Help
This topic is locked
Meh....you're right. I simply glanced at the first report you posted and saw SP2, rather than the Windows version 6.
Go to bed. I really think the worst is behind you.
When you wake up let me know how it's running.
tea
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Infection Rootkit TDLR4@MBR Really tough one
#16
- Bleepin' Texan in Ohio!
-
- Group: Malware Response Team
- Posts: 17,058
- Joined: 05-April 06
- Gender:Female
- Location:New Bremen, Ohio
Posted 07 May 2011 - 03:02 PM
You're welcome.
Meh....you're right. I simply glanced at the first report you posted and saw SP2, rather than the Windows version 6.
Go to bed. I really think the worst is behind you.
When you wake up let me know how it's running.
tea
Meh....you're right. I simply glanced at the first report you posted and saw SP2, rather than the Windows version 6.
Go to bed. I really think the worst is behind you.
When you wake up let me know how it's running.
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!
Error reading poptart in Drive A: Delete kids y/n?
Every little bit helps! :)
You can even use your credit card! Thank you!
Error reading poptart in Drive A: Delete kids y/n?
Back to top
#17
- New Member
-
- Group: Members
- Posts: 13
- Joined: 07-May 11
Posted 08 May 2011 - 07:56 PM
OTL logfile created on: 5/8/2011 8:35:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Emmanuel\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.93 Gb Total Space | 88.47 Gb Free Space | 24.31% Space Free | Partition Type: NTFS
Computer Name: EMMANUEL-PC | User Name: Emmanuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe
PRC - [2011/04/13 14:07:44 | 001,481,496 | -H-- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe
PRC - [2011/03/08 10:19:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2011/01/18 23:49:08 | 001,176,448 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/03/25 23:49:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2010/03/18 16:04:52 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2010/01/17 11:21:17 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/04/11 14:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/08/29 02:34:10 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/08/29 02:34:10 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/08/29 01:10:18 | 000,233,472 | ---- | M] () -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2008/08/18 23:31:22 | 000,443,752 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
PRC - [2008/08/18 23:31:20 | 004,597,096 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2008/07/11 05:10:44 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/11 05:10:44 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/06/09 21:59:30 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/05/01 10:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe
PRC - [2008/05/01 10:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/03 02:07:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008/04/03 02:07:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/04/03 02:07:38 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/06 04:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (SafeList) ==========
MOD - [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe
MOD - [2010/09/23 04:07:50 | 000,107,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mindjet\MindManager 9\msscript.ocx
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (CaCCProvSP)
SRV - [2011/03/08 10:19:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2011/01/11 02:40:42 | 001,962,192 | ---- | M] (Astrill) [On_Demand | Stopped] -- C:\Users\Emmanuel\AppData\Roaming\Astrill\ASProxy.exe -- (ASProxy)
SRV - [2011/01/11 02:40:28 | 000,428,056 | ---- | M] (Astrill) [On_Demand | Stopped] -- C:\Users\Emmanuel\AppData\Roaming\Astrill\ASOvpnSvc.exe -- (ASOVPNHelper)
SRV - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/04/22 01:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/22 01:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/25 23:49:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/12 16:40:10 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/17 11:21:17 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/04/11 14:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/01/22 08:06:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/29 02:34:10 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/08/18 23:31:22 | 000,443,752 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe -- (DisplayLinkService)
SRV - [2008/07/11 05:10:44 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/06/09 21:59:30 | 000,098,304 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkHDMIService)
SRV - [2008/05/02 09:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/05/01 10:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/05/01 10:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/03 02:07:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/04/03 02:07:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008/04/03 02:07:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/04/03 02:07:38 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/03/05 11:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/03/05 11:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/03/05 11:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/03/04 05:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/03/04 04:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/01/21 10:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 17:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007/11/28 17:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007/11/28 16:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/06/06 04:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV - [2010/08/20 22:08:46 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/06/13 14:42:46 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/06/13 14:42:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2010/06/13 14:42:38 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/04/23 17:43:52 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/02/22 14:58:40 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/02/03 13:57:36 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM)
DRV - [2010/01/08 16:28:40 | 000,006,656 | ---- | M] (alipay.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alidevice.sys -- (Alidevice)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/08/31 10:38:02 | 000,011,808 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CertClient.dat -- (CMB8100)
DRV - [2009/08/31 10:38:02 | 000,010,272 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CMBProtector.dat -- (CMBProtector)
DRV - [2009/08/27 15:18:58 | 000,025,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/08/21 02:08:00 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2009/08/21 02:08:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2009/08/21 02:08:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/04/11 12:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)
DRV - [2009/01/16 17:08:39 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/18 23:31:50 | 000,287,856 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2008/08/18 23:31:50 | 000,013,424 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2008/05/13 08:05:19 | 003,537,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 21:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/28 09:19:55 | 000,142,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/04/22 22:43:36 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/04/22 08:01:11 | 000,903,680 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/16 08:04:24 | 000,046,592 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/04/16 08:04:12 | 000,068,096 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/02/29 10:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 10:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/23 08:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/25 10:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 10:21:34 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/01/21 10:21:27 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2007/12/17 09:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/07/26 16:25:12 | 000,039,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2007/06/27 10:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 10:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/04/18 11:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/08 15:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006/11/02 12:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/04/04 21:20:36 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Rue89 | Site d'information et de débat sur l'actualité, indépendant et participatif
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8580
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://pro.imdb.com/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e2337727-f9c9-411b-929e-287584341d1a}:3.4.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: addon@astrill.com:1.4
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8580
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 8580
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8580
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8580
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8580
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8580
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8580
FF - prefs.js..network.proxy.type: 1
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/09/21 09:56:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/05/02 15:11:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 14:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 14:04:35 | 000,000,000 | ---D | M]
[2009/10/10 14:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Extensions
[2009/10/10 14:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2011/05/08 11:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions
[2011/04/04 19:59:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/18 12:10:47 | 000,000,000 | ---D | M] (LinkedIn Companion for Firefox) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\{e2337727-f9c9-411b-929e-287584341d1a}
[2010/09/29 10:23:16 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/01/17 12:28:37 | 000,004,166 | ---- | M] () -- C:\Users\Emmanuel\AppData\Roaming\Mozilla\Firefox\Profiles\8681oi1f.default\searchplugins\baidu.xml
[2011/05/02 14:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 14:26:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 19:46:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/18 16:42:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/15 17:17:28 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2011/05/02 15:11:12 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2009/07/06 02:37:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/15 00:47:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/12/15 15:05:50 | 000,234,496 | ---- | M] (Alipay.com co.,ltd) -- C:\Program Files\Mozilla Firefox\plugins\npaliedit.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/05/17 05:00:12 | 000,046,856 | ---- | M] (E-Book Systems.) -- C:\Program Files\Mozilla Firefox\plugins\NPOpf.dll
[2010/01/01 16:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 16:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 16:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/01 16:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 16:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
[2011/02/28 15:06:17 | 000,001,066 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-zugo.xml
O1 HOSTS File: ([2011/03/24 14:42:12 | 000,001,963 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 66.207.162.66 freedur.com
O1 - Hosts: 66.207.162.66 www.freedur.com
O1 - Hosts: 204.152.194.50 clients.freedur.com
O1 - Hosts: 204.152.194.50 blog.freedur.com
O1 - Hosts: 66.207.162.66 freedur.net
O1 - Hosts: 66.207.162.66 www.freedur.net
O1 - Hosts: 204.152.194.50 clients.freedur.net
O1 - Hosts: 204.152.194.50 blog.freedur.net
O1 - Hosts: 15 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fvbho140.dll (E-Book Systems Inc.)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe ()
O4 - HKCU..\Run: [lnksutil] File not found
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Barre RoboForm - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Enregistrer le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Personnaliser le menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: QQ - C:\Program Files\Tencent\QQIntl\Bin\AddEmotion.htm ()
O8 - Extra context menu item: Remplir le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\ASProxy.dll (Astrill)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: carrefour.com.cn ([e-shop] https in Trusted sites)
O15 - HKCU\..Trusted Domains: imdb.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} https://download.ali...401/aliedit.cab (iTrusPTA Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.168.255.118 116.228.111.18
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell - "" = AutoRun
O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell - "" = AutoRun
O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell - "" = AutoRun
O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell\AutoRun\command - "" = J:\StormF1.exe
O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell - "" = AutoRun
O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{f45104b5-2b1d-11df-9eef-001e3ded49ed}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Zaptag-Run-Me.hta
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2011/05/08 16:33:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/05/08 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/05/08 16:19:49 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Local\Windows Live
[2011/05/08 16:11:31 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011/05/08 15:23:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/05/08 15:22:38 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/05/08 15:22:38 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/05/08 15:22:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/05/08 15:22:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/05/08 15:22:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/05/08 15:22:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/05/08 15:22:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/05/08 15:22:30 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/05/08 15:22:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/05/08 15:22:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/05/08 15:22:16 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/05/08 15:22:16 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/05/08 15:22:16 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/05/08 15:22:16 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/05/08 15:22:16 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/05/08 14:51:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe
