Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with AKM Antivirus 2010 Pro


  • This topic is locked This topic is locked
4 replies to this topic

#1 kAgent

kAgent

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 11 May 2010 - 07:57 PM

Hello, I have recently been infected with the "AKM Antivirus 2010 Pro" Malware.
I first started to receive messages of programs not being able to be opened (without me wanting to open them).
Then the Malware screen opened. I directly doubted about it's authenticity, didn't touch anything concerning the program itself apart from closing the pop-up error messages about "svchost.exe" or something like that and unplugging internet.
Later, I plugged internet back and searched information about the program's true nature.
I found a program called SpyHunter4 and installed it. As I expected, they wanted money so I started looking for other programs and found Combofix.
At the same time, messages that seemed to be issued from Spyhunter4 (same screen colors) told me that something like "DNS parameters" were changed and I replied each time that I wanted them changed back to original.
In order to start Combofix and as it asked, I tried to close all programs. Yet, being unable to close avg antivirus (a little screen tolt me each time about a corrupted file) and being unable to close AKM as each time it was launched again after closure, I started to close all programs with a name I never saw before through the task manager (very amateurish, yes...). It ended with a system crash when I closed something like "nvdnim".
After the system rebooted on it's own, a black screen appeared after the user choice screen and the same message about "DNS parameters" appeared and I replied "ignore" this time. Then the SpyHunter screen appeared and I closed it.
Then, Combofix started to work, scanned, deleted several exe files and created a log.
Recently, after having done all the indicated things on your preparation guide, some freezing of several seconds occured after I tried to open the windows logo on the bottom left of the screen, after I tried to type a search in the google chrome panel or I asked the task manager to open (but not when I use internet or explorer).
When I ask the control panel to open it never does, I received several messages about the google chrome script not working, not long ago the screen turned black and the task manager flashed before the screen returning to normal and Windows showed me a message about this not being able to open: {21EC2020-3AEA-1069-A2DD-08002B30309D} twice (I didn't close the second one yet).
Actually, the gmer program freezed so I can't attach it's log... In case it can show you some informations that were to be found in this log I attach the combofix's log.
Thank you very much for reading all this, I sure hope some solutions can be found...

EDIT: now the task manager opens smoothly and there is much less applications in it than before.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Kirill at 1:36:25,21 on 12/05/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vistaâ„¢ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.3071.1142 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kirill\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NokiaMusic FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\kirill\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~2.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kirill\appdata\roaming\mozilla\firefox\profiles\q9xgb30o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\kirill\appdata\roaming\mozilla\firefox\profiles\q9xgb30o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\kirill\appdata\roaming\mozilla\firefox\profiles\q9xgb30o.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\users\kirill\appdata\roaming\mozilla\firefox\profiles\q9xgb30o.default\extensions\maps@ovi.com\plugins\npNMapNPR.dll
FF - plugin: c:\users\kirill\appdata\roaming\mozilla\firefox\profiles\q9xgb30o.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-17 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-8 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-8 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-8 242896]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-7-30 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-30 234888]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-15 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-9-5 47640]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-3-24 323992]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232]
R3 fbxusb;Carte réseau virtuelle FreeBox USB (32 bits);c:\windows\system32\drivers\fbxusb32.sys [2007-8-27 31128]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
S3 SaiH0255;SaiH0255;c:\windows\system32\drivers\SaiH0255.sys [2007-5-1 132232]

=============== Created Last 30 ================

2010-05-11 23:18:16 176 ----a-w- c:\users\kirill\defogger_reenable
2010-05-11 23:06:54 0 d-----w- c:\program files\Runtime Software
2010-05-11 22:53:27 0 d-sh--w- C:\$RECYCLE.BIN
2010-05-11 22:38:58 98816 ----a-w- c:\windows\sed.exe
2010-05-11 22:38:58 77312 ----a-w- c:\windows\MBR.exe
2010-05-11 22:38:58 256512 ----a-w- c:\windows\PEV.exe
2010-05-11 22:38:58 161792 ----a-w- c:\windows\SWREG.exe
2010-05-11 22:34:31 0 d-----w- C:\ComboFix
2010-05-11 22:07:05 0 d-----w- C:\sh4ldr
2010-05-11 22:07:05 0 d-----w- c:\program files\Enigma Software Group
2010-05-11 22:05:37 0 d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-05-11 21:51:36 0 d-----w- c:\users\kirill\appdata\roaming\scdata
2010-05-11 21:47:07 81 ----a-w- c:\users\kirill\appdata\roaming\wp4.dat
2010-05-11 21:47:07 1 ----a-w- c:\users\kirill\appdata\roaming\wp3.dat
2010-05-11 21:47:06 36 ----a-w- c:\users\kirill\appdata\roaming\skynet.dat
2010-05-11 21:46:50 0 d-----w- c:\users\kirill\appdata\roaming\AKM Antivirus 2010 Pro
2010-05-11 21:46:45 0 d-----w- C:\$AVG
2010-05-11 21:46:30 1053184 ----a-w- c:\users\kirill\appdata\roaming\wpp.exe
2010-05-11 21:46:28 0 d-sh--w- c:\users\kirill\appdata\roaming\lowsec
2010-04-14 15:42:49 97792 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-05-11 23:28:58 755018 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-11 23:28:58 142848 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-11 22:53:49 90598 ----a-w- c:\programdata\nvModes.dat
2010-04-26 15:32:45 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-21 16:55:36 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-21 16:55:35 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-03-21 16:55:35 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-15 16:35:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 16:32:29 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-05 14:01:02 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 08:16:06 181632 ----a-w- C:\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:54:40 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:31:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-18 14:34:38 3504008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:34:36 3470216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:19:34 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 14:01:48 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-02-18 13:56:56 416768 ----a-w- c:\windows\system32\IKEEXT.DLL
2010-02-18 13:56:27 543232 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2010-02-18 13:55:43 317440 ----a-w- c:\windows\system32\BFE.DLL
2010-02-18 11:51:11 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-02-12 10:49:08 293376 ----a-w- c:\windows\system32\browserchoice.exe
2008-12-11 02:12:40 174 --sha-w- c:\program files\desktop.ini
2008-06-12 15:50:51 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-05-29 20:59:35 37375 ----a-w- c:\program files\openoffice.org-xsltfilter.cab
2008-05-29 20:59:34 2650886 ----a-w- c:\program files\openoffice.org-writer.cab
2008-05-29 20:59:24 207388 ----a-w- c:\program files\openoffice.org-testtool.cab
2008-05-29 20:59:21 2504975 ----a-w- c:\program files\openoffice.org-pyuno.cab
2008-05-29 20:59:03 52116 ----a-w- c:\program files\openoffice.org-onlineupdate.cab
2008-05-29 20:59:02 1183268 ----a-w- c:\program files\openoffice.org-math.cab
2008-05-29 20:58:57 118910 ----a-w- c:\program files\openoffice.org-javafilter.cab
2008-05-29 20:58:56 1372593 ----a-w- c:\program files\openoffice.org-impress.cab
2008-05-29 20:58:50 86870 ----a-w- c:\program files\openoffice.org-graphicfilter.cab
2008-05-29 20:58:49 2769 ----a-w- c:\program files\openoffice.org-emailmerge.cab
2008-05-29 20:57:50 1025727 ----a-w- c:\program files\openoffice.org-draw.cab
2008-05-29 20:57:45 2031954 ----a-w- c:\program files\openoffice.org-core09.cab
2008-05-29 20:57:38 306690 ----a-w- c:\program files\openoffice.org-core08.cab
2008-05-29 20:57:32 4164599 ----a-w- c:\program files\openoffice.org-core07.cab
2008-05-29 20:57:23 28864638 ----a-w- c:\program files\openoffice.org-core06.cab
2008-05-29 20:53:18 18634513 ----a-w- c:\program files\openoffice.org-core05.cab
2008-05-29 20:52:06 16503595 ----a-w- c:\program files\openoffice.org-core04.cab
2008-05-29 20:51:05 9117929 ----a-w- c:\program files\openoffice.org-core03.cab
2008-05-29 20:50:38 3861722 ----a-w- c:\program files\openoffice.org-core02.cab
2008-05-29 20:50:22 15104538 ----a-w- c:\program files\openoffice.org-core01.cab
2008-05-29 20:49:41 4845907 ----a-w- c:\program files\openoffice.org-calc.cab
2008-05-29 20:49:21 1878252 ----a-w- c:\program files\openoffice.org-base.cab
2008-05-29 20:49:12 43005 ----a-w- c:\program files\openoffice.org-activex.cab
2008-05-29 20:49:09 4377600 ----a-w- c:\program files\openofficeorg24.msi
2008-05-29 20:49:09 217 ----a-w- c:\program files\setup.ini
2006-11-02 15:45:47 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2006-11-02 15:45:47 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2006-11-02 15:45:47 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2006-11-02 15:45:47 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe
2010-02-03 13:21:24 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-02-03 13:21:24 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\fichiers internet temporaires\content.ie5\index.dat
2010-02-03 13:21:24 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2007-11-02 21:09:47 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 1:36:53,76 ===============

