic ) - warning
21:37:10.0906 2740 Trufos - detected UnsignedFile.Multi.Generic (1)
21:37:11.0000 2740 tvtool (77ebf3e9386daa51551af429052d88d0) C:\Program Files\TVTool\tvtool.sys
21:37:11.0000 2740 tvtool ( UnsignedFile.Multi.Generic ) - warning
21:37:11.0000 2740 tvtool - detected UnsignedFile.Multi.Generic (1)
21:37:11.0062 2740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:37:11.0156 2740 Udfs - ok
21:37:11.0218 2740 ultra - ok
21:37:11.0296 2740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:37:11.0390 2740 Update - ok
21:37:11.0484 2740 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:37:11.0531 2740 USBAAPL - ok
21:37:11.0593 2740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:37:11.0687 2740 usbccgp - ok
21:37:11.0750 2740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:37:11.0843 2740 usbehci - ok
21:37:11.0906 2740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:37:12.0015 2740 usbhub - ok
21:37:12.0062 2740 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:37:12.0156 2740 usbohci - ok
21:37:12.0234 2740 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:37:12.0328 2740 usbprint - ok
21:37:12.0406 2740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:37:12.0500 2740 usbscan - ok
21:37:12.0562 2740 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:37:12.0671 2740 USBSTOR - ok
21:37:12.0734 2740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:37:12.0828 2740 usbuhci - ok
21:37:12.0890 2740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:37:12.0968 2740 VgaSave - ok
21:37:13.0015 2740 ViaIde - ok
21:37:13.0078 2740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:37:13.0187 2740 VolSnap - ok
21:37:13.0265 2740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:37:13.0343 2740 Wanarp - ok
21:37:13.0453 2740 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:37:13.0484 2740 Wdf01000 - ok
21:37:13.0562 2740 WDICA - ok
21:37:13.0671 2740 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
21:37:13.0796 2740 wdmaud - ok
21:37:13.0921 2740 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:37:13.0937 2740 WpdUsb - ok
21:37:14.0000 2740 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:37:14.0109 2740 WSTCODEC - ok
21:37:14.0187 2740 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:37:14.0218 2740 WudfPf - ok
21:37:14.0281 2740 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:37:14.0296 2740 WudfRd - ok
21:37:14.0343 2740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:37:14.0484 2740 \Device\Harddisk0\DR0 - ok
21:37:14.0500 2740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:37:14.0546 2740 \Device\Harddisk1\DR1 - ok
21:37:14.0546 2740 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR4
21:37:17.0312 2740 \Device\Harddisk2\DR4 - ok
21:37:17.0343 2740 Boot (0x1200) (df0ae2f395d7a16ed380ca7412316d8c) \Device\Harddisk0\DR0\Partition0
21:37:17.0343 2740 \Device\Harddisk0\DR0\Partition0 - ok
21:37:17.0343 2740 Boot (0x1200) (7fd06214897e3a7619f26397cdeddd14) \Device\Harddisk2\DR4\Partition0
21:37:17.0343 2740 \Device\Harddisk2\DR4\Partition0 - ok
21:37:17.0343 2740 ============================================================
21:37:17.0343 2740 Scan finished
21:37:17.0343 2740 ============================================================
21:37:17.0453 2312 Detected object count: 7
21:37:17.0453 2312 Actual detected object count: 7
21:37:50.0531 2312 BCM43XX ( UnsignedFile.Multi.Generic ) - skipped by user
21:37:50.0531 2312 BCM43XX ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:37:50.0531 2312 BDSelfPr ( UnsignedFile.Multi.Generic ) - skipped by user
21:37:50.0531 2312 BDSelfPr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:37:50.0531 2312 MDC8021X ( UnsignedFile.Multi.Generic ) - skipped by user
21:37:50.0531 2312 MDC8021X ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:37:50.0531 2312 Profos ( UnsignedFile.Multi.Generic ) - skipped by user
21:37:50.0531 2312 Profos ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:37:50.0531 2312 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
21:37:50.0531 2312 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:37:50.0531 2312 Trufos ( UnsignedFile.Multi.Generic ) - skipped by user
21:37:50.0546 2312 Trufos ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:37:50.0546 2312 tvtool ( UnsignedFile.Multi.Generic ) - skipped by user
21:37:50.0546 2312 tvtool ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:38:13.0078 3308 ============================================================
21:38:13.0078 3308 Scan started
21:38:13.0078 3308 Mode: Manual; SigCheck; TDLFS;
21:38:13.0078 3308 ============================================================
21:38:13.0343 3308 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
21:38:13.0359 3308 Aavmker4 - ok
21:38:13.0406 3308 Abiosdsk - ok
21:38:13.0437 3308 abp480n5 - ok
21:38:13.0515 3308 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:38:13.0656 3308 ACPI - ok
21:38:13.0734 3308 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:38:13.0843 3308 ACPIEC - ok
21:38:13.0890 3308 adpu160m - ok
21:38:13.0984 3308 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
21:38:14.0062 3308 aec - ok
21:38:14.0140 3308 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
21:38:14.0171 3308 AFD - ok
21:38:14.0250 3308 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
21:38:14.0281 3308 AFS2K - ok
21:38:14.0328 3308 Aha154x - ok
21:38:14.0359 3308 aic78u2 - ok
21:38:14.0406 3308 aic78xx - ok
21:38:14.0453 3308 AliIde - ok
21:38:14.0484 3308 amsint - ok
21:38:14.0562 3308 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:38:14.0671 3308 Arp1394 - ok
21:38:14.0718 3308 asc - ok
21:38:14.0765 3308 asc3350p - ok
21:38:14.0812 3308 asc3550 - ok
21:38:14.0921 3308 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:38:14.0937 3308 aswFsBlk - ok
21:38:14.0984 3308 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
21:38:15.0000 3308 aswMon2 - ok
21:38:15.0046 3308 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
21:38:15.0062 3308 aswRdr - ok
21:38:15.0156 3308 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
21:38:15.0171 3308 aswSnx - ok
21:38:15.0250 3308 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
21:38:15.0250 3308 aswSP - ok
21:38:15.0343 3308 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
21:38:15.0343 3308 aswTdi - ok
21:38:15.0453 3308 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:38:15.0531 3308 AsyncMac - ok
21:38:15.0578 3308 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:38:15.0687 3308 atapi - ok
21:38:15.0734 3308 Atdisk - ok
21:38:15.0781 3308 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:38:15.0890 3308 Atmarpc - ok
21:38:15.0968 3308 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:38:16.0062 3308 audstub - ok
21:38:16.0171 3308 BCM43XX (ae96075a3aed5c40f1ead477ea94acd7) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:38:16.0171 3308 BCM43XX ( UnsignedFile.Multi.Generic ) - warning
21:38:16.0171 3308 BCM43XX - detected UnsignedFile.Multi.Generic (1)