[2011/05/08 11:13:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/05/08 11:02:45 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/05/08 11:02:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/05/08 11:01:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/05/08 11:01:08 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/05/08 11:00:32 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/08 11:00:28 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/05/08 10:59:56 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/05/08 10:59:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/05/08 10:59:44 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/05/08 10:59:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/05/08 10:59:43 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/05/08 10:59:07 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/05/08 10:59:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/05/08 10:58:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/05/08 10:58:50 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/05/08 10:58:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/05/08 03:55:46 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\Desktop\Malware Cleanup
[2011/05/08 03:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
[2011/05/08 03:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller! 7
[2011/05/08 03:28:55 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/08 03:28:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/08 03:28:54 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/08 03:28:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/08 03:28:53 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/08 03:28:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/08 03:28:53 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/08 03:28:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/08 03:28:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/08 03:28:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/08 03:28:51 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/08 03:28:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/08 03:28:50 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/08 03:28:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/08 03:28:49 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/08 03:28:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/08 03:28:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/08 03:28:49 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/08 03:28:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/08 03:28:48 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/08 03:28:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/08 03:28:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/08 03:28:48 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/08 03:28:48 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/08 03:28:47 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/08 03:28:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/08 03:28:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/08 03:28:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/08 03:28:44 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/08 03:28:43 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/08 03:28:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/08 03:28:39 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/08 03:28:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/08 03:28:38 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/08 03:28:34 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/08 03:28:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/08 03:28:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/08 03:28:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/08 03:28:27 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/08 03:26:15 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/05/08 03:26:14 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/05/08 03:26:13 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/05/08 03:26:12 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/05/08 03:26:11 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/05/08 03:26:09 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/05/08 03:26:05 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/05/08 03:25:48 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/05/08 03:25:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/05/08 03:25:46 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/05/08 03:25:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/05/08 03:25:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/05/08 03:25:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/05/08 03:25:43 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/05/08 03:25:43 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/05/08 03:25:42 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/05/08 03:25:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/05/08 03:25:40 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/05/08 03:25:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/05/08 03:25:38 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/05/08 03:25:37 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/05/08 03:25:36 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/08 02:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/05/08 02:44:59 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/05/08 02:44:56 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/05/08 02:44:56 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/05/08 02:43:17 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/05/08 02:43:11 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/05/08 02:43:11 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/05/08 02:43:10 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/05/08 02:43:10 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/05/08 02:43:09 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/05/08 02:41:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/05/08 02:41:28 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/05/08 02:41:20 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/05/08 02:41:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011/05/08 02:41:14 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/05/08 02:41:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011/05/08 02:41:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/05/08 02:41:13 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/05/08 02:41:13 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2011/05/08 02:41:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/05/08 02:41:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/05/08 02:41:13 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/05/08 02:38:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/05/08 02:38:19 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/05/08 02:08:02 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/05/08 02:07:50 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/05/08 02:06:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/05/08 02:06:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/05/08 02:06:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/05/08 02:06:15 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/05/08 02:06:15 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/05/08 02:06:15 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/05/08 02:06:14 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/05/08 02:06:14 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/05/08 02:06:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/05/08 01:59:48 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/05/06 10:50:09 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\Malwarebytes
[2011/05/06 10:49:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/06 10:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/06 10:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/06 10:49:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/06 10:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/04 11:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/05/02 15:17:42 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\RoboForm
[2011/05/02 15:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2011/05/02 10:58:02 | 001,481,496 | -H-- | C] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe
[2011/04/24 15:29:11 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\Desktop\Marketing Documents
========== Files - Modified Within 30 Days ==========
[2011/05/08 21:00:35 | 000,001,073 | -H-- | M] () -- C:\Users\Emmanuel\Desktop\fg.ini
[2011/05/08 20:45:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/05/08 20:29:59 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/05/08 19:46:31 | 000,431,304 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2011/05/08 19:46:31 | 000,421,940 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2011/05/08 19:46:31 | 000,127,458 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2011/05/08 19:46:31 | 000,127,446 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2011/05/08 19:46:30 | 000,751,468 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/05/08 19:46:30 | 000,674,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/08 19:46:30 | 000,152,004 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/05/08 19:46:30 | 000,127,904 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/08 19:42:04 | 007,571,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/08 19:41:54 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 19:41:53 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 19:38:14 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/08 19:36:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/08 19:25:21 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv
[2011/05/08 19:25:11 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/08 15:43:13 | 000,002,357 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook 2010.lnk
[2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe
[2011/05/08 14:18:49 | 000,002,555 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2011/05/08 10:28:45 | 000,000,908 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/08 03:58:52 | 000,146,944 | ---- | M] () -- C:\Users\Emmanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/08 03:29:19 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/08 03:29:19 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/08 03:28:55 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/08 03:28:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/08 03:28:54 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/08 03:28:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/08 03:28:53 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/08 03:28:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/08 03:28:53 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/08 03:28:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/08 03:28:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/08 03:28:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/08 03:28:51 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/08 03:28:50 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/08 03:28:50 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/08 03:28:49 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/08 03:28:49 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/08 03:28:49 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/08 03:28:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/08 03:28:49 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/08 03:28:49 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/08 03:28:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/08 03:28:48 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/08 03:28:48 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/08 03:28:48 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/08 03:28:48 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/08 03:28:48 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/08 03:28:47 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/08 03:28:46 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/08 03:28:46 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/08 03:28:46 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/08 03:28:44 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/08 03:28:43 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/08 03:28:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/08 03:28:39 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/08 03:28:39 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/08 03:28:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/08 03:28:34 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/08 03:28:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/08 03:28:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/08 03:28:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/08 03:28:27 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/08 03:26:15 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/05/08 03:26:14 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/05/08 03:26:13 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/05/08 03:26:12 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/05/08 03:26:11 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/05/08 03:26:09 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/05/08 03:26:05 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/05/08 03:25:48 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/05/08 03:25:48 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/05/08 03:25:46 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/05/08 03:25:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/05/08 03:25:44 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/05/08 03:25:44 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/05/08 03:25:43 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/05/08 03:25:43 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/05/08 03:25:42 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/05/08 03:25:41 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/05/08 03:25:40 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/05/08 03:25:40 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/05/08 03:25:38 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/05/08 03:25:37 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/05/08 03:25:36 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/08 02:49:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/08 02:46:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/05/07 21:57:03 | 634,498,416 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/07 16:38:34 | 000,000,020 | ---- | M] () -- C:\Users\Emmanuel\defogger_reenable
[2011/05/06 17:11:00 | 007,450,289 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Cities of Love in Chinese.icml
[2011/05/06 13:23:19 | 000,002,597 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/05/02 18:52:04 | 000,004,096 | -H-- | M] () -- C:\Users\Emmanuel\AppData\Local\keyfile3.drm
[2011/05/02 14:05:03 | 000,000,835 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/02 13:08:01 | 000,000,476 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\fg710p.exe - Raccourci.lnk
[2011/05/02 11:18:03 | 000,003,136 | ---- | M] () -- C:\Windows\System32\ASProxy.ini
[2011/05/02 11:18:03 | 000,001,968 | ---- | M] () -- C:\Windows\System32\ASProxyOff.ini
[2011/04/29 14:26:34 | 000,000,501 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Shanghai Presentation files - Raccourci.lnk
[2011/04/25 09:31:40 | 000,560,553 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Shanghai - Photographic Presentation.pdf
[2011/04/22 19:30:06 | 001,634,304 | ---- | M] () -- C:\Users\Emmanuel\Desktop\SILY Transition Team in Ch.indd
[2011/04/22 19:24:48 | 002,199,552 | ---- | M] () -- C:\Users\Emmanuel\Desktop\SILY Directors Cards in Ch.indd
[2011/04/14 21:41:30 | 002,954,072 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Cannes 2011.pdf