Attached Files


Edited by kAgent, 11 May 2010 - 08:16 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:01 PM

Posted 13 May 2010 - 01:57 AM

Hello, kAgent
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 kAgent

kAgent
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 16 May 2010 - 11:10 AM

Thank you very much for your help and the quickness of the your answer.
I did all the indicated things. The reports are these ones:



OTL logfile created on: 16/05/2010 17:22:26 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Kirill\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 17,16 Gb Free Space | 5,66% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 34,58 Gb Free Space | 22,95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCALEO
Current User Name: Kirill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/16 17:21:36 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Kirill\Desktop\OTL.exe
PRC - [2010/04/26 17:32:31 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/08 17:04:56 | 003,021,208 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
PRC - [2010/04/03 19:10:21 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/02 16:49:40 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
PRC - [2010/03/15 18:35:45 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/15 18:35:42 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/15 18:32:29 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/04 21:52:29 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/31 21:52:29 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/07/14 02:28:18 | 001,044,480 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009/07/09 23:25:08 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2009/03/06 14:40:54 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/29 22:46:18 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
PRC - [2008/05/29 22:46:18 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008/05/14 03:29:04 | 000,507,904 | ---- | M] (Orb Networks) -- C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
PRC - [2008/01/30 04:19:32 | 000,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files\Orb Networks\Orb\bin\Orb.exe
PRC - [2007/11/14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/10/02 10:10:46 | 000,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2007/10/02 10:10:14 | 000,233,472 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2006/12/08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe


========== Modules (SafeList) ==========

MOD - [2010/05/16 17:21:36 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Kirill\Desktop\OTL.exe
MOD - [2007/11/02 22:41:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll
MOD - [2006/11/02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/24 18:48:10 | 000,323,992 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- (SpyHunter 4 Service)
SRV - [2010/03/19 18:09:36 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/15 18:35:42 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/04 21:52:29 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/01/11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2007/11/02 22:05:10 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/12/08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)


========== Driver Services (SafeList) ==========

DRV - [2010/04/26 17:32:45 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/15 18:35:45 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/15 18:32:29 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/27 18:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010/01/21 15:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/01/12 06:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/30 12:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/12/30 12:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/12/30 12:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/09/23 14:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/05 11:23:34 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/09 14:13:14 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/11/14 18:13:00 | 002,016,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/11/02 23:09:46 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/11/02 23:09:46 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/02 23:09:45 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/10/05 10:19:26 | 000,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/10/05 10:19:26 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/10/03 17:18:12 | 000,099,840 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/08/27 15:12:06 | 000,031,128 | ---- | M] (FreeBox SA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fbxusb32.sys -- (fbxusb) Carte réseau virtuelle FreeBox USB (32 bits)
DRV - [2007/07/12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/07/02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/07/02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/06/13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/05/01 16:11:28 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH0255.sys -- (SaiH0255)
DRV - [2006/12/23 11:44:59 | 000,080,768 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2006/12/23 11:43:17 | 000,077,120 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2006/11/02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/07/10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006/07/05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006/06/14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/12/21 11:16:58 | 000,007,136 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...D&bmod=FUJD

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12
FF - prefs.js..keyword.URL: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/29 13:52:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 19:10:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/11 13:08:59 | 000,000,000 | ---D | M]