21:38:16.0250 3308 bdfm (ced6717bd8b67284afcf692b9316b464) C:\WINDOWS\system32\drivers\bdfm.sys
21:38:16.0250 3308 bdfm - ok
21:38:16.0312 3308 Bdfndisf (dd3a1af8bdacbf45919f087caa99579b) C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
21:38:16.0312 3308 Bdfndisf - ok
21:38:16.0375 3308 bdfsfltr (70975049e22b2efec260816cf505e6e7) C:\WINDOWS\system32\drivers\bdfsfltr.sys
21:38:16.0390 3308 bdfsfltr - ok
21:38:16.0484 3308 bdftdif (a7bdb1958d9b8245a0ba83f46abb630c) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
21:38:16.0500 3308 bdftdif - ok
21:38:16.0546 3308 BDSelfPr (5eaf583c0b1cc2499761ea3b065f5db2) C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys
21:38:16.0562 3308 BDSelfPr ( UnsignedFile.Multi.Generic ) - warning
21:38:16.0562 3308 BDSelfPr - detected UnsignedFile.Multi.Generic (1)
21:38:16.0609 3308 BDVEDISK (bc79b27bc351436b07f57d80bec76036) C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys
21:38:16.0609 3308 BDVEDISK - ok
21:38:16.0687 3308 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:38:16.0781 3308 Beep - ok
21:38:16.0921 3308 Cam5603C (af9faa8d1e739f875efc40f27937db3a) C:\WINDOWS\system32\Drivers\VdCap03C.sys
21:38:16.0984 3308 Cam5603C - ok
21:38:17.0062 3308 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
21:38:17.0062 3308 Cardex - ok
21:38:17.0078 3308 catchme - ok
21:38:17.0156 3308 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:38:17.0265 3308 cbidf2k - ok
21:38:17.0343 3308 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:38:17.0437 3308 CCDECODE - ok
21:38:17.0484 3308 cd20xrnt - ok
21:38:17.0531 3308 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:38:17.0625 3308 Cdaudio - ok
21:38:17.0671 3308 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:38:17.0765 3308 Cdfs - ok
21:38:17.0812 3308 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:38:17.0906 3308 Cdrom - ok
21:38:17.0968 3308 Changer - ok
21:38:18.0031 3308 CmdIde - ok
21:38:18.0078 3308 Cpqarray - ok
21:38:18.0171 3308 ctac32k (fb06bb39860340c6fa84867f0288d1dd) C:\WINDOWS\system32\drivers\ctac32k.sys
21:38:18.0234 3308 ctac32k - ok
21:38:18.0296 3308 ctaud2k (b810fa12cf726b200e057834eaebb1ac) C:\WINDOWS\system32\drivers\ctaud2k.sys
21:38:18.0375 3308 ctaud2k - ok
21:38:18.0453 3308 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys
21:38:18.0500 3308 ctdvda2k - ok
21:38:18.0546 3308 ctprxy2k (1fa95c8cf34b9911e352a07ea7a200fc) C:\WINDOWS\system32\drivers\ctprxy2k.sys
21:38:18.0578 3308 ctprxy2k - ok
21:38:18.0640 3308 ctsfm2k (400cb754b91f73bee2655686a57269d2) C:\WINDOWS\system32\drivers\ctsfm2k.sys
21:38:18.0703 3308 ctsfm2k - ok
21:38:18.0734 3308 dac2w2k - ok
21:38:18.0812 3308 dac960nt - ok
21:38:18.0921 3308 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
21:38:18.0937 3308 dgderdrv - ok
21:38:19.0046 3308 dg_ssudbus (846517582e1ddbde54fd2fdb60b6aa3a) C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:38:19.0046 3308 dg_ssudbus - ok
21:38:19.0125 3308 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:38:19.0218 3308 Disk - ok
21:38:19.0312 3308 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:38:19.0406 3308 dmboot - ok
21:38:19.0468 3308 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:38:19.0578 3308 dmio - ok
21:38:19.0625 3308 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:38:19.0718 3308 dmload - ok
21:38:19.0812 3308 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
21:38:19.0890 3308 DMusic - ok
21:38:19.0953 3308 dpti2o - ok
21:38:20.0015 3308 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
21:38:20.0109 3308 drmkaud - ok
21:38:20.0140 3308 dwshd - ok
21:38:20.0218 3308 emupia (7bb488ec082d40645936d9e583f560dc) C:\WINDOWS\system32\drivers\emupia2k.sys
21:38:20.0234 3308 emupia - ok
21:38:20.0296 3308 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:38:20.0406 3308 Fastfat - ok
21:38:20.0453 3308 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:38:20.0562 3308 Fdc - ok
21:38:20.0609 3308 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:38:20.0718 3308 Fips - ok
21:38:20.0765 3308 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:38:20.0875 3308 Flpydisk - ok
21:38:20.0937 3308 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:38:21.0046 3308 FltMgr - ok
21:38:21.0125 3308 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:38:21.0218 3308 Fs_Rec - ok
21:38:21.0296 3308 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:38:21.0406 3308 Ftdisk - ok
21:38:21.0484 3308 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:38:21.0578 3308 gameenum - ok
21:38:21.0671 3308 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:38:21.0671 3308 GEARAspiWDM - ok
21:38:21.0734 3308 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:38:21.0828 3308 Gpc - ok
21:38:21.0953 3308 ha10kx2k (9bb84b1dff8bce7fdddea746f6819fcf) C:\WINDOWS\system32\drivers\ha10kx2k.sys
21:38:22.0031 3308 ha10kx2k - ok
21:38:22.0078 3308 hap16v2k (1418833169b29780fbdab127623b8767) C:\WINDOWS\system32\drivers\hap16v2k.sys
21:38:22.0109 3308 hap16v2k - ok
21:38:22.0187 3308 hap17v2k (8b3148391dc121d96d513785d588e75b) C:\WINDOWS\system32\drivers\hap17v2k.sys
21:38:22.0218 3308 hap17v2k - ok
21:38:22.0296 3308 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:38:22.0390 3308 HDAudBus - ok
21:38:22.0437 3308 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:38:22.0531 3308 hidusb - ok
21:38:22.0578 3308 hpn - ok
21:38:22.0656 3308 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:38:22.0671 3308 HPZid412 - ok
21:38:22.0734 3308 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:38:22.0765 3308 HPZipr12 - ok
21:38:22.0828 3308 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:38:22.0859 3308 HPZius12 - ok
21:38:23.0000 3308 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:38:23.0015 3308 HTTP - ok
21:38:23.0062 3308 i2omgmt - ok
21:38:23.0109 3308 i2omp - ok
21:38:23.0187 3308 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:38:23.0281 3308 i8042prt - ok
21:38:23.0328 3308 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:38:23.0406 3308 Imapi - ok
21:38:23.0453 3308 ini910u - ok
21:38:23.0500 3308 IntelIde - ok
21:38:23.0578 3308 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:38:23.0687 3308 Ip6Fw - ok
21:38:23.0765 3308 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:38:23.0875 3308 IpFilterDriver - ok
21:38:23.0937 3308 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:38:24.0046 3308 IpInIp - ok
21:38:24.0109 3308 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:38:24.0203 3308 IpNat - ok
21:38:24.0265 3308 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:38:24.0296 3308 IRENUM - ok
21:38:24.0359 3308 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:38:24.0453 3308 isapnp - ok
21:38:24.0546 3308 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:38:24.0625 3308 Kbdclass - ok
21:38:24.0671 3308 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:38:24.0765 3308 kbdhid - ok
21:38:24.0843 3308 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
21:38:24.0953 3308 kmixer - ok
21:38:25.0015 3308 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:38:25.0046 3308 KSecDD - ok