[2011/04/13 14:07:44 | 001,481,496 | -H-- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe
========== Files Created - No Company Name ==========
[2011/05/08 20:45:54 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/05/08 15:22:20 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/05/08 15:22:20 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/05/08 15:22:19 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/05/08 10:28:45 | 000,000,914 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/08 10:28:45 | 000,000,908 | ---- | C] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/08 03:28:49 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/08 02:49:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/08 02:46:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/05/07 16:37:35 | 000,000,020 | ---- | C] () -- C:\Users\Emmanuel\defogger_reenable
[2011/05/06 17:11:00 | 007,450,289 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Cities of Love in Chinese.icml
[2011/05/05 19:24:35 | 001,634,304 | ---- | C] () -- C:\Users\Emmanuel\Desktop\SILY Transition Team in Ch.indd
[2011/05/05 19:24:34 | 002,199,552 | ---- | C] () -- C:\Users\Emmanuel\Desktop\SILY Directors Cards in Ch.indd
[2011/05/02 18:52:04 | 000,004,096 | -H-- | C] () -- C:\Users\Emmanuel\AppData\Local\keyfile3.drm
[2011/05/02 13:08:01 | 000,000,476 | ---- | C] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\fg710p.exe - Raccourci.lnk
[2011/05/02 13:01:56 | 000,001,073 | -H-- | C] () -- C:\Users\Emmanuel\Desktop\fg.ini
[2011/04/29 14:26:34 | 000,000,501 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Shanghai Presentation files - Raccourci.lnk
[2011/04/25 09:30:33 | 000,560,553 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Shanghai - Photographic Presentation.pdf
[2011/04/14 21:41:30 | 002,954,072 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Cannes 2011.pdf
[2011/01/15 19:16:45 | 000,000,000 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\chrtmp
[2010/12/31 10:02:15 | 000,000,132 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/11/01 00:05:52 | 000,001,968 | ---- | C] () -- C:\Windows\System32\ASProxyOff.ini
[2010/11/01 00:05:51 | 000,003,136 | ---- | C] () -- C:\Windows\System32\ASProxy.ini
[2010/08/02 11:06:12 | 000,038,431 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/06/13 13:46:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/06/13 13:46:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010/01/26 14:20:07 | 000,000,760 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\setup_ldm.iss
[2010/01/17 11:17:08 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/01/05 18:25:22 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/12/31 12:27:14 | 000,000,156 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/12/29 15:05:37 | 000,403,344 | ---- | C] () -- C:\Windows\System32\CMBEdit.dll
[2009/12/29 15:05:33 | 000,337,816 | ---- | C] () -- C:\Windows\System32\Cmb_Pb_LiveUpdate.exe
[2009/12/29 15:05:33 | 000,100,240 | ---- | C] () -- C:\Windows\System32\CmbSafeBase.dll
[2009/12/29 15:05:33 | 000,011,808 | ---- | C] () -- C:\Windows\System32\drivers\CertClient.dat
[2009/12/29 15:05:33 | 000,010,272 | ---- | C] () -- C:\Windows\System32\drivers\CMBProtector.dat
[2009/12/29 15:05:32 | 000,611,736 | ---- | C] () -- C:\Windows\System32\CMBPBUninstall.exe
[2009/12/29 15:05:32 | 000,472,976 | ---- | C] () -- C:\Windows\System32\PBHttpComm.dll
[2009/12/29 15:05:32 | 000,186,264 | ---- | C] () -- C:\Windows\System32\PersonalBankPortal.exe
[2009/12/15 13:58:10 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2009/11/06 12:00:20 | 000,016,240 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2009/09/11 07:53:29 | 000,001,356 | ---- | C] () -- C:\Users\Emmanuel\AppData\Local\d3d9caps.dat
[2009/08/27 15:25:33 | 000,025,736 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2009/07/06 04:23:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/06 04:23:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/06 04:21:55 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/05/27 15:16:48 | 000,000,015 | ---- | C] () -- C:\Program Files\winreg.ini
[2009/05/27 15:14:27 | 000,059,392 | ---- | C] () -- C:\Windows\System32\Win32Printer.dll
[2009/04/22 21:39:09 | 000,242,176 | ---- | C] () -- C:\Windows\System32\fixflash.exe
[2009/04/22 21:39:08 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2009/04/22 21:39:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2009/03/08 03:11:28 | 000,000,206 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2009/02/21 19:22:14 | 000,047,360 | ---- | C] () -- C:\Windows\System32\drivers\Surroundhp_kern_i386.sys
[2009/02/21 19:22:14 | 000,047,104 | ---- | C] () -- C:\Windows\System32\drivers\tshd4_kern_i386.sys
[2009/02/21 19:22:14 | 000,042,112 | ---- | C] () -- C:\Windows\System32\drivers\csiidecoder_kern_i386.sys
[2009/02/21 19:22:14 | 000,039,808 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2009/01/31 19:45:48 | 000,431,304 | ---- | C] () -- C:\Windows\System32\prfh0404.dat
[2009/01/31 19:45:48 | 000,127,458 | ---- | C] () -- C:\Windows\System32\prfc0404.dat
[2009/01/31 19:45:48 | 000,116,540 | ---- | C] () -- C:\Windows\System32\prfi0404.dat
[2009/01/31 19:45:48 | 000,109,926 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
[2009/01/31 19:45:48 | 000,030,674 | ---- | C] () -- C:\Windows\System32\prfd0404.dat
[2009/01/31 19:45:47 | 000,421,940 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
[2009/01/31 19:45:47 | 000,127,446 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
[2009/01/31 19:45:47 | 000,030,674 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
[2009/01/20 21:07:09 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/01/19 21:55:49 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/19 21:50:01 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2008/10/27 19:46:09 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008/10/15 03:00:05 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2008/10/15 02:56:18 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2008/10/05 15:42:34 | 000,000,080 | ---- | C] () -- C:\Windows\System32\DCDA1745C1.dll
[2008/09/12 09:28:50 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/09/02 08:17:56 | 000,146,944 | ---- | C] () -- C:\Users\Emmanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/02 04:20:32 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/08/30 22:05:11 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/08/29 08:25:33 | 000,751,468 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/08/29 08:25:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/08/29 08:25:33 | 000,152,004 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/08/29 08:25:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2008/08/29 07:56:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/18 07:34:16 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/06/18 06:41:36 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/06/18 06:41:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/06/18 06:41:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/06/18 06:41:16 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1493.dll
[2008/06/18 06:41:16 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/18 06:11:41 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2008/06/18 05:59:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/06/18 05:53:54 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/06/18 05:50:39 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/21 10:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/10/31 01:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/06/06 04:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007/04/16 18:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 20:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:46:27 | 007,571,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,674,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,127,904 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/15 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/19 05:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/03/08 10:19:36 | 000,063,620 | ---- | M] () -- C:\bdlog.txt
[2009/04/11 14:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/01/15 23:00:51 | 000,546,687 | ---- | M] () -- C:\caisslog.txt
[2006/09/19 05:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/05/11 05:22:35 | 000,000,077 | ---- | M] () -- C:\DVDRipper_debug.txt
[2008/11/28 01:22:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/16 18:51:23 | 000,000,078 | ---- | M] () -- C:\lxcy.log
[2008/11/28 01:22:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/08 19:31:38 | 3532,775,424 | -HS- | M] () -- C:\pagefile.sys
[2010/06/13 13:46:35 | 000,000,000 | ---- | M] () -- C:\pcversion.txt
[2011/05/08 20:45:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2009/06/22 20:19:33 | 000,648,016 | ---- | M] (Siber Systems) -- C:\PortableRoboForm.exe
[2009/01/19 21:37:02 | 000,000,611 | ---- | M] () -- C:\RHDSetup.log
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\wrLZMA.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/01/21 11:16:46 | 017,956,864 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 11:16:31 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 11:16:46 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 18:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 18:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\drivers\*.sys /90 >
[2011/02/22 21:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys
[2011/05/08 03:25:41 | 000,638,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2011/02/22 21:23:59 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2011/02/22 21:24:10 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2011/02/22 21:24:02 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2011/02/18 22:03:32 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2011/02/18 22:03:10 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2011/02/18 22:03:06 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-08 11:53:34
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:5BB923A2
< End of report >
OTL Extras logfile created on: 5/8/2011 8:35:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Emmanuel\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.93 Gb Total Space | 88.47 Gb Free Space | 24.31% Space Free | Partition Type: NTFS
Computer Name: EMMANUEL-PC | User Name: Emmanuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = jsfile] -- Reg Error: Value error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2406939421-308661945-4081067968-1003]
"EnableNotificationsRef" = 3
"EnableNotifications" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\" = C:\Windows\system\dwm.exe:*:Enabled:KL
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E1B6CF-EB58-4483-9FFA-58CC27C55787}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{0F4D5E70-896B-472B-A046-7CF338AFDB9A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{13C60B5D-18C4-416E-9FB9-30AE59914AFF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{142B4D99-3232-4CD4-9B65-1D096EA1E327}" = rport=445 | protocol=6 | dir=out | app=system |
"{16CF1AAB-8A03-407D-A3B9-B3F3BF36FA33}" = rport=2869 | protocol=6 | dir=out | app=system |
"{254B6A4B-090C-4DF9-B144-14037FD3E71D}" = rport=139 | protocol=6 | dir=out | app=system |
"{364C1B48-7493-4706-9503-0D951E9CCD58}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{46302FAC-D5E5-4F22-BC5E-39B508649935}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{481EB4D7-0DB3-4A39-B567-1762E8E895CB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{5F4580A6-9558-49ED-82F8-281A0B002C22}" = lport=139 | protocol=6 | dir=in | app=system |
"{674189B5-5B36-4C99-9D02-383DFBB8BE1B}" = rport=137 | protocol=17 | dir=out | app=system |
"{68613C70-0BBD-413D-A49B-76354FF6BD50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{689A1965-10AC-4716-9094-D2EB5CC4591B}" = lport=445 | protocol=6 | dir=in | app=system |
"{6BBEA2F9-E16D-4250-A456-082CF5C08D17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6C09942F-9257-4C38-B436-64DD9DCABB6B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6F8CDCDF-1935-4A62-95F1-2C594682089E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{783461F8-8B72-4ABB-9B6A-DBE3911ACCE1}" = lport=138 | protocol=17 | dir=in | app=system |
"{7BB062E3-8498-44B1-8FFE-77A5080928AB}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{7DA0B118-23DC-4288-9489-1D0D89F7F9CC}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{8B2ABED0-9443-4DE2-B199-00E977A86AF1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8CF16A9C-DCF7-4F4E-AFE9-27F71EACFE52}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{96F4FB9B-FEEB-4779-ACCD-0651BF21B67F}" = lport=137 | protocol=17 | dir=in | app=system |
"{A213CB72-45D3-4206-98A3-194533F7BAB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC132BC9-9BEA-46C7-A107-A85642E1947C}" = rport=138 | protocol=17 | dir=out | app=system |
"{AF253F34-4F4E-4AF9-A409-95BA067993D9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B5CE1329-93D1-44EF-9AA7-2300C8848079}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{D6D8360C-D221-4E21-A0D4-951872F5FFE2}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{E7C9AC94-E10B-4D82-977F-DE9EB1C6D766}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{EAA86AEC-6495-46C6-B12C-3A8FEBA02EF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9A16040-5AF8-4920-812B-BDAE72693A02}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8347F6-47A6-4085-9751-1B3123A9DCAD}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{0CA24DDF-2EEF-4836-B0B5-0145F7A97F4A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{15916D17-36E9-4CE0-84A3-CFBF60E73CFA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{167F82C9-2352-487D-B13B-5484A59F6D8F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{18DAD7E5-90D6-4307-A637-CBB7154217B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{31172B77-DF71-4FDF-888A-AF2E59E31790}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{340B63AB-608D-4B68-A379-CC1606BDFB15}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3CE1EEC5-0816-4FEB-B0D3-90B8D80C4EE7}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{49A6A2EA-15CE-42CF-8839-D1D2A59FA8C5}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{4B4C1D75-F9BB-47FF-851C-CFDFA76457E6}" = protocol=6 | dir=in | app=c:\program files\webissync\ipisync.exe |
"{5523A1C6-402F-446A-BDAE-ABD054A4D84A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5B78A48B-A3A0-4A99-83B9-CBE383686D89}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5EB38ADB-FEC0-4C50-80F4-1EE4A6253206}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{61B9CCF7-1ADF-4CDA-9BDC-912A5C086DA7}" = protocol=17 | dir=in | app=c:\program files\webissync\ipisync.exe |
"{841F878A-7F70-401F-8835-238B8FC07B31}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{887CA51E-5E1E-4139-A431-0777DAA9D526}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C5C6ED0-E5F3-4F84-9F9F-9358B31E53EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{92060DA9-C52A-463C-8021-FF34584D3AA7}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{94377041-6428-4835-B87F-0F5CF1BEE676}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{974EE3AF-5EE0-4351-A7F1-4E09E7EF2CB3}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{975304EE-4F09-41C1-ADD7-1D131EA96667}" = protocol=6 | dir=in | app=c:\program files\bitdefender\bitdefender 2010\uiscan.exe |