[2009/05/22 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\mozilla\Extensions
[2010/05/16 17:21:22 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\mozilla\Firefox\Profiles\q9xgb30o.default\extensions
[2010/04/29 14:33:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kirill\AppData\Roaming\mozilla\Firefox\Profiles\q9xgb30o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/24 01:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirill\AppData\Roaming\mozilla\Firefox\Profiles\q9xgb30o.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/04/29 14:33:50 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Kirill\AppData\Roaming\mozilla\Firefox\Profiles\q9xgb30o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/24 01:06:30 | 000,000,000 | ---D | M] (AniWeather) -- C:\Users\Kirill\AppData\Roaming\mozilla\Firefox\Profiles\q9xgb30o.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2008/09/30 18:03:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Kirill\AppData\Roaming\mozilla\Firefox\Profiles\q9xgb30o.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/03/24 01:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kirill\AppData\Roaming\mozilla\Firefox\Profiles\q9xgb30o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/03/24 01:06:30 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Kirill\AppData\Roaming\mozilla\Firefox\Profiles\q9xgb30o.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2008/05/28 03:19:28 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\mozilla\Firefox\Profiles\q9xgb30o.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/03/11 00:31:26 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\mozilla\Firefox\Profiles\q9xgb30o.default\extensions\illimitux@illimitux.net
[2010/05/10 01:37:47 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\mozilla\Firefox\Profiles\q9xgb30o.default\extensions\maps@ovi.com
[2010/04/14 00:53:40 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\mozilla\Firefox\Profiles\q9xgb30o.default\extensions\personas@christopher.beard
[2010/03/24 01:06:29 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\mozilla\Firefox\Profiles\q9xgb30o.default\extensions\piclens@cooliris.com
[2008/06/29 00:06:52 | 000,001,074 | ---- | M] () -- C:\Users\Kirill\AppData\Roaming\Mozilla\FireFox\Profiles\q9xgb30o.default\searchplugins\wikipedia-en.xml
[2010/05/12 01:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/04/09 16:33:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/05/24 03:06:28 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\real-networks@partners.mozilla.com
[2010/03/23 04:02:28 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/03/23 04:02:28 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/23 04:02:28 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/08/07 03:22:17 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2010/03/23 04:02:28 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/03/25 01:49:08 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/05/16 16:57:59 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Kirill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kirill\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
O24 - Desktop BackupWallPaper: C:\Users\Kirill\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/12 00:08:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 13:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/16 17:21:35 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Kirill\Desktop\OTL.exe
[2010/05/12 13:50:37 | 000,000,000 | ---D | C] -- C:\Users\Kirill\AppData\Roaming\Malwarebytes
[2010/05/12 13:50:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/12 13:50:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/12 13:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/12 13:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/12 13:49:08 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kirill\Desktop\mbam-setup.exe
[2010/05/12 01:41:25 | 000,000,000 | ---D | C] -- C:\Users\Kirill\Desktop\gmer
[2010/05/12 01:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/05/12 00:53:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/12 00:53:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/05/12 00:53:24 | 000,000,000 | ---D | C] -- C:\Users\Kirill\AppData\Local\temp
[2010/05/12 00:38:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/12 00:38:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/12 00:38:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/12 00:38:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/12 00:38:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/12 00:34:31 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/05/12 00:23:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/12 00:07:05 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010/05/12 00:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/05/12 00:05:37 | 000,000,000 | ---D | C] -- C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010/05/11 23:51:36 | 000,000,000 | ---D | C] -- C:\Users\Kirill\AppData\Roaming\scdata
[2010/05/11 23:46:50 | 000,000,000 | ---D | C] -- C:\Users\Kirill\AppData\Roaming\AKM Antivirus 2010 Pro
[2010/05/11 23:46:45 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/05/11 23:46:28 | 000,000,000 | -HSD | C] -- C:\Users\Kirill\AppData\Roaming\lowsec
[2010/03/24 01:06:54 | 000,000,000 | ---D | C] -- C:\Users\Kirill\AppData\Local\Cooliris
[2010/03/21 18:56:05 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/03/21 18:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/03/21 01:34:24 | 000,000,000 | ---D | C] -- C:\Users\Kirill\AppData\Roaming\MusicBrainz
[2010/03/21 01:20:16 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010/03/21 01:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Tux Airsoft Toolkit
[2010/03/20 23:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\MusicBrainz Picard
[2010/03/15 18:35:45 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/09 22:59:07 | 000,000,000 | ---D | C] -- C:\Users\Kirill\Documents\twonkymedia-server-uploaded-data
[2010/03/08 19:00:06 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/08 19:00:03 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/08 18:59:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/03/08 18:59:13 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/08 18:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/03/01 18:05:02 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/27 18:04:30 | 000,000,000 | ---D | C] -- C:\Users\Kirill\Documents\Bioshock2
[2010/02/27 18:04:30 | 000,000,000 | ---D | C] -- C:\Users\Kirill\AppData\Roaming\Bioshock2
[2010/02/27 17:38:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/16 17:25:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3C0D356D-EAC1-401B-B59A-71770F0987CD}.job
[2010/05/16 17:24:59 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{08C2B183-7364-4330-AE64-28924105F75E}.job
[2010/05/16 17:24:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D5496468-8D1D-45E7-A078-5B31D6798D0E}.job
[2010/05/16 17:21:55 | 005,242,880 | ---- | M] () -- C:\Users\Kirill\NTUSER.DAT
[2010/05/16 17:21:36 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Kirill\Desktop\OTL.exe
[2010/05/16 17:03:31 | 060,047,216 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/16 17:01:13 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5BE42B9E-1E67-47F3-9E86-04EE07BCDCFF}.job
[2010/05/16 16:59:55 | 000,090,598 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/05/16 16:59:55 | 000,090,598 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/05/16 16:57:50 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/16 16:57:41 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/16 16:57:41 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/16 16:57:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/16 16:57:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/16 16:57:30 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 14:07:27 | 004,035,242 | -H-- | M] () -- C:\Users\Kirill\AppData\Local\IconCache.db
[2010/05/12 13:50:33 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/12 13:49:18 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kirill\Desktop\mbam-setup.exe
[2010/05/12 13:47:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/12 13:46:54 | 000,363,520 | ---- | M] () -- C:\Users\Kirill\Desktop\rkill.com
[2010/05/12 01:28:58 | 001,694,328 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/12 01:28:58 | 000,755,018 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/05/12 01:28:58 | 000,673,306 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/12 01:28:58 | 000,142,848 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/05/12 01:28:58 | 000,128,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/12 01:20:15 | 000,284,915 | ---- | M] () -- C:\Users\Kirill\Desktop\gmer.zip
[2010/05/12 01:19:24 | 000,525,824 | ---- | M] () -- C:\Users\Kirill\Desktop\dds.scr
[2010/05/12 01:18:29 | 000,000,176 | ---- | M] () -- C:\Users\Kirill\defogger_reenable
[2010/05/12 01:06:57 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/05/12 00:51:37 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/05/12 00:34:35 | 000,000,081 | ---- | M] () -- C:\Users\Kirill\AppData\Roaming\wp4.dat
[2010/05/12 00:34:35 | 000,000,001 | ---- | M] () -- C:\Users\Kirill\AppData\Roaming\wp3.dat
[2010/05/12 00:08:23 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/05/11 23:47:07 | 000,000,009 | ---- | M] () -- C:\Users\Kirill\AppData\Roaming\nuar.old
[2010/05/11 23:47:06 | 000,000,036 | ---- | M] () -- C:\Users\Kirill\AppData\Roaming\skynet.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 17:32:45 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/20 14:35:28 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/16 18:20:55 | 000,078,848 | ---- | M] () -- C:\Users\Kirill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 07:32:06 | 000,176,643 | ---- | M] () -- C:\Users\Kirill\Desktop\Les beta-lactamases.pptx
[2010/03/24 21:59:37 | 000,000,823 | ---- | M] () -- C:\Users\Kirill\Desktop\X3 Terran Conflict.lnk
[2010/03/21 18:45:51 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010/03/21 01:20:13 | 000,001,852 | ---- | M] () -- C:\Users\Kirill\Desktop\Tux Airsoft Toolkit.lnk
[2010/03/16 19:09:00 | 000,026,435 | ---- | M] () -- C:\Users\Kirill\Desktop\subscription-form-9609811950.pdf
[2010/03/16 02:31:21 | 000,041,984 | ---- | M] () -- C:\Users\Kirill\Desktop\Instructions ED 2010_2.doc
[2010/03/16 02:30:53 | 000,041,984 | ---- | M] () -- C:\Users\Kirill\Desktop\Instructions ED 2010.doc
[2010/03/15 18:35:45 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/15 18:35:45 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/15 18:32:29 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/09 21:21:08 | 000,108,785 | ---- | M] () -- C:\Users\Kirill\Desktop\ETHIQUE GREFFE.pptx
[2010/03/08 19:02:16 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/03/08 19:00:17 | 000,001,653 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/03/08 19:00:03 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/03/08 18:59:24 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/03/08 18:59:24 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/02/27 18:02:40 | 006,372,063 | ---- | M] () -- C:\Users\Kirill\Desktop\rzr-bio2f.7z
[2010/02/25 14:13:41 | 000,085,552 | ---- | M] () -- C:\Users\Kirill\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 14:08:53 | 000,341,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/24 02:50:11 | 000,000,000 | ---- | M] () -- C:\OrbPVR.db
[2010/02/16 14:32:43 | 002,117,826 | ---- | M] () -- C:\Users\Kirill\Desktop\squat.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 13:50:33 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/12 13:46:51 | 000,363,520 | ---- | C] () -- C:\Users\Kirill\Desktop\rkill.com
[2010/05/12 01:20:14 | 000,284,915 | ---- | C] () -- C:\Users\Kirill\Desktop\gmer.zip
[2010/05/12 01:19:21 | 000,525,824 | ---- | C] () -- C:\Users\Kirill\Desktop\dds.scr
[2010/05/12 01:18:16 | 000,000,176 | ---- | C] () -- C:\Users\Kirill\defogger_reenable
[2010/05/12 01:06:57 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2010/05/12 00:38:58 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/12 00:38:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/12 00:38:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/12 00:38:58 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/12 00:38:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/12 00:08:23 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010/05/11 23:47:07 | 000,000,081 | ---- | C] () -- C:\Users\Kirill\AppData\Roaming\wp4.dat
[2010/05/11 23:47:07 | 000,000,009 | ---- | C] () -- C:\Users\Kirill\AppData\Roaming\nuar.old
[2010/05/11 23:47:07 | 000,000,001 | ---- | C] () -- C:\Users\Kirill\AppData\Roaming\wp3.dat
[2010/05/11 23:47:06 | 000,000,036 | ---- | C] () -- C:\Users\Kirill\AppData\Roaming\skynet.dat
[2010/04/12 10:09:41 | 000,176,643 | ---- | C] () -- C:\Users\Kirill\Desktop\Les beta-lactamases.pptx
[2010/04/04 18:36:35 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/24 21:59:37 | 000,000,823 | ---- | C] () -- C:\Users\Kirill\Desktop\X3 Terran Conflict.lnk
[2010/03/21 01:20:13 | 000,001,852 | ---- | C] () -- C:\Users\Kirill\Desktop\Tux Airsoft Toolkit.lnk
[2010/03/16 19:09:00 | 000,026,435 | ---- | C] () -- C:\Users\Kirill\Desktop\subscription-form-9609811950.pdf
[2010/03/16 02:31:21 | 000,041,984 | ---- | C] () -- C:\Users\Kirill\Desktop\Instructions ED 2010_2.doc
[2010/03/16 02:30:53 | 000,041,984 | ---- | C] () -- C:\Users\Kirill\Desktop\Instructions ED 2010.doc
[2010/03/09 18:38:07 | 000,108,785 | ---- | C] () -- C:\Users\Kirill\Desktop\ETHIQUE GREFFE.pptx
[2010/03/08 19:00:17 | 000,001,653 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/03/08 19:00:03 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/03/08 18:59:24 | 060,047,216 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/08 18:59:24 | 000,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/03/08 18:59:24 | 000,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/03/08 18:59:18 | 006,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/02/27 18:00:39 | 006,372,063 | ---- | C] () -- C:\Users\Kirill\Desktop\rzr-bio2f.7z
[2010/02/27 17:52:25 | 000,503,663 | ---- | C] () -- C:\Users\Kirill\Desktop\NS-BIO2_SR-poseden.vc4
[2010/02/27 17:52:24 | 014,392,224 | ---- | C] () -- C:\Users\Kirill\Desktop\NS-BIO2_SR-poseden.000
[2010/02/27 17:52:04 | 000,001,346 | ---- | C] () -- C:\Users\Kirill\Desktop\NS-BIO2_SR-poseden.nfo
[2010/02/24 02:50:11 | 000,000,000 | ---- | C] () -- C:\OrbPVR.db
[2010/02/16 14:32:37 | 002,117,826 | ---- | C] () -- C:\Users\Kirill\Desktop\squat.pdf
[2009/11/08 22:41:34 | 000,111,104 | ---- | C] () -- C:\Windows\System32\foo_input_alac.dll
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/09/11 21:42:44 | 000,000,238 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/09/10 11:21:44 | 000,008,520 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/07/05 17:12:03 | 000,000,066 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/01/28 12:49:10 | 000,000,199 | ---- | C] () -- C:\Windows\ris2std.ini
[2009/01/27 21:17:56 | 000,000,600 | ---- | C] () -- C:\Windows\probe.ini
[2008/09/04 18:27:53 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/07/23 11:26:24 | 000,000,196 | ---- | C] () -- C:\Windows\ACROREAD.INI
[2008/07/06 19:44:37 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/06/27 23:34:26 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/24 22:06:34 | 000,000,309 | ---- | C] () -- C:\Windows\game.ini
[2008/05/18 03:33:42 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/05/18 03:33:41 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/05/18 03:33:41 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/05/18 03:33:40 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/18 03:33:40 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/05/18 03:33:40 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/09 15:19:40 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/05/09 15:19:40 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/04/12 11:53:03 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2008/04/12 10:37:33 | 000,000,134 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2007/05/01 16:11:28 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0255_0C.dll
[2007/05/01 16:11:28 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0255_10.dll
[2007/05/01 16:11:28 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0255_0A.dll
[2007/05/01 16:11:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0255_09.dll
[2007/05/01 16:11:28 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0255_11.dll
[2007/05/01 16:11:26 | 000,847,872 | ---- | C] () -- C:\Windows\System32\SaiC0255.Dll
[2007/05/01 16:11:26 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0255_07.dll
[2007/05/01 16:11:26 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0255_0402.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll

========== LOP Check ==========

[2010/05/11 23:46:50 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\AKM Antivirus 2010 Pro
[2010/05/08 20:16:50 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\Azureus
[2009/08/15 06:31:31 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\Bioshock
[2010/02/27 18:04:41 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\Bioshock2
[2008/04/09 14:13:03 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\DAEMON Tools
[2009/09/24 00:45:58 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\LimeWire
[2010/05/11 23:47:23 | 000,000,000 | -HSD | M] -- C:\Users\Kirill\AppData\Roaming\lowsec
[2010/03/21 01:34:24 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\MusicBrainz
[2008/07/22 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\My Battle for Middle-earth™ II Files
[2009/08/10 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\Nokia
[2009/07/03 16:38:16 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\Nseries
[2009/09/25 03:59:00 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\PC Suite
[2008/05/28 03:32:30 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\PeerNetworking
[2010/05/12 00:26:53 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\scdata
[2008/11/01 19:40:29 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\Soldat
[2009/04/02 14:59:23 | 000,000,000 | ---D | M] -- C:\Users\Kirill\AppData\Roaming\SystemRequirementsLab
[2010/05/12 14:07:36 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/16 17:24:59 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{08C2B183-7364-4330-AE64-28924105F75E}.job
[2010/05/16 17:25:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3C0D356D-EAC1-401B-B59A-71770F0987CD}.job
[2010/05/16 17:01:13 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5BE42B9E-1E67-47F3-9E86-04EE07BCDCFF}.job
[2010/05/16 17:24:59 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D5496468-8D1D-45E7-A078-5B31D6798D0E}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\MpSigStub.exe