21:38:25.0109 3308 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
21:38:25.0109 3308 L8042Kbd - ok
21:38:25.0171 3308 lbrtfdc - ok
21:38:25.0250 3308 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:38:25.0250 3308 LHidFilt - ok
21:38:25.0296 3308 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:38:25.0312 3308 LMouFilt - ok
21:38:25.0375 3308 MDC8021X (e68cf7be06219f22ed5d3a36159424dc) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
21:38:25.0390 3308 MDC8021X ( UnsignedFile.Multi.Generic ) - warning
21:38:25.0390 3308 MDC8021X - detected UnsignedFile.Multi.Generic (1)
21:38:25.0468 3308 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:38:25.0562 3308 mnmdd - ok
21:38:25.0640 3308 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:38:25.0718 3308 Modem - ok
21:38:25.0812 3308 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:38:25.0906 3308 Mouclass - ok
21:38:25.0984 3308 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:38:26.0078 3308 mouhid - ok
21:38:26.0125 3308 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:38:26.0218 3308 MountMgr - ok
21:38:26.0265 3308 mraid35x - ok
21:38:26.0312 3308 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:38:26.0406 3308 MRxDAV - ok
21:38:26.0500 3308 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:38:26.0515 3308 MRxSmb - ok
21:38:26.0593 3308 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:38:26.0703 3308 Msfs - ok
21:38:26.0765 3308 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:38:26.0843 3308 MSKSSRV - ok
21:38:26.0921 3308 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:38:27.0015 3308 MSPCLOCK - ok
21:38:27.0078 3308 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:38:27.0171 3308 MSPQM - ok
21:38:27.0250 3308 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:38:27.0328 3308 mssmbios - ok
21:38:27.0390 3308 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:38:27.0500 3308 MSTEE - ok
21:38:27.0578 3308 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:38:27.0593 3308 MTsensor - ok
21:38:27.0656 3308 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:38:27.0734 3308 Mup - ok
21:38:27.0796 3308 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:38:27.0906 3308 NABTSFEC - ok
21:38:27.0968 3308 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:38:28.0046 3308 NDIS - ok
21:38:28.0109 3308 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:38:28.0218 3308 NdisIP - ok
21:38:28.0265 3308 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:38:28.0343 3308 NdisTapi - ok
21:38:28.0390 3308 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:38:28.0468 3308 Ndisuio - ok
21:38:28.0515 3308 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:38:28.0593 3308 NdisWan - ok
21:38:28.0687 3308 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:38:28.0687 3308 NDProxy - ok
21:38:28.0734 3308 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:38:28.0843 3308 NetBIOS - ok
21:38:28.0906 3308 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:38:29.0000 3308 NetBT - ok
21:38:29.0078 3308 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:38:29.0171 3308 NIC1394 - ok
21:38:29.0234 3308 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:38:29.0312 3308 Npfs - ok
21:38:29.0375 3308 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:38:29.0515 3308 Ntfs - ok
21:38:29.0593 3308 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:38:29.0687 3308 Null - ok
21:38:29.0984 3308 nv (54281e0eeb10143ec4327bb5d123f125) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:38:30.0203 3308 nv - ok
21:38:30.0250 3308 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\DRIVERS\nvata.sys
21:38:30.0281 3308 nvata - ok
21:38:30.0328 3308 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:38:30.0359 3308 NVENETFD - ok
21:38:30.0406 3308 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:38:30.0437 3308 nvnetbus - ok
21:38:30.0515 3308 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:38:30.0593 3308 NwlnkFlt - ok
21:38:30.0656 3308 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:38:30.0734 3308 NwlnkFwd - ok
21:38:30.0796 3308 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:38:30.0875 3308 ohci1394 - ok
21:38:30.0968 3308 ossrv (01e1ab8249f9dde5978c6b4af18eda7c) C:\WINDOWS\system32\drivers\ctoss2k.sys
21:38:30.0984 3308 ossrv - ok
21:38:31.0046 3308 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:38:31.0140 3308 Parport - ok
21:38:31.0187 3308 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:38:31.0265 3308 PartMgr - ok
21:38:31.0343 3308 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:38:31.0421 3308 ParVdm - ok
21:38:31.0468 3308 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:38:31.0562 3308 PCI - ok
21:38:31.0593 3308 PCIDump - ok
21:38:31.0656 3308 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:38:31.0750 3308 PCIIde - ok
21:38:31.0843 3308 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:38:31.0937 3308 Pcmcia - ok
21:38:31.0984 3308 PDCOMP - ok
21:38:32.0031 3308 PDFRAME - ok
21:38:32.0078 3308 PDRELI - ok
21:38:32.0109 3308 PDRFRAME - ok
21:38:32.0156 3308 perc2 - ok
21:38:32.0203 3308 perc2hib - ok
21:38:32.0281 3308 PfDetNT (fda352035c58a5c0ca6de13e66c0bf80) C:\WINDOWS\system32\drivers\PfModNT.sys
21:38:32.0296 3308 PfDetNT - ok
21:38:32.0359 3308 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:38:32.0468 3308 PptpMiniport - ok
21:38:32.0515 3308 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:38:32.0609 3308 Processor - ok
21:38:32.0765 3308 Profos (1bfe86c679a43994e36e623fb6898cdb) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
21:38:32.0765 3308 Profos ( UnsignedFile.Multi.Generic ) - warning
21:38:32.0765 3308 Profos - detected UnsignedFile.Multi.Generic (1)
21:38:32.0828 3308 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:38:32.0906 3308 PSched - ok
21:38:33.0015 3308 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:38:33.0093 3308 Ptilink - ok
21:38:33.0140 3308 ql1080 - ok
21:38:33.0187 3308 Ql10wnt - ok
21:38:33.0234 3308 ql12160 - ok
21:38:33.0265 3308 ql1240 - ok
21:38:33.0312 3308 ql1280 - ok
21:38:33.0359 3308 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:38:33.0437 3308 RasAcd - ok
21:38:33.0500 3308 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:38:33.0593 3308 Rasl2tp - ok
21:38:33.0640 3308 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:38:33.0734 3308 RasPppoe - ok
21:38:33.0796 3308 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:38:33.0890 3308 Raspti - ok
21:38:33.0953 3308 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:38:34.0031 3308 Rdbss - ok
21:38:34.0062 3308 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:38:34.0156 3308 RDPCDD - ok
21:38:34.0203 3308 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:38:34.0281 3308 rdpdr - ok
21:38:34.0359 3308 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:38:34.0453 3308 RDPWD - ok
21:38:34.0515 3308 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:38:34.0609 3308 redbook - ok
21:38:34.0765 3308 SASDIFSV - ok