"{9E7CA494-2B30-462D-AA23-00CA86108A9C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{AF23C1F9-E68B-4161-8624-B1BE4D64F764}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B4A7D53E-5C71-418E-81F1-D287820E419E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C5CBA712-27DB-4D00-B162-C40303CBB849}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D1A4C9F1-1226-411C-8F3D-24AE39F39DDE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D4AA9ACD-BE2E-4729-BB26-81FFACC7A796}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{D597618B-E440-425E-8407-46D36B8C2040}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DCDF4453-2A99-4AC6-8EB4-21ADE29E9105}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DF62AD8B-E83F-4BB9-B59F-BD09A2D9FEC8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E5A9E18A-2296-4B07-9523-FAFE49EFF580}" = protocol=17 | dir=in | app=c:\program files\bitdefender\bitdefender 2010\uiscan.exe |
"{F3944638-38AB-4C38-AB90-376F5BEE05EC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{078CAC9A-E43E-4074-8217-CD505B65B1FF}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{18454195-6631-4BD2-8569-0EBDDBCF6677}C:\program files\webissync\ipisync.exe" = protocol=6 | dir=in | app=c:\program files\webissync\ipisync.exe |
"TCP Query User{231291DF-EF99-4C92-AE96-EB4F6611AA95}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"TCP Query User{3C801B3D-561C-432C-82C5-9BDCB62514D0}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=6 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe |
"TCP Query User{41FB78EA-1AF5-417B-B909-F32E0A244201}C:\users\emmanuel\desktop\fg710p.exe" = protocol=6 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe |
"TCP Query User{84F7E6F2-9569-4A60-B042-FCCA0E0C43E9}C:\program files\qk smtp server 3\qksmtpserver3.exe" = protocol=6 | dir=in | app=c:\program files\qk smtp server 3\qksmtpserver3.exe |
"TCP Query User{882ACD17-A077-4093-91D4-05C7E905863C}C:\users\emmanuel\appdata\local\temp\keygen.exe" = protocol=6 | dir=in | app=c:\users\emmanuel\appdata\local\temp\keygen.exe |
"TCP Query User{B8FD57D0-48B1-41F0-82AB-B52BB53B4A40}C:\users\emmanuel\desktop\fg710p.exe" = protocol=6 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe |
"UDP Query User{3BBE4F0B-59D2-46C4-A8DD-BBADC056F797}C:\users\emmanuel\desktop\fg710p.exe" = protocol=17 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe |
"UDP Query User{4D1EF782-AD8E-4E4C-8386-8B9F51D1F1C9}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"UDP Query User{5670350C-79AA-4DD8-ADE7-BF4D08A75B20}C:\program files\webissync\ipisync.exe" = protocol=17 | dir=in | app=c:\program files\webissync\ipisync.exe |
"UDP Query User{7C666E8E-A12E-41CA-A29D-DD401A8EB571}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=17 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe |
"UDP Query User{8D67DDA4-44A6-4899-8BA0-961634E24EC1}C:\program files\qk smtp server 3\qksmtpserver3.exe" = protocol=17 | dir=in | app=c:\program files\qk smtp server 3\qksmtpserver3.exe |
"UDP Query User{8D786D5A-9297-4242-AFFF-C27C97979EA4}C:\users\emmanuel\desktop\fg710p.exe" = protocol=17 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe |
"UDP Query User{99511C13-E16D-48CD-8D3E-67F7891642BA}C:\users\emmanuel\appdata\local\temp\keygen.exe" = protocol=17 | dir=in | app=c:\users\emmanuel\appdata\local\temp\keygen.exe |
"UDP Query User{D0AFE6CB-A6B5-4A01-820A-284EF20B9535}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01148B4C-0EC7-4D03-A615-5B4D8496AA88}" = SONY VGP-UPR1 (Display Adapter)
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{02D63222-CF76-E080-74DD-975B1672ED67}" = Catalyst Control Center Core Implementation
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{0405000A-0570-549A-A819-3BCEEAA1B40B}" = Catalyst Control Center Localization Hungarian
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{06786A53-D2D8-47CD-696A-ABC83625EBFE}" = Catalyst Control Center Graphics Light
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10DF5555-D134-4C2E-9D32-71BEE4025C0F}" = CMBEdit
"{12EAE4F0-8770-451C-B4AD-76B569678973}" = QuickTime MPEG2
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{1439F7FF-6389-4593-8227-76E7BE4730C9}" = MXAir Tutorial
"{14E7357F-487C-3BF6-7955-B898AA76306E}" = CCC Help Russian
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D9D199-E8A0-9FBA-DDF3-0E2D7826D694}" = Catalyst Control Center Localization Spanish
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18C24BF9-3B71-6F89-848C-D78C40197216}" = CCC Help Chinese Traditional
"{1974FF16-2A0A-76AF-D948-0037B0CB8EB5}" = CCC Help Hungarian
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E87F957-F850-D9F9-60F3-842955AAF519}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FC4125B-4657-4D1C-B358-E921F4883ED7}" = Skylook
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software
"{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C3D71B4-85C4-5FA9-859E-1413F94EF642}" = Catalyst Control Center Localization Greek
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{310395F2-9206-159B-43B0-BF63D9F01B61}" = Catalyst Control Center Localization Turkish
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F2E7336-7E29-4940-8E65-90E2CCC3DA07}" = FlipViewer Xpress Creator 2.2
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{4121D906-3131-4D50-A65A-A0F2846AB5C2}" = DisplayLink Core Software
"{43DA617D-1B80-0B70-FAA0-52AFCE853F40}" = CCC Help Finnish
"{4742375A-9BD3-46D0-E0CC-A8819D2E2C54}" = CCC Help Greek
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BB5D5A7-F75E-D8D9-0DF8-AA2C1F188CEB}" = Catalyst Control Center Localization French
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4FCBFEDD-0CBF-A4A8-79D3-E9EAD37336C9}" = CCC Help Chinese Standard
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54C91EE3-65B9-A931-8382-12B2A02709F8}" = ATI Catalyst Install Manager
"{5511F0CC-59E0-02AD-941F-2323DA2BB377}" = CCC Help Swedish
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A29796D-2566-3ADA-043D-28C51CD7D4C3}" = Catalyst Control Center Localization Chinese Standard
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5D803295-DD78-0143-F64B-0D80852C43E9}" = CCC Help Italian
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{61FD2585-3337-8822-899B-68612742BA2F}" = Catalyst Control Center Localization Russian
"{634F6989-4BB5-4EF2-AF6F-C15700F81494}}_is1" = Advanced System Optimizer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1" = PamFax
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C7196C0-D205-03E7-39A1-7A23AB69F659}" = CCC Help Czech
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70D43D66-53BF-257F-72FC-96FB33B39276}" = Catalyst Control Center Graphics Full New
"{713D3AEC-9C28-4A4F-8E16-6A97AE7BE336}" = FlipBook Creator 1.5
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{723F5CDD-839A-FF16-4CFA-C4E0AA54A315}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live
"{73BD4567-1C4E-8D45-1D28-3D469026A883}" = Skins
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting
"{761205A9-41DC-48C9-2CC1-F197D372DBEF}" = Catalyst Control Center Localization Italian
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7E5DEF65-FE91-02F2-C291-22741AC34017}" = Catalyst Control Center Localization Danish
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{826E7114-AA2E-59AA-1916-2A753DC49153}" = ccc-utility
"{8299B94E-7F85-65A9-B0FA-6F6A8A6D4FBD}" = Catalyst Control Center Localization Thai
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8626472F-7AD7-C83B-66FA-00E0A1C50A26}" = Catalyst Control Center Localization Swedish
"{8662A65A-A2A1-072C-708D-1C1262776F6A}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3CD8CF-7012-51E5-107B-5A8C75701E1A}" = CCC Help Dutch
"{8D7A8160-B777-4073-B1BE-62CFDD14A1D3}" = BitDefender Antivirus 2010
"{8DCD7A9A-8B0B-4184-A5D7-C4BDAA31C750}" = Microsoft Office Live Add-in Patches
"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{918CFAF6-AC40-F2C8-C044-7FA95C8A7099}" = CCC Help German
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9D10CB57-B085-44c3-B435-2D193BA153F0}" = Conseiller de mise à niveau vers Windows 7
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A1C62179-A9E6-4F25-B978-ACFD01524762}" = Adobe Setup
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A55A277A-4336-FACF-991A-52B51B8FAE78}" = Catalyst Control Center Localization Finnish
"{A5D54806-AA49-BBFF-A2D3-76FA3DF096FA}" = Catalyst Control Center Localization Korean
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1" = Astrill 2.2.0.1824
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AAE442C0-F28B-8D58-1A1C-D566F9BCD294}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B6B0D277-D003-307F-CF94-5F5894DFA3F1}" = Catalyst Control Center Graphics Full Existing
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC653BB7-0AF0-22E5-A895-902AD52675CA}" = CCC Help Portuguese
"{BCEABBD6-6EDA-4246-7EDB-D68FCCD78A65}" = Catalyst Control Center Graphics Previews Common
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{BDD17603-CB75-0639-E6DA-0D9AA92A605B}" = CCC Help English
"{BEB57E7F-FF01-4CBB-9857-FF9DC655C7F1}" = Adobe InCopy CS4 Application Feature Set Files (Roman)
"{BF5F6A06-0FC3-BEC0-9CC1-54D870A9EF97}" = Catalyst Control Center Localization Chinese Traditional
"{C221CE66-9C07-8EA7-8EF6-AAD8E4588AE0}" = CCC Help French
"{C455F37C-E92E-5CEB-382D-8B8EC580266F}" = Catalyst Control Center Localization Norwegian
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6F150F6-AE89-30C7-6256-C40CF9328602}" = Catalyst Control Center Graphics Previews Vista
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding
"{C9E33C86-7931-43A3-9DBC-5ED7F17DFE4B}" = FlipViewer 4.5
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CBAE1EE5-F6E0-BDEF-0D49-C2AE46BE3B88}" = CCC Help Polish
"{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story
"{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3AF5596-546F-5975-39B4-259A197C7E24}" = Catalyst Control Center Localization Japanese
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDF57E4A-66B5-E9CC-C2A2-F2C98C57912C}" = CCC Help Turkish
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = French App Name
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center
"{E27D2C9F-83A1-A34C-E366-26EADB9270F7}" = Catalyst Control Center Localization Dutch
"{E2E7667F-C286-D110-7F9D-FC397A2607A8}" = CCC Help Danish
"{E3D4D2B9-5333-41E2-A42B-D92A22C270B3}" = SONY VGP-UPR1 (Display Adapter) Utility
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6DE9A54-8514-446E-9D11-530DC599C355}" = Microsoft SharedView
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7821540-B8F8-304F-1B97-C43D8582EB18}" = CCC Help Norwegian
"{E8CA49A5-25C6-D80A-ED46-9D48A8B5D5F5}" = CCC Help Japanese
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F06300A2-87AE-042F-DE0F-1A5E380877C5}" = Catalyst Control Center Localization Czech
"{F06E4CBA-ABAD-4F6A-A793-9A29CD3C5FC2}_is1" = PamFax Office Integration
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20E6529-0B46-FC26-378F-62CD640A98C4}" = Catalyst Control Center Localization Polish
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F5794D29-B9C9-4F99-9569-34CC2555B9A8}" = Mindjet MindManager 9
"{F754B561-ACAD-A3FA-AF54-3E5F9E662B04}" = CCC Help Korean
"{F8821B6D-B6C9-E676-9B7D-3269F36A1769}" = CCC Help Spanish
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE2FDC72-3059-4F6C-9A31-563178C60226}" = Adobe InCopy CS4 Common Base Files
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = RoboForm 7-2-9 (All Users)
"Alien Skin Exposure 3" = Alien Skin Exposure 3
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon SELPHY CP780" = Canon SELPHY CP780
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CMBPB40" = ÕÐÐÐרҵ°æ
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = French App Name
"Ditto_is1" = Ditto 3.15.4.0
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"EP Budgeting" = EP Budgeting
"Free HD Converter_is1" = Free HD Converter V 1.7
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieOutline310_is1" = Movie Outline 3.1.1
"Mozilla Firefox 4.0.1 (x86 fr)" = Mozilla Firefox 4.0.1 (x86 fr)
"MyCamera" = Canon Utilities MyCamera
"Ö§¸¶±¦²å¼þ_is1" = Ö§¸¶±¦²å¼þ 1.2.0.2
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDF-XChange 3_is1" = PDF-XChange 3
"ProInst" = Intel PROSet Wireless
"Qlock" = Qlock Lite
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealAlt_is1" = Real Alternative 1.9.0
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Resolume DXV Quicktime Codec_is1" = Resolume DXV Quicktime Codec 2.1
"Ultra Flash Video FLV Converter_is1" = Ultra Flash Video FLV Converter 3.8.1023
"UltSounds" = Modèles de sons Windows
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.2
"YU2010_is1" = Your Uninstaller! 7
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Emmanuel\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.93 Gb Total Space | 88.47 Gb Free Space | 24.31% Space Free | Partition Type: NTFS
Computer Name: EMMANUEL-PC | User Name: Emmanuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe
PRC - [2011/04/13 14:07:44 | 001,481,496 | -H-- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe
PRC - [2011/03/08 10:19:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2011/01/18 23:49:08 | 001,176,448 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/03/25 23:49:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2010/03/18 16:04:52 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2010/01/17 11:21:17 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/04/11 14:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/08/29 02:34:10 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/08/29 02:34:10 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/08/29 01:10:18 | 000,233,472 | ---- | M] () -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2008/08/18 23:31:22 | 000,443,752 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
PRC - [2008/08/18 23:31:20 | 004,597,096 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2008/07/11 05:10:44 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/11 05:10:44 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/06/09 21:59:30 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/05/01 10:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe
PRC - [2008/05/01 10:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/03 02:07:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008/04/03 02:07:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/04/03 02:07:38 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/06 04:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (SafeList) ==========
MOD - [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe
MOD - [2010/09/23 04:07:50 | 000,107,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mindjet\MindManager 9\msscript.ocx
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (CaCCProvSP)
SRV - [2011/03/08 10:19:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2011/01/11 02:40:42 | 001,962,192 | ---- | M] (Astrill) [On_Demand | Stopped] -- C:\Users\Emmanuel\AppData\Roaming\Astrill\ASProxy.exe -- (ASProxy)
SRV - [2011/01/11 02:40:28 | 000,428,056 | ---- | M] (Astrill) [On_Demand | Stopped] -- C:\Users\Emmanuel\AppData\Roaming\Astrill\ASOvpnSvc.exe -- (ASOVPNHelper)
SRV - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/04/22 01:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/22 01:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/25 23:49:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/12 16:40:10 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/17 11:21:17 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/04/11 14:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/01/22 08:06:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/29 02:34:10 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/08/18 23:31:22 | 000,443,752 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe -- (DisplayLinkService)