< MD5 for: AGP440.SYS >
[2007/11/02 22:42:53 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\ERDNT\cache\AGP440.sys
[2007/11/02 22:42:53 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\drivers\AGP440.sys
[2007/11/02 22:42:53 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys
[2007/11/02 22:42:53 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2007/11/02 23:09:46 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=0B77F93AB73798F97E8E0A0AA4CCBEEF -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_44b6b0d0\atapi.sys
[2007/11/02 23:09:46 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=0B77F93AB73798F97E8E0A0AA4CCBEEF -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20694_none_db7e36353dc64123\atapi.sys
[2008/01/28 14:33:39 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys
[2008/01/28 14:33:39 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/28 14:33:39 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/28 14:33:39 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/28 14:33:39 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_27cad3e5\atapi.sys
[2008/01/28 14:33:39 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007/07/12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys

< MD5 for: IASTORV.SYS >
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\ERDNT\cache\netlogon.dll
[2006/11/02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

< MD5 for: NVRD32.SYS >
[2007/07/02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) MD5=ED399014A8029DE02BA5AE01DA8CC9EE -- C:\Windows\System32\drivers\nvrd32.sys
[2007/07/02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) MD5=ED399014A8029DE02BA5AE01DA8CC9EE -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/07/02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\drivers\nvstor32.sys
[2007/07/02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2006/11/02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\ERDNT\cache\scecli.dll
[2006/11/02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2006/11/08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\drivers\viamraid.sys
[2006/11/08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_74a36694\viamraid.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2006/11/02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/11/02 22:24:00 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/28 23:17:19 | 008,011,776 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/28 23:17:16 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/28 23:17:19 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/01/28 23:17:27 | 016,482,304 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/01/28 23:17:29 | 006,029,312 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemdrive%\*.sys /90 /md5 >
[2010/05/16 16:57:30 | 3220,496,384 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/05/16 16:57:29 | 3534,422,016 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >


OTL Extras logfile created on: 16/05/2010 17:22:26 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Kirill\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 17,16 Gb Free Space | 5,66% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 34,58 Gb Free Space | 22,95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SCALEO
Current User Name: Kirill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- FirefoxURL