21:38:34.0765 3308 SASKUTIL - ok
21:38:34.0859 3308 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
21:38:34.0875 3308 SBRE - ok
21:38:34.0984 3308 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:38:35.0046 3308 Secdrv - ok
21:38:35.0125 3308 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:38:35.0250 3308 serenum - ok
21:38:35.0296 3308 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:38:35.0390 3308 Serial - ok
21:38:35.0453 3308 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:38:35.0546 3308 Sfloppy - ok
21:38:35.0593 3308 Simbad - ok
21:38:35.0656 3308 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:38:35.0734 3308 SLIP - ok
21:38:35.0796 3308 Sparrow - ok
21:38:35.0921 3308 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
21:38:36.0000 3308 splitter - ok
21:38:36.0062 3308 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:38:36.0125 3308 sr - ok
21:38:36.0203 3308 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:38:36.0234 3308 Srv - ok
21:38:36.0328 3308 ssudmdm (a96126953bb5cbf83c5a8cd101a4ec23) C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
21:38:36.0343 3308 ssudmdm - ok
21:38:36.0406 3308 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:38:36.0500 3308 streamip - ok
21:38:36.0546 3308 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:38:36.0656 3308 swenum - ok
21:38:36.0734 3308 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
21:38:36.0750 3308 swmidi ( UnsignedFile.Multi.Generic ) - warning
21:38:36.0750 3308 swmidi - detected UnsignedFile.Multi.Generic (1)
21:38:36.0812 3308 symc810 - ok
21:38:36.0890 3308 symc8xx - ok
21:38:36.0937 3308 sym_hi - ok
21:38:36.0968 3308 sym_u3 - ok
21:38:37.0046 3308 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
21:38:37.0125 3308 sysaudio - ok
21:38:37.0203 3308 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
21:38:37.0218 3308 taphss - ok
21:38:37.0265 3308 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
21:38:37.0281 3308 TBPanel - ok
21:38:37.0375 3308 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:38:37.0437 3308 Tcpip - ok
21:38:37.0515 3308 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:38:37.0609 3308 TDPIPE - ok
21:38:37.0656 3308 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:38:37.0765 3308 TDTCP - ok
21:38:37.0812 3308 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:38:37.0906 3308 TermDD - ok
21:38:37.0968 3308 TosIde - ok
21:38:38.0078 3308 TrueSight - ok
21:38:38.0250 3308 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
21:38:38.0265 3308 Trufos ( UnsignedFile.Multi.Generic ) - warning
21:38:38.0265 3308 Trufos - detected UnsignedFile.Multi.Generic (1)
21:38:38.0343 3308 tvtool (77ebf3e9386daa51551af429052d88d0) C:\Program Files\TVTool\tvtool.sys
21:38:38.0359 3308 tvtool ( UnsignedFile.Multi.Generic ) - warning
21:38:38.0359 3308 tvtool - detected UnsignedFile.Multi.Generic (1)
21:38:38.0421 3308 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:38:38.0500 3308 Udfs - ok
21:38:38.0546 3308 ultra - ok
21:38:38.0656 3308 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:38:38.0750 3308 Update - ok
21:38:38.0843 3308 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:38:38.0875 3308 USBAAPL - ok
21:38:38.0921 3308 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:38:39.0015 3308 usbccgp - ok
21:38:39.0078 3308 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:38:39.0171 3308 usbehci - ok
21:38:39.0234 3308 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:38:39.0328 3308 usbhub - ok
21:38:39.0375 3308 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:38:39.0468 3308 usbohci - ok
21:38:39.0531 3308 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:38:40.0000 3308 usbprint - ok
21:38:40.0062 3308 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:38:40.0171 3308 usbscan - ok
21:38:40.0234 3308 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:38:40.0312 3308 USBSTOR - ok
21:38:40.0375 3308 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:38:40.0453 3308 usbuhci - ok
21:38:40.0500 3308 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:38:40.0593 3308 VgaSave - ok
21:38:40.0625 3308 ViaIde - ok
21:38:40.0671 3308 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:38:40.0765 3308 VolSnap - ok
21:38:40.0890 3308 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:38:40.0984 3308 Wanarp - ok
21:38:41.0078 3308 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:38:41.0093 3308 Wdf01000 - ok
21:38:41.0171 3308 WDICA - ok
21:38:41.0250 3308 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
21:38:41.0328 3308 wdmaud - ok
21:38:41.0453 3308 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:38:41.0453 3308 WpdUsb - ok
21:38:41.0515 3308 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:38:41.0625 3308 WSTCODEC - ok
21:38:41.0718 3308 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:38:41.0734 3308 WudfPf - ok
21:38:41.0796 3308 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:38:41.0812 3308 WudfRd - ok
21:38:41.0843 3308 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:38:42.0015 3308 \Device\Harddisk0\DR0 - ok
21:38:42.0046 3308 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:38:42.0093 3308 \Device\Harddisk1\DR1 - ok
21:38:42.0093 3308 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR4
21:38:44.0687 3308 \Device\Harddisk2\DR4 - ok
21:38:44.0718 3308 Boot (0x1200) (df0ae2f395d7a16ed380ca7412316d8c) \Device\Harddisk0\DR0\Partition0
21:38:44.0718 3308 \Device\Harddisk0\DR0\Partition0 - ok
21:38:44.0718 3308 Boot (0x1200) (7fd06214897e3a7619f26397cdeddd14) \Device\Harddisk2\DR4\Partition0
21:38:44.0718 3308 \Device\Harddisk2\DR4\Partition0 - ok
21:38:44.0718 3308 ============================================================
21:38:44.0718 3308 Scan finished
21:38:44.0718 3308 ============================================================
21:38:44.0734 0328 Detected object count: 7
21:38:44.0734 0328 Actual detected object count: 7
21:38:54.0000 0328 BCM43XX ( UnsignedFile.Multi.Generic ) - skipped by user
21:38:54.0000 0328 BCM43XX ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:38:54.0000 0328 BDSelfPr ( UnsignedFile.Multi.Generic ) - skipped by user
21:38:54.0000 0328 BDSelfPr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:38:54.0000 0328 MDC8021X ( UnsignedFile.Multi.Generic ) - skipped by user
21:38:54.0000 0328 MDC8021X ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:38:54.0000 0328 Profos ( UnsignedFile.Multi.Generic ) - skipped by user
21:38:54.0000 0328 Profos ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:38:54.0015 0328 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user
21:38:54.0015 0328 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:38:54.0015 0328 Trufos ( UnsignedFile.Multi.Generic ) - skipped by user
21:38:54.0015 0328 Trufos ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:38:54.0015 0328 tvtool ( UnsignedFile.Multi.Generic ) - skipped by user
21:38:54.0015 0328 tvtool ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:38:59.0703 0484 Deinitialize success