SRV - [2008/07/11 05:10:44 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/06/09 21:59:30 | 000,098,304 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkHDMIService)
SRV - [2008/05/02 09:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/05/01 10:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/05/01 10:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/03 02:07:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/04/03 02:07:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008/04/03 02:07:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/04/03 02:07:38 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/03/05 11:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/03/05 11:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/03/05 11:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/03/04 05:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/03/04 04:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/01/21 10:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 17:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007/11/28 17:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007/11/28 16:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/06/06 04:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV - [2010/08/20 22:08:46 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/06/13 14:42:46 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/06/13 14:42:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2010/06/13 14:42:38 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/04/23 17:43:52 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/02/22 14:58:40 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/02/03 13:57:36 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM)
DRV - [2010/01/08 16:28:40 | 000,006,656 | ---- | M] (alipay.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alidevice.sys -- (Alidevice)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/08/31 10:38:02 | 000,011,808 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CertClient.dat -- (CMB8100)
DRV - [2009/08/31 10:38:02 | 000,010,272 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CMBProtector.dat -- (CMBProtector)
DRV - [2009/08/27 15:18:58 | 000,025,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/08/21 02:08:00 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2009/08/21 02:08:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2009/08/21 02:08:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/04/11 12:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)
DRV - [2009/01/16 17:08:39 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/18 23:31:50 | 000,287,856 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2008/08/18 23:31:50 | 000,013,424 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2008/05/13 08:05:19 | 003,537,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 21:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/28 09:19:55 | 000,142,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/04/22 22:43:36 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/04/22 08:01:11 | 000,903,680 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/16 08:04:24 | 000,046,592 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/04/16 08:04:12 | 000,068,096 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/02/29 10:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 10:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/23 08:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/25 10:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 10:21:34 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/01/21 10:21:27 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2007/12/17 09:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/07/26 16:25:12 | 000,039,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2007/06/27 10:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 10:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
DRV - [2007/04/18 11:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/08 15:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006/11/02 12:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/04/04 21:20:36 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Rue89 | Site d'information et de débat sur l'actualité, indépendant et participatif
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8580
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://pro.imdb.com/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e2337727-f9c9-411b-929e-287584341d1a}:3.4.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: addon@astrill.com:1.4
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8580
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 8580
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8580
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8580
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8580
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8580
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8580
FF - prefs.js..network.proxy.type: 1
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/09/21 09:56:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/05/02 15:11:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 14:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 14:04:35 | 000,000,000 | ---D | M]
[2009/10/10 14:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Extensions
[2009/10/10 14:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2011/05/08 11:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions
[2011/04/04 19:59:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/18 12:10:47 | 000,000,000 | ---D | M] (LinkedIn Companion for Firefox) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\{e2337727-f9c9-411b-929e-287584341d1a}
[2010/09/29 10:23:16 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/01/17 12:28:37 | 000,004,166 | ---- | M] () -- C:\Users\Emmanuel\AppData\Roaming\Mozilla\Firefox\Profiles\8681oi1f.default\searchplugins\baidu.xml
[2011/05/02 14:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 14:26:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 19:46:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/18 16:42:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/15 17:17:28 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2011/05/02 15:11:12 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2009/07/06 02:37:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/15 00:47:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/12/15 15:05:50 | 000,234,496 | ---- | M] (Alipay.com co.,ltd) -- C:\Program Files\Mozilla Firefox\plugins\npaliedit.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/05/17 05:00:12 | 000,046,856 | ---- | M] (E-Book Systems.) -- C:\Program Files\Mozilla Firefox\plugins\NPOpf.dll
[2010/01/01 16:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 16:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 16:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/01 16:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 16:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
[2011/02/28 15:06:17 | 000,001,066 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-zugo.xml
O1 HOSTS File: ([2011/03/24 14:42:12 | 000,001,963 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 66.207.162.66 freedur.com
O1 - Hosts: 66.207.162.66 www.freedur.com
O1 - Hosts: 204.152.194.50 clients.freedur.com
O1 - Hosts: 204.152.194.50 blog.freedur.com
O1 - Hosts: 66.207.162.66 freedur.net
O1 - Hosts: 66.207.162.66 www.freedur.net
O1 - Hosts: 204.152.194.50 clients.freedur.net
O1 - Hosts: 204.152.194.50 blog.freedur.net
O1 - Hosts: 15 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fvbho140.dll (E-Book Systems Inc.)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe ()
O4 - HKCU..\Run: [lnksutil] File not found
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Barre RoboForm - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Enregistrer le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Personnaliser le menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: QQ - C:\Program Files\Tencent\QQIntl\Bin\AddEmotion.htm ()
O8 - Extra context menu item: Remplir le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\ASProxy.dll (Astrill)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: carrefour.com.cn ([e-shop] https in Trusted sites)
O15 - HKCU\..Trusted Domains: imdb.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} https://download.ali...401/aliedit.cab (iTrusPTA Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.168.255.118 116.228.111.18
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell - "" = AutoRun
O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell - "" = AutoRun
O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell - "" = AutoRun
O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell\AutoRun\command - "" = J:\StormF1.exe
O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell - "" = AutoRun
O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{f45104b5-2b1d-11df-9eef-001e3ded49ed}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Zaptag-Run-Me.hta
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2011/05/08 16:33:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/05/08 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/05/08 16:19:49 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Local\Windows Live
[2011/05/08 16:11:31 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011/05/08 15:23:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/05/08 15:22:38 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/05/08 15:22:38 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/05/08 15:22:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/05/08 15:22:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/05/08 15:22:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/05/08 15:22:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/05/08 15:22:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/05/08 15:22:30 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/05/08 15:22:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/05/08 15:22:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/05/08 15:22:16 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/05/08 15:22:16 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/05/08 15:22:16 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/05/08 15:22:16 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/05/08 15:22:16 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/05/08 14:51:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe
[2011/05/08 11:13:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/05/08 11:02:45 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/05/08 11:02:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/05/08 11:01:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/05/08 11:01:08 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/05/08 11:00:32 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/08 11:00:28 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/05/08 10:59:56 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/05/08 10:59:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/05/08 10:59:44 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/05/08 10:59:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/05/08 10:59:43 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/05/08 10:59:07 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/05/08 10:59:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/05/08 10:58:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/05/08 10:58:50 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/05/08 10:58:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/05/08 03:55:46 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\Desktop\Malware Cleanup
[2011/05/08 03:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
[2011/05/08 03:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller! 7
[2011/05/08 03:28:55 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/08 03:28:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/08 03:28:54 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/08 03:28:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/08 03:28:53 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/08 03:28:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/08 03:28:53 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/08 03:28:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/08 03:28:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/08 03:28:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/08 03:28:51 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/08 03:28:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/08 03:28:50 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/08 03:28:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/08 03:28:49 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/08 03:28:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/08 03:28:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/08 03:28:49 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/08 03:28:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/08 03:28:48 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/08 03:28:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/08 03:28:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/08 03:28:48 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/08 03:28:48 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/08 03:28:47 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/08 03:28:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/08 03:28:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/08 03:28:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/08 03:28:44 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/08 03:28:43 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/08 03:28:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/08 03:28:39 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/08 03:28:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/08 03:28:38 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/08 03:28:34 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/08 03:28:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/08 03:28:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/08 03:28:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/08 03:28:27 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/08 03:26:15 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/05/08 03:26:14 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/05/08 03:26:13 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/05/08 03:26:12 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/05/08 03:26:11 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/05/08 03:26:09 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/05/08 03:26:05 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/05/08 03:25:48 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/05/08 03:25:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/05/08 03:25:46 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/05/08 03:25:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/05/08 03:25:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/05/08 03:25:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/05/08 03:25:43 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/05/08 03:25:43 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/05/08 03:25:42 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/05/08 