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{356983A1-70F8-42A2-B871-9E2402BA4DFC}" = rport=138 | protocol=17 | dir=out | app=system |
"{4B7E58B2-17DE-486B-B1C2-137E28CC604F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{580DC9D7-6582-4094-A22E-1ED45F01C884}" = lport=138 | protocol=17 | dir=in | app=system |
"{5A8983C4-4C6C-4C11-97DF-E5156F9D1ACA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5DACEF47-92CD-437F-8197-BEE77B5BF95D}" = lport=139 | protocol=6 | dir=in | app=system |
"{5DFC4FD0-6653-4B3E-BE37-1F145E173219}" = rport=139 | protocol=6 | dir=out | app=system |
"{794F51D6-BC12-4351-BD88-827A38E692DD}" = lport=137 | protocol=17 | dir=in | app=system |
"{932C8D3F-23F2-412E-93F7-872BA4F309C4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F5F02D3-A5A7-49AE-9F66-D0A9D003879E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AAA528B3-8E88-49F3-8A08-EDA81737944F}" = rport=445 | protocol=6 | dir=out | app=system |
"{BC1E49FC-D228-4527-85A1-90D1C3861318}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BC9920E3-0D16-40F8-A4E1-35E961816797}" = lport=445 | protocol=6 | dir=in | app=system |
"{CBB1DDD3-89FD-4D54-A4E9-BD442BB8BCFC}" = rport=137 | protocol=17 | dir=out | app=system |
"{CCD84C0A-18E7-43D6-A36F-E28FC196E769}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1D9B3D6-FCA0-4248-9527-47CC7D0F48DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EC037336-0B61-4C18-82A6-C2AFC8B3F8E7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C9B30E-3BBA-4AC3-83E0-9142087E01D8}" = protocol=6 | dir=in | app=c:\kirill\games\far cry 2\bin\farcry2.exe |
"{0846C463-0EDA-409A-B8B8-6DBF1F2BD8D0}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\bgtrans.exe |
"{0B9FE76F-FC9A-4B2B-947F-83DE5A89F77E}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymediaserver.exe |
"{0FF66791-A168-4DA3-8A0F-F0200A24C778}" = dir=in | app=c:\program files\microsoft xna\xna game studio express\v1.0\bin\xnatrans.exe |
"{192C0D86-70D3-427D-B489-0C83B986BE58}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{26391C21-76FE-4484-8729-2B5A5BC4B10F}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orb.exe |
"{266B36B1-6157-4E1F-98F7-0020F08873E4}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\xmltv.exe |
"{26842932-D41A-4C35-9BBE-C2B6EC5E626E}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymediaserver.exe |
"{2D4DD2E7-199A-44E3-9323-1813FB88F5C4}" = protocol=6 | dir=in | app=c:\kirill\games\supreme commander\gpgnet\gpg.multiplayer.client.exe |
"{2FD86DC2-68D0-440A-94A2-D476DC898800}" = protocol=17 | dir=in | app=c:\kirill\games\far cry 2\bin\fc2editor.exe |
"{3687400B-BCF6-492E-AC55-78C6F5BEDC19}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battleforge\bootstrapper.exe |
"{3CD8DD69-1271-48A6-83C7-A227741968E3}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{3F0C7E08-41B2-418A-BFC5-419CBBBBA7B8}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{4275832F-4FE6-4090-9306-E41C5DD6962A}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{471BF679-8A34-40B0-B9EF-10F9429750A7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4812CE0C-BF24-41E1-8AAD-FD9C25866EEA}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\twonkymediaserver.exe |
"{49C68DD6-CC88-44FF-822C-8671365CD87B}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{4F3A5147-CA32-4CF6-AD39-829EC3F739F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{54CE6DDB-33BF-4CC2-B9F1-2DA0DA08D1F2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{59118FA2-4F14-4E99-9402-84840AB565A3}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\bgtrans.exe |
"{61AA4422-7A90-4531-942F-F9F1951A1792}" = protocol=6 | dir=in | app=c:\program files\ea games\la bataille pour la terre du milieu™\game.dat |
"{6907C539-614D-47BF-819D-7541BF78D742}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe |
"{69CF7E49-ACA0-4D93-9A80-A4CE04DD224E}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orb.exe |
"{6A97B96A-E46D-414D-BD85-E7065546E94B}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\twonkymediaserver.exe |
"{6AE37099-AD8A-44EB-AF0F-D717832B754C}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbir.exe |
"{6BFD11F6-B10D-4192-BBE5-06FE56AFA15D}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbstreamerclient.exe |
"{6D29579B-390C-4966-9C65-BB72646D7616}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymedia.exe |
"{70DC3C92-C5D2-4FE2-B94D-1349A2D66FFF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{736E44C4-1353-47E7-B951-198717B2B072}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7409AE66-02C3-4FF3-9249-73AAFFA5475E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7519CC4D-DA30-4F79-8275-F97D5EE6090B}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbtray.exe |
"{75B86CFC-E301-4287-8EE6-BCD81873F114}" = protocol=17 | dir=in | app=c:\kirill\games\far cry 2\bin\fc2launcher.exe |
"{76A68FD4-293B-4695-AA83-30308B53B449}" = protocol=17 | dir=in | app=c:\kirill\games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{7887B4FF-B3FC-47F2-A959-82A84B4433BA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{830B6E62-6829-4666-9AAF-B04D510DC9ED}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battleforge\battleforge.exe |
"{84280A3F-F24D-476B-82F0-C85A7B2DEEDD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{867FE8C8-F39F-4870-BA12-C92114B03E87}" = protocol=6 | dir=in | app=c:\kirill\games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{8BA96E5A-B84E-44E1-A821-22AE54441A7E}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia home media server\media server\twonkymedia.exe |
"{8E1A98B4-652B-4DA3-A74F-1001669EA692}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbchannelscan.exe |
"{94547DB1-A76E-468E-BC13-39DC50F19271}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{9D5D1B2F-A928-46E6-962B-428E31BA594A}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battleforge\bootstrapper.exe |
"{A5807266-ED59-4F1D-B796-95EEF9294FE7}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe |
"{A7D3A80F-D455-4F60-91D4-775E8666CA5A}" = protocol=6 | dir=in | app=c:\program files\twonkymedia\twonkymediaserverwatchdog.exe |
"{A9E457A4-F41A-4BE4-897A-351BD4C97074}" = protocol=17 | dir=in | app=c:\program files\ea games\la bataille pour la terre du milieu™\game.dat |
"{AB910EB8-3355-475A-8721-4A1DC58EA64D}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{ADBE2299-6988-4AF0-91FE-B8EC300B4476}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B02563E2-9A89-46D8-B0E0-EBCDB8B00754}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbtray.exe |
"{B2D3B790-18AB-47AC-BDC2-EFAF9AC85B85}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\xmltv.exe |
"{B86D81AE-CCC2-41CA-8310-691BF0179732}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{BCFEB2E9-973F-47B7-813D-4E5B55DF7977}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbchannelscan.exe |
"{BD3374F5-CB2A-4901-B4FD-3B5A7BC550AA}" = protocol=17 | dir=in | app=c:\kirill\games\supreme commander\gpgnet\gpg.multiplayer.client.exe |
"{BF0067DC-BBA5-4209-9DA1-1C1F9A8DB022}" = protocol=6 | dir=in | app=c:\kirill\games\far cry 2\bin\fc2launcher.exe |
"{C3476DC8-8811-4C66-99BB-33772263D35B}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbstreamerclient.exe |
"{C5494EB6-3AC3-41C5-A8DB-BEBF3C6D6AAF}" = protocol=17 | dir=in | app=c:\kirill\games\gpgnet\gpg.multiplayer.client.exe |
"{C55C3F0E-3327-424A-BF11-E776BA439476}" = protocol=6 | dir=in | app=c:\kirill\games\far cry 2\bin\fc2editor.exe |
"{C66F284E-6AF2-4B5D-A6CE-C7310A7A3351}" = protocol=6 | dir=in | app=c:\kirill\games\supreme commander\supreme commander\gpgnet\gpg.multiplayer.client.exe |
"{CBFE2CE0-52EE-41AC-94B0-56B3B24D36DF}" = protocol=17 | dir=in | app=c:\kirill\games\bioshock 2\sp\builds\binaries\bioshock2.exe |
"{CEFEC1E0-D484-4DA8-97C5-2287F097D227}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{D0171D24-C195-4408-B0E2-BD7201C5E658}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{DC0AFA23-24BB-4EDE-8F42-56EB6D354371}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat |
"{DE6BCA04-16F7-49A7-8FA6-7D5266C484F7}" = protocol=6 | dir=in | app=c:\kirill\games\gpgnet\gpg.multiplayer.client.exe |
"{E09E3510-7E2B-4BEB-8014-0F456C8297D4}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbir.exe |
"{E15989EA-8049-4AEF-98DE-2AF6A87447A4}" = protocol=17 | dir=in | app=c:\program files\twonkymedia\twonkymediaserverwatchdog.exe |
"{E2211153-6963-412D-9149-18823477F8E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E3E2C3CA-48DA-4577-839B-1C1D5C04C095}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{E4786D23-B4EC-4566-9A18-5C776068B20C}" = protocol=17 | dir=in | app=c:\kirill\games\supreme commander\supreme commander\gpgnet\gpg.multiplayer.client.exe |
"{E4CCDB08-246B-4E3A-B984-E73EB3F4438F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{E8CCCCE5-37DB-46CB-9217-0F2BFA7DC626}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{EA0CEA24-4C0B-4073-9E08-94B087C91310}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{EA503758-55AC-4F13-9DC0-50CF48853508}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{EA96277F-028F-4B43-A66C-1AB3AC1C34AD}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battleforge\battleforge.exe |
"{F0FE3EDD-214C-4DFE-A73D-6845C45AFC02}" = protocol=17 | dir=in | app=c:\kirill\games\far cry 2\bin\farcry2.exe |
"{F4AAA975-1D72-442E-A4D4-2C097D03399A}" = protocol=6 | dir=in | app=c:\kirill\games\bioshock 2\mp\builds\binaries\bioshock2.exe |
"{FBFC55A8-8D64-4905-860B-2E66DE5442FB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"TCP Query User{0CB80B93-86C8-404F-B4EA-26A888CE112A}C:\users\patrick\desktop\ms14\cxl\install\cds\http_handler.exe" = protocol=6 | dir=in | app=c:\users\patrick\desktop\ms14\cxl\install\cds\http_handler.exe |
"TCP Query User{0E1C9449-A57A-4CCA-A422-F98BBDC84BD0}C:\program files\orb networks\orb\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbtray.exe |
"TCP Query User{11A0FA67-5C6A-406E-B92B-0F71A8C538BA}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{12EE0888-CE14-4EBE-9BC4-5A977B6A3CA3}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{161FE4CD-CEA4-46F6-9A72-C8F4736F8F42}L:\cxl\2008oct03\install\cds\xbt.exe" = protocol=6 | dir=in | app=l:\cxl\2008oct03\install\cds\xbt.exe |
"TCP Query User{2E507D69-6D8C-4146-B05C-F354608E32FA}C:\users\patrick\desktop\ms14\install\cds\http_handler.exe" = protocol=6 | dir=in | app=c:\users\patrick\desktop\ms14\install\cds\http_handler.exe |
"TCP Query User{3DD5EF3C-9721-4366-AE23-BEBAD55641D6}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{51F6DF3D-4D0A-4B74-A583-1377A6D0DE27}C:\program files\orb networks\orb\bin\orb.exe" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orb.exe |
"TCP Query User{5A163BDA-0A40-4543-B5DD-3021825AC2DA}C:\program files\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |
"TCP Query User{5A92DAC0-FF1A-42D7-9DED-556419A53400}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{600827A8-5CB5-4E5D-931B-C8A317B03034}C:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat |
"TCP Query User{6760D67E-B43F-4E1A-BE5D-72E2FF7DE8F4}C:\program files\realplay.exe" = protocol=6 | dir=in | app=c:\program files\realplay.exe |