-----------------------------------------------------------------------------------



All processes killed
========== OTL ==========
========== FILES ==========
File\Folder C:\Documents and Settings\Thierry 200910\Local Settings\temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll not found.
File\Folder C:\Documents and Settings\Thierry 200910\Local Settings\temp\b01d42a6-0948-4bd0-8dea-54d68f50a791 not found.
< ipconfig /release /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\Thierry 200910\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Thierry 200910\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\Thierry 200910\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Thierry 200910\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\Thierry 200910\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Thierry 200910\Desktop\cmd.txt deleted successfully.
< ipconfig /all /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\Thierry 200910\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Thierry 200910\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Thierry 200910
->Temp folder emptied: 2009 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7011955 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2720 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 182592 bytes

Total Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Thierry 200910
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10132011_225743

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\tmp00000eec\tmp00000000 not found!

Registry entries deleted on Reboot...



--------------------------------------------------------------------------------

OTL logfile created on: 13/10/2011 23:05:19 - Run 9
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Thierry 200910\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.42 Mb Total Physical Memory | 473.52 Mb Available Physical Memory | 46.31% Memory free
2.40 Gb Paging File | 1.85 Gb Available in Paging File | 76.90% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 36.60 Gb Free Space | 47.96% Space Free | Partition Type: NTFS
Drive D: | 585.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 232.88 Gb Total Space | 152.53 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive F: | 983.70 Mb Total Space | 878.91 Mb Free Space | 89.35% Space Free | Partition Type: FAT