03:25:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/05/08 03:25:40 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/05/08 03:25:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/05/08 03:25:38 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/05/08 03:25:37 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/05/08 03:25:36 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/08 02:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/05/08 02:44:59 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/05/08 02:44:56 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/05/08 02:44:56 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/05/08 02:43:17 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/05/08 02:43:11 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/05/08 02:43:11 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/05/08 02:43:10 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/05/08 02:43:10 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/05/08 02:43:09 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/05/08 02:41:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/05/08 02:41:28 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/05/08 02:41:20 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/05/08 02:41:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011/05/08 02:41:14 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/05/08 02:41:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011/05/08 02:41:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/05/08 02:41:13 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/05/08 02:41:13 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2011/05/08 02:41:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/05/08 02:41:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/05/08 02:41:13 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/05/08 02:38:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/05/08 02:38:19 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/05/08 02:08:02 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/05/08 02:07:50 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/05/08 02:06:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/05/08 02:06:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/05/08 02:06:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/05/08 02:06:15 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/05/08 02:06:15 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/05/08 02:06:15 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/05/08 02:06:14 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/05/08 02:06:14 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/05/08 02:06:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/05/08 01:59:48 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/05/06 10:50:09 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\Malwarebytes
[2011/05/06 10:49:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/06 10:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/06 10:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/06 10:49:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/06 10:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/04 11:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/05/02 15:17:42 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\RoboForm
[2011/05/02 15:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2011/05/02 10:58:02 | 001,481,496 | -H-- | C] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe
[2011/04/24 15:29:11 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\Desktop\Marketing Documents
========== Files - Modified Within 30 Days ==========
[2011/05/08 21:00:35 | 000,001,073 | -H-- | M] () -- C:\Users\Emmanuel\Desktop\fg.ini
[2011/05/08 20:45:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/05/08 20:29:59 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/05/08 19:46:31 | 000,431,304 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2011/05/08 19:46:31 | 000,421,940 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2011/05/08 19:46:31 | 000,127,458 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2011/05/08 19:46:31 | 000,127,446 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2011/05/08 19:46:30 | 000,751,468 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/05/08 19:46:30 | 000,674,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/08 19:46:30 | 000,152,004 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/05/08 19:46:30 | 000,127,904 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/08 19:42:04 | 007,571,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/08 19:41:54 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 19:41:53 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 19:38:14 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/08 19:36:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/08 19:25:21 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv
[2011/05/08 19:25:11 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/08 15:43:13 | 000,002,357 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook 2010.lnk
[2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe
[2011/05/08 14:18:49 | 000,002,555 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2011/05/08 10:28:45 | 000,000,908 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/08 03:58:52 | 000,146,944 | ---- | M] () -- C:\Users\Emmanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/08 03:29:19 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/08 03:29:19 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/08 03:28:55 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/08 03:28:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/08 03:28:54 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/08 03:28:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/08 03:28:53 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/08 03:28:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/08 03:28:53 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/08 03:28:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/08 03:28:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/08 03:28:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/08 03:28:51 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/08 03:28:50 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/08 03:28:50 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/08 03:28:49 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/08 03:28:49 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/08 03:28:49 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/08 03:28:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/08 03:28:49 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/08 03:28:49 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/08 03:28:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/08 03:28:48 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/08 03:28:48 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/08 03:28:48 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/08 03:28:48 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/08 03:28:48 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/08 03:28:47 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/08 03:28:46 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/08 03:28:46 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/08 03:28:46 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/08 03:28:44 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/08 03:28:43 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/08 03:28:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/08 03:28:39 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/08 03:28:39 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/08 03:28:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/08 03:28:34 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/08 03:28:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/08 03:28:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/08 03:28:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/08 03:28:27 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/08 03:26:15 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/05/08 03:26:14 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/05/08 03:26:13 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/05/08 03:26:12 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/05/08 03:26:11 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/05/08 03:26:09 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/05/08 03:26:05 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/05/08 03:25:48 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/05/08 03:25:48 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/05/08 03:25:46 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/05/08 03:25:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/05/08 03:25:44 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/05/08 03:25:44 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/05/08 03:25:43 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/05/08 03:25:43 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/05/08 03:25:42 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/05/08 03:25:41 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/05/08 03:25:40 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/05/08 03:25:40 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/05/08 03:25:38 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/05/08 03:25:37 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/05/08 03:25:36 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/08 02:49:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/08 02:46:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/05/07 21:57:03 | 634,498,416 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/07 16:38:34 | 000,000,020 | ---- | M] () -- C:\Users\Emmanuel\defogger_reenable
[2011/05/06 17:11:00 | 007,450,289 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Cities of Love in Chinese.icml
[2011/05/06 13:23:19 | 000,002,597 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/05/02 18:52:04 | 000,004,096 | -H-- | M] () -- C:\Users\Emmanuel\AppData\Local\keyfile3.drm
[2011/05/02 14:05:03 | 000,000,835 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/02 13:08:01 | 000,000,476 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\fg710p.exe - Raccourci.lnk
[2011/05/02 11:18:03 | 000,003,136 | ---- | M] () -- C:\Windows\System32\ASProxy.ini
[2011/05/02 11:18:03 | 000,001,968 | ---- | M] () -- C:\Windows\System32\ASProxyOff.ini
[2011/04/29 14:26:34 | 000,000,501 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Shanghai Presentation files - Raccourci.lnk
[2011/04/25 09:31:40 | 000,560,553 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Shanghai - Photographic Presentation.pdf
[2011/04/22 19:30:06 | 001,634,304 | ---- | M] () -- C:\Users\Emmanuel\Desktop\SILY Transition Team in Ch.indd
[2011/04/22 19:24:48 | 002,199,552 | ---- | M] () -- C:\Users\Emmanuel\Desktop\SILY Directors Cards in Ch.indd
[2011/04/14 21:41:30 | 002,954,072 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Cannes 2011.pdf
[2011/04/13 14:07:44 | 001,481,496 | -H-- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe
========== Files Created - No Company Name ==========
[2011/05/08 20:45:54 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/05/08 15:22:20 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/05/08 15:22:20 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/05/08 15:22:19 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/05/08 10:28:45 | 000,000,914 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/08 10:28:45 | 000,000,908 | ---- | C] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/08 03:28:49 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/08 02:49:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/08 02:46:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/05/07 16:37:35 | 000,000,020 | ---- | C] () -- C:\Users\Emmanuel\defogger_reenable
[2011/05/06 17:11:00 | 007,450,289 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Cities of Love in Chinese.icml
[2011/05/05 19:24:35 | 001,634,304 | ---- | C] () -- C:\Users\Emmanuel\Desktop\SILY Transition Team in Ch.indd
[2011/05/05 19:24:34 | 002,199,552 | ---- | C] () -- C:\Users\Emmanuel\Desktop\SILY Directors Cards in Ch.indd
[2011/05/02 18:52:04 | 000,004,096 | -H-- | C] () -- C:\Users\Emmanuel\AppData\Local\keyfile3.drm
[2011/05/02 13:08:01 | 000,000,476 | ---- | C] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\fg710p.exe - Raccourci.lnk
[2011/05/02 13:01:56 | 000,001,073 | -H-- | C] () -- C:\Users\Emmanuel\Desktop\fg.ini
[2011/04/29 14:26:34 | 000,000,501 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Shanghai Presentation files - Raccourci.lnk
[2011/04/25 09:30:33 | 000,560,553 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Shanghai - Photographic Presentation.pdf
[2011/04/14 21:41:30 | 002,954,072 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Cannes 2011.pdf
[2011/01/15 19:16:45 | 000,000,000 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\chrtmp
[2010/12/31 10:02:15 | 000,000,132 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/11/01 00:05:52 | 000,001,968 | ---- | C] () -- C:\Windows\System32\ASProxyOff.ini
[2010/11/01 00:05:51 | 000,003,136 | ---- | C] () -- C:\Windows\System32\ASProxy.ini
[2010/08/02 11:06:12 | 000,038,431 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/06/13 13:46:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010/06/13 13:46:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010/01/26 14:20:07 | 000,000,760 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\setup_ldm.iss
[2010/01/17 11:17:08 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/01/05 18:25:22 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/12/31 12:27:14 | 000,000,156 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/12/29 15:05:37 | 000,403,344 | ---- | C] () -- C:\Windows\System32\CMBEdit.dll
[2009/12/29 15:05:33 | 000,337,816 | ---- | C] () -- C:\Windows\System32\Cmb_Pb_LiveUpdate.exe
[2009/12/29 15:05:33 | 000,100,240 | ---- | C] () -- C:\Windows\System32\CmbSafeBase.dll
[2009/12/29 15:05:33 | 000,011,808 | ---- | C] () -- C:\Windows\System32\drivers\CertClient.dat
[2009/12/29 15:05:33 | 000,010,272 | ---- | C] () -- C:\Windows\System32\drivers\CMBProtector.dat
[2009/12/29 15:05:32 | 000,611,736 | ---- | C] () -- C:\Windows\System32\CMBPBUninstall.exe
[2009/12/29 15:05:32 | 000,472,976 | ---- | C] () -- C:\Windows\System32\PBHttpComm.dll
[2009/12/29 15:05:32 | 000,186,264 | ---- | C] () -- C:\Windows\System32\PersonalBankPortal.exe
[2009/12/15 13:58:10 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2009/11/06 12:00:20 | 000,016,240 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2009/09/11 07:53:29 | 000,001,356 | ---- | C] () -- C:\Users\Emmanuel\AppData\Local\d3d9caps.dat
[2009/08/27 15:25:33 | 000,025,736 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2009/07/06 04:23:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/06 04:23:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/06 04:21:55 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/05/27 15:16:48 | 000,000,015 | ---- | C] () -- C:\Program Files\winreg.ini
[2009/05/27 15:14:27 | 000,059,392 | ---- | C] () -- C:\Windows\System32\Win32Printer.dll
[2009/04/22 21:39:09 | 000,242,176 | ---- | C] () -- C:\Windows\System32\fixflash.exe