"TCP Query User{73D93C05-B2FA-4A5F-ADAD-80DD57FEFFCB}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{7B2986CD-6360-4A28-87C9-86C454779002}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{81160798-20B6-4D47-BBE7-5C820397C78E}C:\kirill\image discs\half life 2 [www.pctorrent.com]\hl2.exe" = protocol=6 | dir=in | app=c:\kirill\image discs\half life 2 [www.pctorrent.com]\hl2.exe |
"TCP Query User{932BF7B6-2C84-45C9-A448-FB579046B69B}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{9A6F32C2-098B-40E5-8A7F-2357C258A817}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A045B093-CC49-48FF-9132-E7C96090B608}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{AE2C911B-0ECD-4A2F-AEF8-5FB986FF8ED6}L:\cxl\2008oct03\install\cds\http_handler.exe" = protocol=6 | dir=in | app=l:\cxl\2008oct03\install\cds\http_handler.exe |
"TCP Query User{B4E6FDAB-332D-4D53-9006-A5AA7CDFD322}C:\kirill\games\hl2\hl2.exe" = protocol=6 | dir=in | app=c:\kirill\games\hl2\hl2.exe |
"TCP Query User{B847A88C-1939-40A0-AEE6-66ECEC07C468}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C3278D10-E495-4775-B0C3-585289D8048B}C:\program files\orb networks\orb\bin\orbir.exe" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbir.exe |
"TCP Query User{C7FB65A0-DB99-4D64-B401-15F06754E0E6}C:\jeux\hl2\half life 2 final\steamapps\user\half-life 2\hl2.exe" = protocol=6 | dir=in | app=c:\jeux\hl2\half life 2 final\steamapps\user\half-life 2\hl2.exe |
"TCP Query User{C8C4211F-7DE4-42B3-BECB-3745FA07A80B}C:\kirill\games\ut3\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\kirill\games\ut3\binaries\ut3.exe |
"TCP Query User{ED93196B-216B-4F51-A4DF-5502CDE5056F}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{1A47C6FD-77EA-4E8E-8259-346A16F0EE61}L:\cxl\2008oct03\install\cds\http_handler.exe" = protocol=17 | dir=in | app=l:\cxl\2008oct03\install\cds\http_handler.exe |
"UDP Query User{20677476-252F-4B85-BB7B-594818534122}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{32BED6C0-C781-4A14-951A-802483F8D2E1}L:\cxl\2008oct03\install\cds\xbt.exe" = protocol=17 | dir=in | app=l:\cxl\2008oct03\install\cds\xbt.exe |
"UDP Query User{4283E3B9-4588-45F8-995D-CFCE6A7B4461}C:\program files\realplay.exe" = protocol=17 | dir=in | app=c:\program files\realplay.exe |
"UDP Query User{4995CBC0-E4E7-4ED1-8E01-9185D776AB60}C:\users\patrick\desktop\ms14\install\cds\http_handler.exe" = protocol=17 | dir=in | app=c:\users\patrick\desktop\ms14\install\cds\http_handler.exe |
"UDP Query User{568A6AE9-1D12-4265-B557-BCFFA881D5BB}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{5FCEB883-33D2-444B-8F08-53CEC8CCA619}C:\program files\orb networks\orb\bin\orb.exe" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orb.exe |
"UDP Query User{61227573-22EA-4531-A84F-A78166810F6A}C:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth ™ ii\game.dat |
"UDP Query User{68CA91B1-3795-47B2-8A90-4992EEF47D1E}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{6AC5A92C-4220-4A12-A13D-E5854A507269}C:\jeux\hl2\half life 2 final\steamapps\user\half-life 2\hl2.exe" = protocol=17 | dir=in | app=c:\jeux\hl2\half life 2 final\steamapps\user\half-life 2\hl2.exe |
"UDP Query User{75E44EE5-6D38-4F1D-AC36-E30DA77C8139}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7EB55870-A2ED-410E-9E9B-E5FCDEB0DEC3}C:\users\patrick\desktop\ms14\cxl\install\cds\http_handler.exe" = protocol=17 | dir=in | app=c:\users\patrick\desktop\ms14\cxl\install\cds\http_handler.exe |
"UDP Query User{867D4D92-200E-4B19-A004-7C5C53022B9E}C:\program files\orb networks\orb\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbtray.exe |
"UDP Query User{8EB50C39-0ED0-4DFC-A5DE-E2F6C098D906}C:\kirill\image discs\half life 2 [www.pctorrent.com]\hl2.exe" = protocol=17 | dir=in | app=c:\kirill\image discs\half life 2 [www.pctorrent.com]\hl2.exe |
"UDP Query User{A3E1D04F-CAFE-4F77-806A-29F68B524407}C:\kirill\games\ut3\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\kirill\games\ut3\binaries\ut3.exe |
"UDP Query User{A4BE8C99-1BBC-44F4-B5C5-1C1E54AC584D}C:\program files\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |
"UDP Query User{AB072801-060C-411B-B3E2-C542EC0CD7F3}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{B799D087-7F56-4082-BA0B-E39390C149F8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C2DE1F6C-5072-40BD-872C-38D0BF479F78}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{C59995CD-2882-4BAE-B2B8-6D271FCBB6F6}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{CB276B31-D98D-4DDB-8F00-D47ECEFB5E8A}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{CFEEF404-B0A7-4F95-A945-BA0A7D82A2C6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D48EC416-62BD-49F8-8DC3-6AAE928590D1}C:\kirill\games\hl2\hl2.exe" = protocol=17 | dir=in | app=c:\kirill\games\hl2\hl2.exe |
"UDP Query User{E226336D-B0D1-448E-9250-48B3306FC86C}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{FA583E21-189E-4E6F-ABDB-FEFAFE5D1E34}C:\program files\orb networks\orb\bin\orbir.exe" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbir.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{152F8595-0D36-4BE4-9FBD-5AD87AC3D3E5}" = Microsoft XNA Game Studio Express 1.0 Refresh
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DA8594C-2F14-4491-B155-2BF3A999622D}" = Fire Department 2
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28B8BEE3-1F62-4FCC-A5A7-7641AAFC3BB5}" = Saitek SD6 Programming Software 6.0.10.7
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3143EA86-CF89-4E22-91BB-25B28CE23AED}" = 2350_Help
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = La Bataille pour la Terre du Milieu™
"{4089999C-6CB7-4F9D-A2F6-DB158DBF91FB}" = Rome - Total War™
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{61D3AAE1-D521-4CD7-939B-37813DE8F955}" = SpyHunter
"{6378CFE7-D898-4C41-A7DD-4BB54ED80BB7}" = MyScript Notes for DANE-ELEC
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{6689F8F7-6C62-11D4-9F45-00C04F60D4F1}" = Robotics Invention System 2.0
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}" = Microsoft Visual C# 2005 Express Edition - ENU
"{81CD6232-10F5-4832-B3DA-1B88B1571036}" = Nero 7 Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISSTD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISSTD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISSTD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISSTD_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISSTD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9838EAFF-B13B-4A03-AEAE-6D508136545D}" = X3 Reunion
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A122962F-331A-4C2E-93DB-AD92D8A4FB14}" = OpenOffice.org 2.4
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}" = Rome Total War - patch 1.3
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A6FC405C-6C58-4ACF-AC41-E999261E76E9}" = 2350Trb
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.2 - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B55690B9-756E-41C6-8418-84AB04A5A605}" = Nokia Ovi Music Manager
"{B6BA7B6B-C95C-412F-BAEB-2CC9944E556F}" = DistEns Lecteur
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D353C323-5E95-4873-9825-9FEC1C8A3794}" = Nokia Download!
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{DAC63ECB-4571-435F-9B19-51F54BC88109}" = Nokia Home Media Server
"{DC432844-6914-4421-910C-F1B05B3A761C}" = Nokia Music
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E3FED8DD-4690-4E7D-BC23-6C6494CC0443}" = Nokia Ovi Suite
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3757C8B-6552-4EA5-9451-B933A55170BC}" = 2350
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.60 beta
"8461-7759-5462-8226" = Vuze
"AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disreg~5122E60D_is1" = AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity
"Ad-Aware" = Ad-Aware
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0.2" = Adobe Illustrator 9.0.2
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer
"AdvancedAI" = Advanced AI Crysis Mod
"Ask Toolbar_is1" = Vuze Toolbar
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Crysis WARHEAD®" = Crysis WARHEAD®
"Dream Experimental_is1" = Dream Experimental v0.5
"Eufloria Demo_is1" = Eufloria Demo v2.00
"Eufony Free M4A MP3 Converter" = Eufony Free M4A MP3 Converter
"EXCEL" = Microsoft Office Excel 2007
"Fraps" = Fraps
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.7.3
"Full Pack" = Full Pack Codecs
"GameSpy Arcade" = GameSpy Arcade
"Glitch_is1" = Glitch 1.3
"GrabIt_is1" = GrabIt 1.7.1 Beta (build 960)
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"LimeWire" = LimeWire 4.18.8
"LOTR The Return of the King_is1" = LOTR The Return of the King
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C# 2005 Express Edition - ENU" = Microsoft Visual C# 2005 Express Edition - ENU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# Redistributable Package 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MusicBrainz Picard" = MusicBrainz Picard
"Natural Mod" = Natural Mod
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi Music Manager" = Nokia Ovi Music Manager 6.85.3008
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"Orb" = Orb
"Picasa2" = Picasa 2
"POWERPOINT" = Microsoft Office PowerPoint 2007
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.83
"RRTW32.EXE" = Lapin Malin Maternelle 1
"Soldat_is1" = Soldat 1.4.2
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Steam App 10500" = Empire: Total War
"SystemRequirementsLab" = System Requirements Lab
"Tux Airsoft Toolkit version 1.1" = Tux Airsoft Toolkit version 1.1
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"Unofficial Shivering Isles Patch_is1" = Unofficial Shivering Isles Patch v1.4.0
"VISSTD" = Microsoft Office Visio Standard 2007
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Winamp" = Winamp
"WinRAR archiver" = Archiveur WinRAR
"WORD" = Microsoft Office Word 2007
"X Plugin Manager" = X Plugin Manager 2.12
"X3 Bonus Package_is1" = X3 Bonus Package 3.1.07
"X3TC Bonus Package_is1" = X3TC Bonus Package 4.1.00
"X3TerranConflict_is1" = X3 Terran Conflict v2.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aurora-Mod Multiplayer BETA" = Aurora-Mod Multiplayer BETA
"PulsRadio Player" = PulsRadio Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/06/2009 08:24:01 | Computer Name = Scaleo | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ».
Assembly
dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 17/06/2009 08:24:01 | Computer Name = Scaleo | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ».
Assembly
dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 18/06/2009 10:51:00 | Computer Name = Scaleo | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksdb.exe ».
Assembly
dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 18/06/2009 10:51:00 | Computer Name = Scaleo | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksCal.exe ».
Assembly
dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 18/06/2009 10:51:00 | Computer Name = Scaleo | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ».
Assembly
dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 18/06/2009 10:51:00 | Computer Name = Scaleo | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ».
Assembly
dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 18/06/2009 11:48:32 | Computer Name = Scaleo | Source = WerSvc | ID = 5007
Description =