Computer Name: THIERRY | User Name: Thierry 200910 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/08 12:54:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.exe
PRC - [2011/09/06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/06/24 15:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/02/06 14:35:14 | 000,843,144 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2010/09/20 06:07:02 | 000,185,784 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2010/03/25 03:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/01/11 22:40:47 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2010/01/11 22:40:46 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 11:20:06 | 002,157,064 | ---- | M] (Xpertvision, Inc.) -- C:\Program Files\XpertVision\TBPANEL.exe
PRC - [2006/08/11 15:56:02 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2004/09/19 15:59:00 | 000,368,128 | ---- | M] () -- C:\Program Files\TVTool\TVTOOL.exe
PRC - [2004/02/23 16:51:32 | 000,032,768 | ---- | M] (XPDisable0Conf) -- C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\WinXPDisableZeroConfigation.exe
PRC - [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
PRC - [2002/04/12 14:39:24 | 000,155,715 | ---- | M] () -- C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 23:03:18 | 000,055,816 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Local Settings\temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
MOD - [2011/09/06 21:11:46 | 001,385,984 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090601\algo.dll
MOD - [2011/09/05 09:17:50 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090601\aswRep.dll
MOD - [2011/06/24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/06/12 00:33:46 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
MOD - [2011/06/12 00:28:28 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
MOD - [2011/06/12 00:28:08 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
MOD - [2011/06/12 00:27:40 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\684fe21837d3cf3e5935bbd0a7f53141\System.Core.ni.dll
MOD - [2011/06/12 00:27:18 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\689bb394bcb437ed085c22a43aba30c6\PresentationFramework.Luna.ni.dll
MOD - [2011/06/12 00:27:02 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1a5d89d569e2e12842daf4d87c57361a\PresentationFramework.ni.dll
MOD - [2011/06/12 00:26:26 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\46c57d845e55232a89e98101075cd455\PresentationCore.ni.dll
MOD - [2011/06/12 00:26:05 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\76e431fde1b252312b331f7108259fda\WindowsBase.ni.dll
MOD - [2011/06/12 00:25:53 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/06/12 00:25:32 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2011/06/12 00:22:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/06/07 11:13:56 | 000,592,896 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2011/06/07 11:13:56 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2011/06/07 11:13:54 | 000,367,104 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2011/06/07 11:13:54 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2010/12/19 01:18:39 | 000,243,112 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\tipsclient.dll
MOD - [2010/11/02 08:39:46 | 000,866,152 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll
MOD - [2010/09/20 06:07:14 | 000,516,864 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\sqlite3.dll
MOD - [2010/01/11 22:40:47 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
MOD - [2010/01/11 22:40:47 | 000,241,664 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\seccenter.ui
MOD - [2009/10/10 17:54:45 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\txmlutil.dll
MOD - [2009/10/10 17:54:42 | 000,073,728 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\tuneupconp.dll
MOD - [2009/10/10 17:54:36 | 000,126,976 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\hmcore.dll
MOD - [2009/10/10 17:54:34 | 000,010,240 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\dbokf.dll
MOD - [2009/10/10 17:54:24 | 000,155,648 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\bdfltlib.dll
MOD - [2009/10/10 17:54:15 | 000,172,032 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\agentreg.dll
MOD - [2009/10/10 17:54:14 | 000,045,056 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\actxcont.dll
MOD - [2009/10/10 17:54:02 | 000,003,584 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\encryption.ui
MOD - [2009/10/10 17:54:01 | 000,009,728 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\bdshelxt.ui
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/01/08 18:53:00 | 001,482,752 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/01/08 18:53:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/04/18 17:11:26 | 000,196,608 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\libexpatw.dll
MOD - [2004/09/19 15:59:00 | 000,368,128 | ---- | M] () -- C:\Program Files\TVTool\TVTOOL.exe
MOD - [2003/08/25 15:55:00 | 000,006,144 | ---- | M] () -- C:\Program Files\TVTool\TVTOOL.DLL
MOD - [2002/04/12 14:39:24 | 000,155,715 | ---- | M] () -- C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
MOD - [2000/06/12 15:14:50 | 000,360,518 | ---- | M] () -- C:\Program Files\SEC\Natural Color\LowCMS.dll
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\XpertVision\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WLTRYSVC)
SRV - File not found [Auto | Stopped] -- -- (NVSvc)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (LIVESRV)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (Creative Service for CDROM Access)
SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device)
SRV - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/11 22:40:46 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2009/10/10 17:53:48 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/07/17 13:06:56 | 000,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2003/03/09 05:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 21:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 21:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 21:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 21:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 21:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 21:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 21:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/06/16 10:22:50 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/06/16 10:22:50 | 000,076,088 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/06/07 11:13:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/05/13 23:05:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/10/10 17:54:45 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/10/10 17:54:45 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/10/10 17:54:45 | 000,104,456 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2009/10/10 17:54:29 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
DRV - [2009/10/10 17:53:53 | 000,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2009/10/10 17:53:51 | 000,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/10/10 17:53:51 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/10/10 17:53:48 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/10/10 15:27:24 | 000,015,648 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 17:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/04/13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006/09/11 12:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 12:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/21 11:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/11 15:56:36 | 000,008,192 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT)
DRV - [2006/08/11 15:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 15:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 15:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 15:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 15:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 15:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 15:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 15:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 15:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/10 18:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/10/08 02:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/14 16:29:50 | 000,350,299 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VdCap03C.sys -- (Cam5603C)
DRV - [2004/02/19 10:51:00 | 000,300,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [1996/04/03 19:33:00 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\TVTool\TVTOOL.SYS -- (tvtool)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2011/02/06 14:43:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/04 12:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2007/10/09 22:56:20 | 000,000,000 | ---D | M]

[2011/02/20 11:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Thierry 200910\Application Data\Mozilla\Extensions
[2011/02/20 11:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Thierry 200910\Application Data\Mozilla\Extensions\[email protected]
[2011/06/17 23:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/11 22:40:47 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/13 22:57:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Spyhunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe ()
O4 - HKLM..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe (Xpertvision, Inc.)
O4 - HKLM..\Run: [TVTool] C:\Program Files\TVTool\TVTool.exe ()
O4 - HKLM..\Run: [XpDis0Conf] C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\WinXPDisableZeroConfigation.exe (XPDisable0Conf)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-1960408961-602609370-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1960408961-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1255191831465 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} http://java.sun.com/...-131_03-win.cab (Java Plug-in 1.3.1_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.c...oad/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{747C9916-C4E9-4B43-808B-7825DC44090B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3B3A3FD-03D2-49EF-95B2-A870D4D2BDBA}: NameServer = 87.194.255.155
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/09 21:12:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011/10/08 12:50:06 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

========== Files/Folders - Created Within 30 Days ==========

[2011/10/13 22:18:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/13 21:36:04 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thierry 200910\Desktop\tdsskiller.exe
[2011/10/12 22:02:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/12 21:55:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/12 21:54:03 | 004,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Thierry 200910\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2011/10/12 21:53:55 | 004,253,235 | R--- | C] (Swearware) -- C:\Documents and Settings\Thierry 200910\Desktop\ComboFix.exe
[2011/10/11 20:37:21 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.exe
[2011/10/10 23:43:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/10 23:43:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/10 23:43:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/10 23:43:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/10 23:39:14 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/10/04 23:15:37 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/10/04 23:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/10/04 23:15:36 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/10/04 23:15:33 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/10/04 23:15:33 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/10/04 23:15:32 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/10/04 23:15:31 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/10/04 23:15:31 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/10/04 23:15:31 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/10/04 23:15:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/04 23:14:52 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/10/04 23:14:52 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/10/02 19:14:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Thierry 200910\Recent
[2011/09/26 22:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\DoctorWeb
[2011/09/25 22:59:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/25 19:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\SecurityXploded
[2011/09/25 18:05:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/09/25 13:58:41 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ipsec.svs
[2011/09/25 13:54:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/25 13:53:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/25 13:53:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Thierry 200910\Start Menu\Programs\Administrative Tools
[2011/09/24 22:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/24 22:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/24 21:59:46 | 000,000,000 | ---D | C] -- C:\RRTVAULT
[2011/09/24 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\Application Data\SUPERAntiSpyware.com
[2011/09/24 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/23 22:32:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/23 21:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\Desktop\RK_Quarantine
[2011/09/23 20:28:31 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/09/23 20:28:31 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/09/23 20:28:11 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/09/20 22:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thierry 200910\Application Data\QuickScan
[2011/09/20 21:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/20 20:41:16 | 000,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Thierry 200910\Desktop\KillBox.exe
[2007/10/09 22:10:25 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/08/11 15:43:00 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