[2009/04/22 21:39:08 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2009/04/22 21:39:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2009/03/08 03:11:28 | 000,000,206 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2009/02/21 19:22:14 | 000,047,360 | ---- | C] () -- C:\Windows\System32\drivers\Surroundhp_kern_i386.sys
[2009/02/21 19:22:14 | 000,047,104 | ---- | C] () -- C:\Windows\System32\drivers\tshd4_kern_i386.sys
[2009/02/21 19:22:14 | 000,042,112 | ---- | C] () -- C:\Windows\System32\drivers\csiidecoder_kern_i386.sys
[2009/02/21 19:22:14 | 000,039,808 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2009/01/31 19:45:48 | 000,431,304 | ---- | C] () -- C:\Windows\System32\prfh0404.dat
[2009/01/31 19:45:48 | 000,127,458 | ---- | C] () -- C:\Windows\System32\prfc0404.dat
[2009/01/31 19:45:48 | 000,116,540 | ---- | C] () -- C:\Windows\System32\prfi0404.dat
[2009/01/31 19:45:48 | 000,109,926 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
[2009/01/31 19:45:48 | 000,030,674 | ---- | C] () -- C:\Windows\System32\prfd0404.dat
[2009/01/31 19:45:47 | 000,421,940 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
[2009/01/31 19:45:47 | 000,127,446 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
[2009/01/31 19:45:47 | 000,030,674 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
[2009/01/20 21:07:09 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/01/19 21:55:49 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/19 21:50:01 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2008/10/27 19:46:09 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008/10/15 03:00:05 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2008/10/15 02:56:18 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2008/10/05 15:42:34 | 000,000,080 | ---- | C] () -- C:\Windows\System32\DCDA1745C1.dll
[2008/09/12 09:28:50 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/09/02 08:17:56 | 000,146,944 | ---- | C] () -- C:\Users\Emmanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/02 04:20:32 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/08/30 22:05:11 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/08/29 08:25:33 | 000,751,468 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/08/29 08:25:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/08/29 08:25:33 | 000,152,004 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/08/29 08:25:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2008/08/29 07:56:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/18 07:34:16 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/06/18 06:41:36 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/06/18 06:41:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/06/18 06:41:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/06/18 06:41:16 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1493.dll
[2008/06/18 06:41:16 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/18 06:11:41 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2008/06/18 05:59:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/06/18 05:53:54 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/06/18 05:50:39 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/21 10:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/10/31 01:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/06/06 04:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007/04/16 18:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 20:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:46:27 | 007,571,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,674,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,127,904 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/15 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/19 05:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/03/08 10:19:36 | 000,063,620 | ---- | M] () -- C:\bdlog.txt
[2009/04/11 14:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/01/15 23:00:51 | 000,546,687 | ---- | M] () -- C:\caisslog.txt
[2006/09/19 05:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/05/11 05:22:35 | 000,000,077 | ---- | M] () -- C:\DVDRipper_debug.txt
[2008/11/28 01:22:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/16 18:51:23 | 000,000,078 | ---- | M] () -- C:\lxcy.log
[2008/11/28 01:22:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/08 19:31:38 | 3532,775,424 | -HS- | M] () -- C:\pagefile.sys
[2010/06/13 13:46:35 | 000,000,000 | ---- | M] () -- C:\pcversion.txt
[2011/05/08 20:45:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2009/06/22 20:19:33 | 000,648,016 | ---- | M] (Siber Systems) -- C:\PortableRoboForm.exe
[2009/01/19 21:37:02 | 000,000,611 | ---- | M] () -- C:\RHDSetup.log
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\wrLZMA.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/01/21 11:16:46 | 017,956,864 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 11:16:31 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 11:16:46 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 18:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 18:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\drivers\*.sys /90 >
[2011/02/22 21:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys
[2011/05/08 03:25:41 | 000,638,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2011/02/22 21:23:59 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2011/02/22 21:24:10 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2011/02/22 21:24:02 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2011/02/18 22:03:32 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2011/02/18 22:03:10 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2011/02/18 22:03:06 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-08 11:53:34
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:5BB923A2
< End of report >
OTL Extras logfile created on: 5/8/2011 8:35:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Emmanuel\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.93 Gb Total Space | 88.47 Gb Free Space | 24.31% Space Free | Partition Type: NTFS
Computer Name: EMMANUEL-PC | User Name: Emmanuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = jsfile] -- Reg Error: Value error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2406939421-308661945-4081067968-1003]
"EnableNotificationsRef" = 3
"EnableNotifications" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\" = C:\Windows\system\dwm.exe:*:Enabled:KL
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E1B6CF-EB58-4483-9FFA-58CC27C55787}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{0F4D5E70-896B-472B-A046-7CF338AFDB9A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{13C60B5D-18C4-416E-9FB9-30AE59914AFF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{142B4D99-3232-4CD4-9B65-1D096EA1E327}" = rport=445 | protocol=6 | dir=out | app=system |
"{16CF1AAB-8A03-407D-A3B9-B3F3BF36FA33}" = rport=2869 | protocol=6 | dir=out | app=system |
"{254B6A4B-090C-4DF9-B144-14037FD3E71D}" = rport=139 | protocol=6 | dir=out | app=system |
"{364C1B48-7493-4706-9503-0D951E9CCD58}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{46302FAC-D5E5-4F22-BC5E-39B508649935}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{481EB4D7-0DB3-4A39-B567-1762E8E895CB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{5F4580A6-9558-49ED-82F8-281A0B002C22}" = lport=139 | protocol=6 | dir=in | app=system |
"{674189B5-5B36-4C99-9D02-383DFBB8BE1B}" = rport=137 | protocol=17 | dir=out | app=system |
"{68613C70-0BBD-413D-A49B-76354FF6BD50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{689A1965-10AC-4716-9094-D2EB5CC4591B}" = lport=445 | protocol=6 | dir=in | app=system |
"{6BBEA2F9-E16D-4250-A456-082CF5C08D17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6C09942F-9257-4C38-B436-64DD9DCABB6B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{6F8CDCDF-1935-4A62-95F1-2C594682089E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{783461F8-8B72-4ABB-9B6A-DBE3911ACCE1}" = lport=138 | protocol=17 | dir=in | app=system |
"{7BB062E3-8498-44B1-8FFE-77A5080928AB}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{7DA0B118-23DC-4288-9489-1D0D89F7F9CC}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{8B2ABED0-9443-4DE2-B199-00E977A86AF1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8CF16A9C-DCF7-4F4E-AFE9-27F71EACFE52}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{96F4FB9B-FEEB-4779-ACCD-0651BF21B67F}" = lport=137 | protocol=17 | dir=in | app=system |
"{A213CB72-45D3-4206-98A3-194533F7BAB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC132BC9-9BEA-46C7-A107-A85642E1947C}" = rport=138 | protocol=17 | dir=out | app=system |
"{AF253F34-4F4E-4AF9-A409-95BA067993D9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B5CE1329-93D1-44EF-9AA7-2300C8848079}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{D6D8360C-D221-4E21-A0D4-951872F5FFE2}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{E7C9AC94-E10B-4D82-977F-DE9EB1C6D766}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{EAA86AEC-6495-46C6-B12C-3A8FEBA02EF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9A16040-5AF8-4920-812B-BDAE72693A02}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8347F6-47A6-4085-9751-1B3123A9DCAD}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{0CA24DDF-2EEF-4836-B0B5-0145F7A97F4A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{15916D17-36E9-4CE0-84A3-CFBF60E73CFA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{167F82C9-2352-487D-B13B-5484A59F6D8F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{18DAD7E5-90D6-4307-A637-CBB7154217B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{31172B77-DF71-4FDF-888A-AF2E59E31790}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{340B63AB-608D-4B68-A379-CC1606BDFB15}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3CE1EEC5-0816-4FEB-B0D3-90B8D80C4EE7}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{49A6A2EA-15CE-42CF-8839-D1D2A59FA8C5}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{4B4C1D75-F9BB-47FF-851C-CFDFA76457E6}" = protocol=6 | dir=in | app=c:\program files\webissync\ipisync.exe |
"{5523A1C6-402F-446A-BDAE-ABD054A4D84A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5B78A48B-A3A0-4A99-83B9-CBE383686D89}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5EB38ADB-FEC0-4C50-80F4-1EE4A6253206}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{61B9CCF7-1ADF-4CDA-9BDC-912A5C086DA7}" = protocol=17 | dir=in | app=c:\program files\webissync\ipisync.exe |
"{841F878A-7F70-401F-8835-238B8FC07B31}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{887CA51E-5E1E-4139-A431-0777DAA9D526}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C5C6ED0-E5F3-4F84-9F9F-9358B31E53EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{92060DA9-C52A-463C-8021-FF34584D3AA7}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{94377041-6428-4835-B87F-0F5CF1BEE676}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{974EE3AF-5EE0-4351-A7F1-4E09E7EF2CB3}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{975304EE-4F09-41C1-ADD7-1D131EA96667}" = protocol=6 | dir=in | app=c:\program files\bitdefender\bitdefender 2010\uiscan.exe |
"{9E7CA494-2B30-462D-AA23-00CA86108A9C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{AF23C1F9-E68B-4161-8624-B1BE4D64F764}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B4A7D53E-5C71-418E-81F1-D287820E419E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C5CBA712-27DB-4D00-B162-C40303CBB849}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D1A4C9F1-1226-411C-8F3D-24AE39F39DDE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D4AA9ACD-BE2E-4729-BB26-81FFACC7A796}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{D597618B-E440-425E-8407-46D36B8C2040}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DCDF4453-2A99-4AC6-8EB4-21ADE29E9105}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DF62AD8B-E83F-4BB9-B59F-BD09A2D9FEC8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E5A9E18A-2296-4B07-9523-FAFE49EFF580}" = protocol=17 | dir=in | app=c:\program files\bitdefender\bitdefender 2010\uiscan.exe |
"{F3944638-38AB-4C38-AB90-376F5BEE05EC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{078CAC9A-E43E-4074-8217-CD505B65B1FF}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{18454195-6631-4BD2-8569-0EBDDBCF6677}C:\program files\webissync\ipisync.exe" = protocol=6 | dir=in | app=c:\program files\webissync\ipisync.exe |
"TCP Query User{231291DF-EF99-4C92-AE96-EB4F6611AA95}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"TCP Query User{3C801B3D-561C-432C-82C5-9BDCB62514D0}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=6 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe |
"TCP Query User{41FB78EA-1AF5-417B-B909-F32E0A244201}C:\users\emmanuel\desktop\fg710p.exe" = protocol=6 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe |
"TCP Query User{84F7E6F2-9569-4A60-B042-FCCA0E0C43E9}C:\program files\qk smtp server 3\qksmtpserver3.exe" = protocol=6 | dir=in | app=c:\program files\qk smtp server 3\qksmtpserver3.exe |
"TCP Query User{882ACD17-A077-4093-91D4-05C7E905863C}C:\users\emmanuel\appdata\local\temp\keygen.exe" = protocol=6 | dir=in | app=c:\users\emmanuel\appdata\local\temp\keygen.exe |
"TCP Query User{B8FD57D0-48B1-41F0-82AB-B52BB53B4A40}C:\users\emmanuel\desktop\fg710p.exe" = protocol=6 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe |
"UDP Query User{3BBE4F0B-59D2-46C4-A8DD-BBADC056F797}C:\users\emmanuel\desktop\fg710p.exe" = protocol=17 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe |
"UDP Query User{4D1EF782-AD8E-4E4C-8386-8B9F51D1F1C9}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"UDP Query User{5670350C-79AA-4DD8-ADE7-BF4D08A75B20}C:\program files\webissync\ipisync.exe" = protocol=17 | dir=in | app=c:\program files\webissync\ipisync.exe |
"UDP Query User{7C666E8E-A12E-41CA-A29D-DD401A8EB571}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=17 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe |
"UDP Query User{8D67DDA4-44A6-4899-8BA0-961634E24EC1}C:\program files\qk smtp server 3\qksmtpserver3.exe" = protocol=17 | dir=in | app=c:\program files\qk smtp server 3\qksmtpserver3.exe |
"UDP Query User{8D786D5A-9297-4242-AFFF-C27C97979EA4}C:\users\emmanuel\desktop\fg710p.exe" = protocol=17 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe |
"UDP Query User{99511C13-E16D-48CD-8D3E-67F7891642BA}C:\users\emmanuel\appdata\local\temp\keygen.exe" = protocol=17 | dir=in | app=c:\users\emmanuel\appdata\local\temp\keygen.exe |
"UDP Query User{D0AFE6CB-A6B5-4A01-820A-284EF20B9535}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01148B4C-0EC7-4D03-A615-5B4D8496AA88}" = SONY VGP-UPR1 (Display Adapter)
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{02D63222-CF76-E080-74DD-975B1672ED67}" = Catalyst Control Center Core Implementation
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{0405000A-0570-549A-A819-3BCEEAA1B40B}" = Catalyst Control Center Localization Hungarian
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{06786A53-D2D8-47CD-696A-ABC83625EBFE}" = Catalyst Control Center Graphics Light
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10DF5555-D134-4C2E-9D32-71BEE4025C0F}" = CMBEdit
"{12EAE4F0-8770-451C-B4AD-76B569678973}" = QuickTime MPEG2
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{1439F7FF-6389-4593-8227-76E7BE4730C9}" = MXAir Tutorial
"{14E7357F-487C-3BF6-7955-B898AA76306E}" = CCC Help Russian
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16D9D199-E8A0-9FBA-DDF3-0E2D7826D694}" = Catalyst Control Center Localization Spanish
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18C24BF9-3B71-6F89-848C-D78C40197216}" = CCC Help Chinese Traditional
"{1974FF16-2A0A-76AF-D948-0037B0CB8EB5}" = CCC Help Hungarian