Error - 19/06/2009 07:25:04 | Computer Name = Scaleo | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ».
Assembly
dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 19/06/2009 07:25:04 | Computer Name = Scaleo | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ».
Assembly
dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 19/06/2009 08:24:10 | Computer Name = Scaleo | Source = WerSvc | ID = 5007
Description =

[ System Events ]
Error - 08/05/2010 10:29:09 | Computer Name = Scaleo | Source = DCOM | ID = 10010
Description =

Error - 08/05/2010 21:32:34 | Computer Name = Scaleo | Source = Service Control Manager | ID = 7000
Description =

Error - 08/05/2010 21:32:40 | Computer Name = Scaleo | Source = Service Control Manager | ID = 7022
Description =

Error - 08/05/2010 21:32:40 | Computer Name = Scaleo | Source = Service Control Manager | ID = 7026
Description =

Error - 11/05/2010 07:01:42 | Computer Name = Scaleo | Source = Service Control Manager | ID = 7000
Description =

Error - 11/05/2010 07:01:50 | Computer Name = Scaleo | Source = Service Control Manager | ID = 7022
Description =

Error - 11/05/2010 07:01:50 | Computer Name = Scaleo | Source = Service Control Manager | ID = 7026
Description =

Error - 11/05/2010 19:34:14 | Computer Name = Scaleo | Source = volsnap | ID = 393241
Description = Les clichés instantanés du volume C: ont été supprimés car le stockage
du cliché instantané n'a pas pu s'agrandir à temps. Réduisez la charge d'E/S sur
le système ou choisissez un volume stockage de cliché instantané qui n'est pas
mis en cliché instantané.

Error - 12/05/2010 07:39:07 | Computer Name = Scaleo | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 04:33:43 le 12/05/2010 n'était pas prévu.

Error - 16/05/2010 11:09:41 | Computer Name = Scaleo | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:01 PM

Posted 17 May 2010 - 04:09 PM

Hi,


The Malwarebytes logfile is missing, can you post it?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:01 PM

Posted 21 May 2010 - 04:44 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users