========== Files - Modified Within 30 Days ==========

[2011/10/13 23:06:57 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI
[2011/10/13 23:02:56 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2011/10/13 23:02:31 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.CDF
[2011/10/13 23:01:42 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/13 22:59:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/13 22:58:10 | 000,033,232 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/13 22:58:10 | 000,033,232 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/13 22:58:10 | 000,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/13 22:58:10 | 000,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/13 22:58:10 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
[2011/10/13 22:58:10 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/10/13 22:58:10 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/10/13 22:57:47 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/10/13 22:54:05 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/13 22:51:05 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1003UA.job
[2011/10/13 21:32:52 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Thierry 200910\Desktop\tdsskiller.exe
[2011/10/13 21:25:46 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.BAK
[2011/10/13 21:02:29 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2011/10/12 23:19:07 | 000,000,146 | -HS- | M] () -- C:\WINDOWS\7426638drv.spi
[2011/10/12 22:02:38 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2011/10/12 21:41:58 | 098,217,864 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\setup_11.0.0.1245.x01_2011_10_12_23_33.exe
[2011/10/12 21:22:24 | 004,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Thierry 200910\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2011/10/12 20:52:43 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/10 23:26:10 | 004,253,235 | R--- | M] (Swearware) -- C:\Documents and Settings\Thierry 200910\Desktop\ComboFix.exe
[2011/10/10 22:55:22 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-602609370-839522115-1003Core.job
[2011/10/08 12:54:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thierry 200910\Desktop\OTL.exe
[2011/10/04 23:15:32 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/25 14:12:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111010-234234.backup
[2011/09/25 13:28:31 | 000,000,239 | ---- | M] () -- C:\Boot.bak
[2011/09/24 20:21:13 | 000,000,618 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/09/21 21:16:03 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/09/20 21:49:37 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\housecall.guid.cache
[2011/09/20 21:12:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/20 20:41:16 | 000,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Thierry 200910\Desktop\KillBox.exe
[2011/09/18 18:05:04 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Thierry 200910\Desktop\SopCast.lnk

========== Files Created - No Company Name ==========

[2011/10/12 23:19:07 | 000,000,146 | -HS- | C] () -- C:\WINDOWS\7426638drv.spi
[2011/10/12 22:02:38 | 000,000,239 | ---- | C] () -- C:\Boot.bak
[2011/10/12 22:02:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/12 21:53:55 | 098,217,864 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\setup_11.0.0.1245.x01_2011_10_12_23_33.exe
[2011/10/10 23:43:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/10 23:43:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/10 23:43:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/10 23:43:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/10 23:43:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/04 23:53:08 | 004,958,588 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.BAK
[2011/09/20 21:49:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\housecall.guid.cache
[2011/09/18 18:05:04 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Desktop\SopCast.lnk
[2011/07/03 22:39:15 | 000,103,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/17 23:16:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/12 00:56:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2011/06/07 11:13:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/06/07 11:13:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/06/07 11:13:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/06/07 11:13:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/06/07 11:13:38 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/04/11 22:14:43 | 000,000,195 | ---- | C] () -- C:\WINDOWS\si-chaid.ini
[2011/04/01 17:33:56 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Application Data\setup_ldm.iss
[2011/01/03 15:27:38 | 000,002,996 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/01/03 15:27:27 | 000,002,993 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2011/01/03 15:27:14 | 000,002,863 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/01/03 15:27:04 | 000,002,856 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2011/01/03 15:26:54 | 000,002,865 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/01/03 15:26:44 | 000,002,894 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2011/01/03 15:26:36 | 000,002,830 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/01/03 15:26:18 | 000,002,873 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/01/03 15:24:27 | 000,010,999 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/01/03 15:24:21 | 000,346,800 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/01/03 15:24:21 | 000,014,639 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/01/03 01:01:14 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2011/01/03 01:01:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2010/07/11 10:36:19 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\WebpageIcons.db
[2010/07/09 17:37:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/18 21:08:58 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\wsoviedsini.dll
[2010/05/18 21:08:41 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2010/04/17 23:51:53 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/03/18 23:18:22 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2009/10/26 21:09:22 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/10/11 00:37:30 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/10/10 22:16:08 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Application Data\AVSMediaPlayer.m3u
[2009/10/10 22:07:45 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/10 22:07:45 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/10 18:56:30 | 000,350,299 | ---- | C] () -- C:\WINDOWS\System32\drivers\VdCap03C.sys
[2009/10/10 18:56:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\VfwExtC.dll
[2009/10/10 18:56:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VfwECamC.dll
[2009/10/10 18:56:29 | 000,015,190 | ---- | C] () -- C:\WINDOWS\VdTwn03C.ini
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH3111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH2111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH0121.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamH0111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF3111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF2111.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF0121.bin
[2009/10/10 18:56:29 | 000,003,021 | ---- | C] () -- C:\WINDOWS\System32\drivers\CamF0111.bin
[2009/10/10 15:27:23 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/10/10 15:27:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/10/10 15:27:23 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/10/10 15:27:16 | 000,595,968 | ---- | C] () -- C:\WINDOWS\System32\WatchPower.exe
[2009/10/10 15:27:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PowerOff.exe
[2008/04/23 18:34:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007/10/10 13:02:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2007/10/10 13:02:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2007/10/10 13:02:38 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2007/10/10 12:58:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/10/10 12:58:19 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/10/10 12:38:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/10 00:53:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/10 00:53:10 | 000,107,008 | ---- | C] () -- C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/09 22:12:03 | 001,247,400 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2007/10/09 22:11:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/10/09 22:11:47 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2007/10/09 22:10:52 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/10/09 22:10:18 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2007/10/09 22:08:47 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/10/09 22:01:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2007/10/09 21:52:46 | 000,001,428 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2007/10/09 21:52:24 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2007/10/09 21:52:24 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/10/09 21:52:11 | 000,033,860 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/10/09 21:52:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/10/09 21:51:57 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/10/09 21:44:23 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2007/10/09 21:42:32 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/09 21:42:30 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/09 21:42:30 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/09 21:42:30 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/09 21:42:30 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/09 21:42:30 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/09 21:42:30 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/09 21:42:29 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/09 21:42:29 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/09 21:39:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/10/09 21:36:36 | 000,207,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/09 21:14:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/10/09 21:10:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/08/16 05:23:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gpyapi.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/09/13 12:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2006/08/11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/11 15:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/11 15:49:24 | 000,323,640 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/08/11 15:49:24 | 000,044,567 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/08/11 15:45:18 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/08/11 15:45:08 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2006/08/11 15:43:26 | 000,265,042 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2006/08/11 15:43:20 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/11 15:43:18 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/11 15:43:04 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/08/11 15:43:04 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/08/11 15:43:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2006/05/23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2004/08/04 00:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/10 14:42:20 | 000,013,600 | ---- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2003/03/09 05:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 13:00:00 | 000,443,062 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 13:00:00 | 000,071,592 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/09/25 14:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitDefender
[2011/10/04 23:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/10/09 22:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/04/10 18:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/04/10 18:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/04/22 15:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/03/18 23:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD X Studios
[2010/08/17 21:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2010/08/17 21:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2010/08/17 21:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2007/10/10 13:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2011/07/03 16:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2007/10/09 23:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/12/23 20:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/10/09 23:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{56759C22-EA1E-4BE5-A903-72F67D450F43}
[2007/10/09 22:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\BitDefender
[2011/04/22 15:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Canon
[2011/03/05 14:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\dBpoweramp
[2010/11/28 13:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\GrabPro
[2011/06/02 23:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Ildi
[2009/10/10 15:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\InterTrust
[2010/08/05 20:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Leadertech
[2011/02/20 11:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\MaxTV Technologies
[2010/04/11 20:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\MSNInstaller
[2010/11/28 13:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Orbit
[2010/08/17 21:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\PPLive
[2010/11/28 13:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\ProgSense
[2011/09/20 22:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\QuickScan
[2011/07/03 16:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\Samsung
[2007/10/10 13:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\SPSSInc
[2009/10/20 20:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\StreamTorrent
[2011/09/09 00:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\uTorrent
[2011/09/18 12:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\VoipDiscount
[2010/10/17 10:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thierry 200910\Application Data\vShare