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E87F957-F850-D9F9-60F3-842955AAF519}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FC4125B-4657-4D1C-B358-E921F4883ED7}" = Skylook
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software
"{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2C3D71B4-85C4-5FA9-859E-1413F94EF642}" = Catalyst Control Center Localization Greek
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{310395F2-9206-159B-43B0-BF63D9F01B61}" = Catalyst Control Center Localization Turkish
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F2E7336-7E29-4940-8E65-90E2CCC3DA07}" = FlipViewer Xpress Creator 2.2
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{4121D906-3131-4D50-A65A-A0F2846AB5C2}" = DisplayLink Core Software
"{43DA617D-1B80-0B70-FAA0-52AFCE853F40}" = CCC Help Finnish
"{4742375A-9BD3-46D0-E0CC-A8819D2E2C54}" = CCC Help Greek
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BB5D5A7-F75E-D8D9-0DF8-AA2C1F188CEB}" = Catalyst Control Center Localization French
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4FCBFEDD-0CBF-A4A8-79D3-E9EAD37336C9}" = CCC Help Chinese Standard
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54C91EE3-65B9-A931-8382-12B2A02709F8}" = ATI Catalyst Install Manager
"{5511F0CC-59E0-02AD-941F-2323DA2BB377}" = CCC Help Swedish
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A29796D-2566-3ADA-043D-28C51CD7D4C3}" = Catalyst Control Center Localization Chinese Standard
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5D803295-DD78-0143-F64B-0D80852C43E9}" = CCC Help Italian
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{61FD2585-3337-8822-899B-68612742BA2F}" = Catalyst Control Center Localization Russian
"{634F6989-4BB5-4EF2-AF6F-C15700F81494}}_is1" = Advanced System Optimizer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1" = PamFax
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C7196C0-D205-03E7-39A1-7A23AB69F659}" = CCC Help Czech
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70D43D66-53BF-257F-72FC-96FB33B39276}" = Catalyst Control Center Graphics Full New
"{713D3AEC-9C28-4A4F-8E16-6A97AE7BE336}" = FlipBook Creator 1.5
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{723F5CDD-839A-FF16-4CFA-C4E0AA54A315}" = ccc-core-static
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live
"{73BD4567-1C4E-8D45-1D28-3D469026A883}" = Skins
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting
"{761205A9-41DC-48C9-2CC1-F197D372DBEF}" = Catalyst Control Center Localization Italian
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7E5DEF65-FE91-02F2-C291-22741AC34017}" = Catalyst Control Center Localization Danish
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{826E7114-AA2E-59AA-1916-2A753DC49153}" = ccc-utility
"{8299B94E-7F85-65A9-B0FA-6F6A8A6D4FBD}" = Catalyst Control Center Localization Thai
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8626472F-7AD7-C83B-66FA-00E0A1C50A26}" = Catalyst Control Center Localization Swedish
"{8662A65A-A2A1-072C-708D-1C1262776F6A}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3CD8CF-7012-51E5-107B-5A8C75701E1A}" = CCC Help Dutch
"{8D7A8160-B777-4073-B1BE-62CFDD14A1D3}" = BitDefender Antivirus 2010
"{8DCD7A9A-8B0B-4184-A5D7-C4BDAA31C750}" = Microsoft Office Live Add-in Patches
"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{918CFAF6-AC40-F2C8-C044-7FA95C8A7099}" = CCC Help German
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9D10CB57-B085-44c3-B435-2D193BA153F0}" = Conseiller de mise à niveau vers Windows 7
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A1C62179-A9E6-4F25-B978-ACFD01524762}" = Adobe Setup
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A55A277A-4336-FACF-991A-52B51B8FAE78}" = Catalyst Control Center Localization Finnish
"{A5D54806-AA49-BBFF-A2D3-76FA3DF096FA}" = Catalyst Control Center Localization Korean
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1" = Astrill 2.2.0.1824
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AAE442C0-F28B-8D58-1A1C-D566F9BCD294}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B6B0D277-D003-307F-CF94-5F5894DFA3F1}" = Catalyst Control Center Graphics Full Existing
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC653BB7-0AF0-22E5-A895-902AD52675CA}" = CCC Help Portuguese
"{BCEABBD6-6EDA-4246-7EDB-D68FCCD78A65}" = Catalyst Control Center Graphics Previews Common
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{BDD17603-CB75-0639-E6DA-0D9AA92A605B}" = CCC Help English
"{BEB57E7F-FF01-4CBB-9857-FF9DC655C7F1}" = Adobe InCopy CS4 Application Feature Set Files (Roman)
"{BF5F6A06-0FC3-BEC0-9CC1-54D870A9EF97}" = Catalyst Control Center Localization Chinese Traditional
"{C221CE66-9C07-8EA7-8EF6-AAD8E4588AE0}" = CCC Help French
"{C455F37C-E92E-5CEB-382D-8B8EC580266F}" = Catalyst Control Center Localization Norwegian
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6F150F6-AE89-30C7-6256-C40CF9328602}" = Catalyst Control Center Graphics Previews Vista
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding
"{C9E33C86-7931-43A3-9DBC-5ED7F17DFE4B}" = FlipViewer 4.5
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CBAE1EE5-F6E0-BDEF-0D49-C2AE46BE3B88}" = CCC Help Polish
"{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story
"{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3AF5596-546F-5975-39B4-259A197C7E24}" = Catalyst Control Center Localization Japanese
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDF57E4A-66B5-E9CC-C2A2-F2C98C57912C}" = CCC Help Turkish
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = French App Name
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center
"{E27D2C9F-83A1-A34C-E366-26EADB9270F7}" = Catalyst Control Center Localization Dutch
"{E2E7667F-C286-D110-7F9D-FC397A2607A8}" = CCC Help Danish
"{E3D4D2B9-5333-41E2-A42B-D92A22C270B3}" = SONY VGP-UPR1 (Display Adapter) Utility
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6DE9A54-8514-446E-9D11-530DC599C355}" = Microsoft SharedView
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7821540-B8F8-304F-1B97-C43D8582EB18}" = CCC Help Norwegian
"{E8CA49A5-25C6-D80A-ED46-9D48A8B5D5F5}" = CCC Help Japanese
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F06300A2-87AE-042F-DE0F-1A5E380877C5}" = Catalyst Control Center Localization Czech
"{F06E4CBA-ABAD-4F6A-A793-9A29CD3C5FC2}_is1" = PamFax Office Integration
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20E6529-0B46-FC26-378F-62CD640A98C4}" = Catalyst Control Center Localization Polish
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F5794D29-B9C9-4F99-9569-34CC2555B9A8}" = Mindjet MindManager 9
"{F754B561-ACAD-A3FA-AF54-3E5F9E662B04}" = CCC Help Korean
"{F8821B6D-B6C9-E676-9B7D-3269F36A1769}" = CCC Help Spanish
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE2FDC72-3059-4F6C-9A31-563178C60226}" = Adobe InCopy CS4 Common Base Files
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = RoboForm 7-2-9 (All Users)
"Alien Skin Exposure 3" = Alien Skin Exposure 3
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon SELPHY CP780" = Canon SELPHY CP780
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CMBPB40" = ÕÐÐÐרҵ°æ
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = French App Name
"Ditto_is1" = Ditto 3.15.4.0
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"EP Budgeting" = EP Budgeting
"Free HD Converter_is1" = Free HD Converter V 1.7
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieOutline310_is1" = Movie Outline 3.1.1
"Mozilla Firefox 4.0.1 (x86 fr)" = Mozilla Firefox 4.0.1 (x86 fr)
"MyCamera" = Canon Utilities MyCamera
"Ö§¸¶±¦²å¼þ_is1" = Ö§¸¶±¦²å¼þ 1.2.0.2
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDF-XChange 3_is1" = PDF-XChange 3
"ProInst" = Intel PROSet Wireless
"Qlock" = Qlock Lite
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealAlt_is1" = Real Alternative 1.9.0
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Resolume DXV Quicktime Codec_is1" = Resolume DXV Quicktime Codec 2.1
"Ultra Flash Video FLV Converter_is1" = Ultra Flash Video FLV Converter 3.8.1023
"UltSounds" = Modèles de sons Windows
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.2
"YU2010_is1" = Your Uninstaller! 7
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
#18
- New Member
-
- Group: Members
- Posts: 13
- Joined: 07-May 11
Posted 08 May 2011 - 08:10 PM
Since there was no sign of infection, I was recommended to download OTL and to do the following custom scan:
:OTL
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (CaCCProvSP)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8580
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://pro.imdb.com/"
FF - prefs.js..extensions.enabledItems: addon@astrill.com:1.4
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8580
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 8580
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8580
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8580
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8580
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8580
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8580
FF - prefs.js..network.proxy.type: 1
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [lnksutil] File not found
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: carrefour.com.cn ([e-shop] https in Trusted sites)
O15 - HKCU\..Trusted Domains: imdb.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell - "" = AutoRun
O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell - "" = AutoRun
O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell - "" = AutoRun
O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell\AutoRun\command - "" = J:\StormF1.exe
O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell - "" = AutoRun
O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{f45104b5-2b1d-11df-9eef-001e3ded49ed}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Zaptag-Run-Me.hta
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:5BB923A2
:Services
RoxLiveShare9
CaCCProvSP
:Reg
:Files
ipconfig /flushdns /c
C:\WINDOWS\tasks\*.job
C:\*.sqm
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[CLEARALLRESTOREPOINTS]
[REBOOT]
As the lines in blue concern my Proxy, I took them away.
I ran OTL and I got an alert box that read "Cannot create file C:\Windows\System32\drivers\etc\Hosts." I clicked "OK" and OTL has the message at the bottom that says "Resetting HOSTS file. DO NOT INTERRUPT..." and it has had that message for about 7 hours now. It's definitely stuck.
I have access to the Task Manager but the Desktop is no longer visible in the background. I do not to force a re-start at this stage and I am waiting for instructions. I could close OTL and it seems to be running as usual but I do not have access to the text in the "Custom Scan" area.
This is urgent as it is 8:00 am in China and I have meetings coming up this morning.
What should I do?
Quote
:OTL
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (CaCCProvSP)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8580
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://pro.imdb.com/"
FF - prefs.js..extensions.enabledItems: addon@astrill.com:1.4
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8580
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 8580
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8580
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8580
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8580
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8580
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8580
FF - prefs.js..network.proxy.type: 1
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [lnksutil] File not found
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: carrefour.com.cn ([e-shop] https in Trusted sites)
O15 - HKCU\..Trusted Domains: imdb.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell - "" = AutoRun
O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell - "" = AutoRun
O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell - "" = AutoRun
O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell\AutoRun\command - "" = J:\StormF1.exe
O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell - "" = AutoRun
O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{f45104b5-2b1d-11df-9eef-001e3ded49ed}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Zaptag-Run-Me.hta
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:5BB923A2
:Services
RoxLiveShare9
CaCCProvSP
:Reg
:Files
ipconfig /flushdns /c
C:\WINDOWS\tasks\*.job
C:\*.sqm
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[CLEARALLRESTOREPOINTS]
[REBOOT]
As the lines in blue concern my Proxy, I took them away.
I ran OTL and I got an alert box that read "Cannot create file C:\Windows\System32\drivers\etc\Hosts." I clicked "OK" and OTL has the message at the bottom that says "Resetting HOSTS file. DO NOT INTERRUPT..." and it has had that message for about 7 hours now. It's definitely stuck.
I have access to the Task Manager but the Desktop is no longer visible in the background. I do not to force a re-start at this stage and I am waiting for instructions. I could close OTL and it seems to be running as usual but I do not have access to the text in the "Custom Scan" area.
This is urgent as it is 8:00 am in China and I have meetings coming up this morning.
What should I do?
#19
- New Member
-
- Group: Members
- Posts: 13
- Joined: 07-May 11
Posted 08 May 2011 - 10:34 PM
I manage to launch explorer.exe
#20
- Bleepin' Texan in Ohio!
-
- Group: Malware Response Team
- Posts: 17,058
- Joined: 05-April 06
- Gender:Female
- Location:New Bremen, Ohio
Posted 09 May 2011 - 12:03 AM
Who told you to do this??
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!
Error reading poptart in Drive A: Delete kids y/n?
Every little bit helps! :)
You can even use your credit card! Thank you!
Error reading poptart in Drive A: Delete kids y/n?
#21
- New Member
-
- Group: Members
- Posts: 13
- Joined: 07-May 11
Posted 09 May 2011 - 12:42 AM
A French guy who read everything and told me my computer was clean and I just needed to do a last check.
The fact is I finally rebooted the computer and I think I am missing some files.
Some of my softwares seemed to have lost some history and root files.
I stayed stuck for 10 hours, I had to do something to move on.
I am under a lot of pressure at work.
I can do a new OTL scan if you want.
Best,
Beauregard
The fact is I finally rebooted the computer and I think I am missing some files.
Some of my softwares seemed to have lost some history and root files.
I stayed stuck for 10 hours, I had to do something to move on.
I am under a lot of pressure at work.
I can do a new OTL scan if you want.
Best,
Beauregard
This post has been edited by Beauregard: 09 May 2011 - 12:43 AM
#22
- Bleepin' Texan in Ohio!
-
- Group: Malware Response Team
- Posts: 17,058
- Joined: 05-April 06
- Gender:Female
- Location:New Bremen, Ohio
Posted 09 May 2011 - 02:44 AM
I do apologize for being a real person and not a robot. 
However, I will not be responsible for your computer when you're getting direction from someone else. It goes against forum policy and is blatantly disregarding common courtesy as well. Conflicting directions can cause more harm than good.
Best of luck with your "French guy",
tea
However, I will not be responsible for your computer when you're getting direction from someone else. It goes against forum policy and is blatantly disregarding common courtesy as well. Conflicting directions can cause more harm than good.Best of luck with your "French guy",
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!
Error reading poptart in Drive A: Delete kids y/n?
Every little bit helps! :)
You can even use your credit card! Thank you!
Error reading poptart in Drive A: Delete kids y/n?