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< C:\WINDOWS\assembly\GAC_MSIL\*.* /s >
[2011/06/12 00:22:52 | 000,010,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
[2011/06/12 00:22:40 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
[2011/06/12 00:22:46 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
[2011/06/12 00:22:47 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
[2011/06/12 00:22:48 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
[2011/06/12 00:22:49 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
[2010/08/07 12:00:58 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
[2011/06/12 00:22:57 | 000,348,160 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
[2010/08/07 12:00:59 | 000,733,184 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
[2011/06/12 00:22:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
[2010/08/07 12:00:59 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
[2010/08/07 12:00:59 | 000,802,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
[2011/06/12 00:22:59 | 000,655,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
[2010/08/07 12:01:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
[2011/06/12 00:23:00 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
[2011/06/12 00:22:53 | 000,749,568 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
[2010/08/07 11:59:27 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
[2011/06/12 00:22:52 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
[2011/06/12 00:22:51 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
[2011/06/12 00:22:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
[2011/06/12 00:22:50 | 000,659,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
[2010/08/07 12:00:58 | 000,041,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
[2011/06/12 00:23:12 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
[2011/06/12 00:22:54 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
[2011/06/12 00:22:49 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
[2011/06/12 00:22:48 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
[2010/08/07 11:59:42 | 000,598,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
[2010/08/07 11:59:35 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
[2010/08/07 11:59:43 | 000,046,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
[2010/08/07 11:59:45 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
[2010/08/07 11:59:45 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
[2010/08/07 11:59:45 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
[2010/08/07 11:59:45 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
[2010/08/14 14:51:21 | 005,279,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
[2010/08/07 11:59:46 | 000,864,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
[2010/08/07 11:59:37 | 000,528,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
[2010/08/07 12:01:00 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
[2010/08/14 14:39:52 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
[2011/06/12 00:23:13 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
[2010/08/07 12:01:01 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
[2010/08/07 12:01:02 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
[2010/08/07 12:01:07 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
[2011/06/12 00:23:13 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
[2011/06/12 00:23:15 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
[2010/08/07 12:01:03 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
[2010/08/07 12:01:03 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
[2010/08/07 12:01:03 | 000,229,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
[2010/08/07 12:01:04 | 002,879,488 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
[2010/08/07 12:00:56 | 000,684,032 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
[2011/06/12 00:04:30 | 000,294,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
[2010/08/07 12:00:55 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
[2011/06/12 00:04:30 | 000,442,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
[2011/06/12 00:23:16 | 000,745,472 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
[2011/06/12 00:23:17 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
[2011/06/12 00:22:43 | 005,062,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
[2010/08/07 12:00:56 | 000,286,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
[2011/06/12 00:22:46 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
[2011/06/12 00:22:53 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
[2011/06/12 00:22:42 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
[2011/06/12 00:22:58 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
[2010/08/07 11:59:47 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
[2010/08/14 14:39:52 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
[2010/08/07 11:59:29 | 000,131,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
[2010/08/07 12:01:06 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
[2011/06/12 00:23:00 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
[2011/06/12 00:22:59 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
[2010/08/07 12:01:08 | 000,233,472 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
[2011/06/12 00:22:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
[2011/06/12 00:22:56 | 000,131,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010/08/14 14:39:52 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2011/06/12 00:22:55 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
[2010/08/07 11:59:32 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
[2010/08/14 14:39:55 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
[2010/08/07 12:00:55 | 000,569,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
[2010/08/14 14:39:53 | 005,967,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
[2011/06/12 00:22:50 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
[2010/08/07 11:59:43 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
[2010/08/07 12:01:08 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
[2010/08/07 12:01:09 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
[2011/06/12 00:04:31 | 000,229,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
[2010/08/07 12:01:06 | 000,131,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
[2011/06/12 00:04:30 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
[2010/08/07 12:01:09 | 000,335,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
[2011/06/12 00:12:52 | 001,277,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
[2011/06/12 00:22:44 | 000,835,584 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
[2011/06/12 00:22:45 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
[2010/08/07 12:01:10 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
[2011/06/12 00:22:45 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
[2011/06/12 00:22:41 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
[2010/08/07 12:01:06 | 000,012,288 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
[2010/08/07 11:59:40 | 001,138,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
[2010/08/07 11:59:40 | 001,630,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
[2010/08/07 11:59:40 | 000,540,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
[2010/08/07 12:00:55 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
[2010/08/07 12:01:07 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
[2011/06/12 00:23:18 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
[2011/06/12 00:23:17 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
[2010/08/07 11:59:43 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
[2010/08/07 11:59:44 | 000,385,024 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
[2010/08/07 11:59:38 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
[2010/08/07 11:59:39 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
[2010/08/14 14:51:23 | 001,249,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
[2010/08/07 11:59:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:41:11 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:41:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Thierry 200910\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/20 04:07:40 | 001,030,200 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\Thierry 200910\75:Color

< End of report >
  • 0

#30
CompCav
Posted 13 October 2011 - 04:24 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Can you connect to the internet with FireFox?

When you run other programs like word processor or others, how are they acting??

Thanks,

CompCav
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP