TechSpot

Slow computer, high CPU, got and cleaned trojan, but...

Solved
By needhelp51
Feb 9, 2012
  1. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Wow, OTL scan is very fast, so it's laready done. OTL gave out two logs: OTL.txt and Extra.txt:

    OTL logfile created on: 2012-02-11 17:38:41 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Toshiba\Bureau
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

    3,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 77,30% Memory free
    4,84 Gb Paging File | 4,20 Gb Available in Paging File | 86,74% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111,79 Gb Total Space | 55,05 Gb Free Space | 49,24% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA-29519BD | User Name: Toshiba | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-02-11 17:29:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Toshiba\Bureau\OTL.exe
    PRC - [2012-02-09 22:12:26 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2012-02-09 22:12:23 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2012-02-04 09:56:00 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2012-01-23 22:41:59 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    PRC - [2011-12-19 18:59:00 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
    PRC - [2011-11-28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011-11-28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011-11-23 05:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe
    PRC - [2011-08-11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011-01-17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011-01-17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2008-04-13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006-01-05 17:00:06 | 001,589,248 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\TOSHIBA\Windows Utilities\Hotkey.exe
    PRC - [2005-12-15 13:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
    PRC - [2005-12-05 12:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2005-11-28 11:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2005-11-28 11:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2005-10-05 23:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2005-05-17 03:24:50 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    PRC - [2005-04-11 10:08:00 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    PRC - [2005-01-17 12:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2004-08-27 20:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
    PRC - [2004-08-27 20:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-02-11 16:00:55 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
    MOD - [2012-02-11 16:00:52 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    MOD - [2012-02-11 13:21:35 | 001,691,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12021101\algo.dll
    MOD - [2012-02-09 22:13:00 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
    MOD - [2012-02-09 22:12:51 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
    MOD - [2012-02-09 21:58:03 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
    MOD - [2012-02-05 12:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
    MOD - [2012-02-05 12:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
    MOD - [2012-01-07 11:19:36 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2012-01-04 22:09:49 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2012-01-04 22:09:49 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2012-01-03 08:10:46 | 000,301,056 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    MOD - [2011-12-23 07:12:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
    MOD - [2005-11-28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
    MOD - [2005-11-28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
    MOD - [2005-11-28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
    MOD - [2005-11-03 11:37:58 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2012-02-09 22:12:23 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2012-01-23 22:41:59 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
    SRV - [2011-12-19 18:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2011-11-28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011-11-23 05:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
    SRV - [2011-08-11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2005-04-03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2005-01-17 12:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2004-08-27 20:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2012-01-17 16:00:48 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
    DRV - [2011-12-23 07:12:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2011-12-19 18:59:24 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
    DRV - [2011-12-19 18:59:22 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2011-11-28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011-11-28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011-11-28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011-11-28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011-11-28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011-11-28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011-11-28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011-11-02 10:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
    DRV - [2011-07-22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011-07-12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011-05-19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
    DRV - [2010-10-07 07:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32) Pilote de carte de la série Intel(R)
    DRV - [2006-01-12 10:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
    DRV - [2005-12-28 18:20:38 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
    DRV - [2005-12-04 14:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005-11-29 14:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2005-11-28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2005-11-07 19:12:00 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005-11-07 19:11:00 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005-11-07 19:11:00 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005-10-05 23:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005-10-05 23:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005-10-05 23:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005-10-05 23:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005-10-05 23:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005-10-05 23:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005-10-05 23:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005-08-25 06:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005-08-25 06:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005-06-11 00:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
    DRV - [2005-06-01 23:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
    DRV - [2005-05-05 08:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
    DRV - [2003-09-18 19:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
    DRV - [2003-01-29 10:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
    DRV - [2002-01-24 14:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    IE - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    O1 HOSTS File: ([2012-02-11 15:58:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [LaunchApp] launchapp File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
    O4 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
    O4 - Startup: C:\Documents and Settings\Toshiba\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1325644805328 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1325984729437 (MUWebControl Class)
    O18 - Protocol\Handler\intu-ir2011 - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006-01-18 05:32:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-02-11 17:29:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Toshiba\Bureau\OTL.exe
    [2012-02-11 16:33:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Toshiba\Recent
    [2012-02-11 16:33:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012-02-11 16:12:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012-02-11 15:28:46 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012-02-11 14:02:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012-02-11 13:41:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012-02-11 13:41:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012-02-11 13:41:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012-02-11 13:41:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012-02-11 13:39:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012-02-11 13:38:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-02-11 13:34:37 | 004,401,300 | R--- | C] (Swearware) -- C:\Documents and Settings\Toshiba\Bureau\ComboFix.exe
    [2012-02-11 10:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Bureau\bootkit_remover
    [2012-02-11 09:20:05 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Toshiba\Bureau\aswMBR.exe
    [2012-02-09 23:03:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Toshiba\Bureau\dds.scr
    [2012-02-09 21:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Lavasoft
    [2012-02-09 20:21:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2012-02-09 19:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Menu Démarrer\Programmes\HiJackThis
    [2012-02-09 19:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012-02-09 19:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Application Data\GetRightToGo
    [2012-02-09 19:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SpywareBlaster
    [2012-02-08 21:05:58 | 000,000,000 | ---D | C] -- C:\VritualRoot
    [2012-02-07 21:53:27 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Toshiba\Bureau\HousecallLauncher.exe
    [2012-02-07 21:46:31 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Toshiba\Bureau\mbam--setup-1.60.1.1000.exe
    [2012-02-05 09:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\Comodo
    [2012-02-04 20:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\Temp
    [2012-02-04 16:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Mes documents\ImpôtRapide
    [2012-02-04 14:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\7-Zip
    [2012-02-04 14:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2012-02-04 12:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe
    [2012-02-04 12:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2012-02-04 09:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Application Data\Intuit Canada
    [2012-02-04 09:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit Canada
    [2012-01-30 21:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Application Data\Sonic
    [2012-01-22 21:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Bureau\Photos décembre 2011 - Janvier 2012
    [2012-01-22 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Bureau\Nouveau dossier
    [2012-01-16 23:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\MetaGeek,_LLC
    [2012-01-15 19:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\MetaGeek
    [2012-01-15 19:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Menu Démarrer\Programmes\MetaGeek
    [2012-01-15 19:09:48 | 002,056,228 | ---- | C] (MetaGeek, LLC) -- C:\Documents and Settings\Toshiba\Bureau\inSSIDer-Installer-2.0.7.0126.exe
    [2012-01-14 10:57:16 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2012-01-14 10:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2012-01-14 10:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2012-01-14 10:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Application Data\WinPatrol
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012-02-11 17:29:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Toshiba\Bureau\OTL.exe
    [2012-02-11 16:31:18 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\inSSIDer 2.0.lnk
    [2012-02-11 15:58:31 | 000,043,758 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012-02-11 15:58:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012-02-11 15:52:42 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2012-02-11 15:51:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012-02-11 15:51:31 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
    [2012-02-11 14:02:30 | 000,000,456 | RHS- | M] () -- C:\BOOT.INI
    [2012-02-11 13:34:39 | 004,401,300 | R--- | M] (Swearware) -- C:\Documents and Settings\Toshiba\Bureau\ComboFix.exe
    [2012-02-11 12:01:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\MBR.dat
    [2012-02-11 09:20:34 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\bootkit_remover.zip
    [2012-02-11 09:20:07 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Toshiba\Bureau\aswMBR.exe
    [2012-02-09 23:08:58 | 119,172,784 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\setup_11.0.0.1245.x01_2012_02_10_06_53.exe
    [2012-02-09 23:03:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Toshiba\Bureau\dds.scr
    [2012-02-09 22:29:35 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012-02-09 21:57:44 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
    [2012-02-09 21:57:44 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
    [2012-02-09 21:56:59 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
    [2012-02-09 19:51:43 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\HiJackThis.lnk
    [2012-02-08 21:10:39 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe
    [2012-02-08 19:01:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012-02-08 04:16:24 | 000,302,152 | ---- | M] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\census.cache
    [2012-02-08 04:15:20 | 000,175,661 | ---- | M] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\ars.cache
    [2012-02-07 21:54:33 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\housecall.guid.cache
    [2012-02-07 21:53:27 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Toshiba\Bureau\HousecallLauncher.exe
    [2012-02-07 21:48:38 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
    [2012-02-07 21:46:31 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Toshiba\Bureau\mbam--setup-1.60.1.1000.exe
    [2012-02-07 18:59:09 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\restauration.reg
    [2012-02-07 17:19:45 | 000,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012-02-04 21:10:02 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
    [2012-02-04 12:11:30 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk
    [2012-01-21 13:59:50 | 000,553,636 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2012-01-21 13:59:50 | 000,482,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012-01-21 13:59:50 | 000,094,952 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2012-01-21 13:59:50 | 000,080,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012-01-17 16:00:48 | 000,494,968 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
    [2012-01-15 19:09:49 | 002,056,228 | ---- | M] (MetaGeek, LLC) -- C:\Documents and Settings\Toshiba\Bureau\inSSIDer-Installer-2.0.7.0126.exe
    [2012-01-14 10:57:03 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2012-01-14 10:48:00 | 012,410,880 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\Ad-Aware96Install.msi
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012-02-11 14:02:29 | 000,000,340 | ---- | C] () -- C:\Boot.bak
    [2012-02-11 14:02:22 | 000,263,488 | RHS- | C] () -- C:\cmldr
    [2012-02-11 13:41:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012-02-11 13:41:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012-02-11 13:41:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012-02-11 13:41:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012-02-11 13:41:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012-02-11 12:01:10 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\MBR.dat
    [2012-02-11 09:20:34 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\bootkit_remover.zip
    [2012-02-09 23:07:20 | 119,172,784 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\setup_11.0.0.1245.x01_2012_02_10_06_53.exe
    [2012-02-09 21:56:59 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
    [2012-02-09 19:47:17 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\HiJackThis.lnk
    [2012-02-08 21:10:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe
    [2012-02-08 04:16:24 | 000,302,152 | ---- | C] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\census.cache
    [2012-02-08 04:15:20 | 000,175,661 | ---- | C] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\ars.cache
    [2012-02-07 21:54:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\housecall.guid.cache
    [2012-02-07 18:59:09 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\restauration.reg
    [2012-02-07 18:54:58 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
    [2012-02-04 12:11:30 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk
    [2012-02-04 12:11:30 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk
    [2012-01-17 19:03:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2012-01-17 19:03:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2012-01-15 19:12:12 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\inSSIDer 2.0.lnk
    [2012-01-14 10:50:36 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2012-01-14 10:47:58 | 012,410,880 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\Ad-Aware96Install.msi
    [2012-01-07 22:11:56 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012-01-03 20:38:44 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\fusioncache.dat
    [2012-01-03 20:34:54 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
    [2012-01-03 20:34:50 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
    [2012-01-03 20:34:44 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006-01-19 16:40:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006-01-18 14:28:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2006-01-18 14:28:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2006-01-18 14:28:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2006-01-18 14:28:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2006-01-18 14:28:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2006-01-18 14:28:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2006-01-18 07:34:09 | 000,012,060 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
    [2006-01-18 07:34:09 | 000,002,226 | R--- | C] () -- C:\WINDOWS\SVPW32Str.ini
    [2006-01-18 06:23:57 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006-01-18 06:22:57 | 000,134,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006-01-18 06:07:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\WHideCmd.exe
    [2006-01-18 06:06:23 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
    [2006-01-18 06:06:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
    [2006-01-18 06:06:23 | 000,009,378 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
    [2006-01-18 06:06:23 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
    [2006-01-18 06:04:16 | 000,553,636 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
    [2006-01-18 06:04:16 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
    [2006-01-18 06:04:16 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
    [2006-01-18 06:04:15 | 000,094,952 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
    [2006-01-18 06:04:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006-01-18 06:03:59 | 000,482,174 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006-01-18 06:03:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006-01-18 06:03:59 | 000,080,056 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006-01-18 06:03:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006-01-18 06:03:57 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006-01-18 06:03:57 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006-01-18 06:03:56 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2006-01-18 06:03:51 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006-01-18 06:03:51 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006-01-18 06:03:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006-01-18 06:03:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006-01-18 05:56:34 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006-01-18 05:52:58 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006-01-18 05:50:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
    [2006-01-18 05:50:36 | 000,022,529 | ---- | C] () -- C:\WINDOWS\System32\ortag32.dll
    [2006-01-18 05:36:37 | 000,002,368 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2006-01-18 05:35:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006-01-18 05:33:29 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2006-01-18 05:33:27 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006-01-18 05:33:27 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006-01-18 05:33:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006-01-18 05:33:24 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006-01-18 05:33:24 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2006-01-18 05:33:24 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006-01-18 05:33:21 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2006-01-18 05:33:21 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2006-01-18 05:33:20 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2006-01-18 05:29:54 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005-12-16 12:35:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
    [2005-12-08 14:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
    [2005-11-28 16:33:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

    ========== LOP Check ==========

    [2012-01-04 23:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012-01-03 23:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
    [2006-01-18 07:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
    [2012-01-04 19:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba\Application Data\ElevatedDiagnostics
    [2012-02-09 19:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba\Application Data\GetRightToGo
    [2012-01-07 11:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba\Application Data\OpenOffice.org
    [2012-01-14 13:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba\Application Data\toshiba
    [2012-01-14 10:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba\Application Data\WinPatrol
    [2012-02-11 15:52:42 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2012-02-09 20:20:41 | 000,006,541 | ---- | M] () -- C:\aaw7boot.log
    [2006-01-18 05:32:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2012-01-09 21:15:13 | 000,000,340 | ---- | M] () -- C:\Boot.bak
    [2012-02-11 14:02:30 | 000,000,456 | RHS- | M] () -- C:\BOOT.INI
    [2004-08-05 00:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2004-08-03 23:00:08 | 000,263,488 | RHS- | M] () -- C:\cmldr
    [2012-02-11 16:12:49 | 000,014,679 | ---- | M] () -- C:\ComboFix.txt
    [2006-01-18 05:32:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006-01-04 15:06:00 | 001,447,841 | ---- | M] () -- C:\EULA.pdf
    [2012-02-11 15:51:31 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
    [2006-01-18 05:32:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006-01-17 21:39:26 | 000,009,173 | ---- | M] () -- C:\Lisez Moi.htm
    [2003-10-20 15:36:42 | 000,000,034 | RH-- | M] () -- C:\loados.bat
    [2006-01-18 05:32:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004-08-05 00:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2012-01-03 22:36:13 | 000,252,240 | RHS- | M] () -- C:\ntldr
    [2012-02-11 15:51:13 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006-01-18 05:31:47 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008-07-06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008-07-06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011-11-28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2004-12-07 20:04:46 | 000,045,056 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfdemo.scr
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006-01-18 06:15:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2006-01-18 06:15:28 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2006-01-18 06:15:28 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006-01-18 05:39:15 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf
    [2012-01-03 22:50:53 | 000,000,107 | -HS- | M] () -- C:\Documents and Settings\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >
     
  2. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    COntinuing OTl.txt and then Extra.txt

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012-02-11 17:28:22 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\Toshiba\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007-06-29 11:59:14 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2005-12-04 05:14:58 | 000,552,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
    [6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008-04-13 21:33:22 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004-08-03 19:07:10 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004-08-03 19:07:10 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008-05-02 09:01:52 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008-04-13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008-04-13 21:34:13 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004-08-03 19:07:10 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004-08-03 19:07:10 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004-08-03 19:07:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004-08-03 19:07:10 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004-08-03 19:07:10 | 000,127,843 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >

    OTL Extras logfile created on: 2012-02-11 17:38:41 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Toshiba\Bureau
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

    3,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 77,30% Memory free
    4,84 Gb Paging File | 4,20 Gb Available in Paging File | 86,74% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111,79 Gb Total Space | 55,05 Gb Free Space | 49,24% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA-29519BD | User Name: Toshiba | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
    "{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA
    "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
    "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
    "{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Utilitaire de zoom TOSHIBA
    "{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
    "{7E0610A2-E336-40B3-B685-C4905E97EC9A}" = OpenOffice.org 3.3
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
    "{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{9A08615A-6113-46F9-8819-5BA66B6600FD}" = Toshiba Hotkey Utility
    "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = Pilote du DVD-RAM
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD
    "{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Français
    "{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
    "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
    "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "7-Zip" = 7-Zip 9.20
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "avast" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "CNXT_HDAUDIO" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31" = HDAUDIO Soft Data Fax Modem with SmartCP
    "Comodo Dragon" = Comodo Dragon
    "COMODO GeekBuddy" = COMODO GeekBuddy
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
    "InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{ACA1086B-9B62-4F80-B4B9-5659395E4F25}" = Toshiba Controls Utility
    "InstallShield_{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NVIDIA Drivers" = NVIDIA Drivers
    "Outil de diagnostic PC" = Outil de diagnostic PC TOSHIBA
    "ProInst" = Logiciel Intel(R) PROSet/Wireless
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Lecteur Windows Media*11
    "Windows XP Service" = Windows XP Service Pack*3
    "WinLiveSuite_Wave3" = Installation Windows Live
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2012-02-04 20:22:43 | Computer Name = TOSHIBA-29519BD | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 2012-02-05 16:59:29 | Computer Name = TOSHIBA-29519BD | Source = Application Hang | ID = 1002
    Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 2012-02-05 16:59:47 | Computer Name = TOSHIBA-29519BD | Source = Application Hang | ID = 1002
    Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 2012-02-05 17:00:12 | Computer Name = TOSHIBA-29519BD | Source = Application Hang | ID = 1002
    Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 2012-02-06 00:13:09 | Computer Name = TOSHIBA-29519BD | Source = Application Hang | ID = 1002
    Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 2012-02-06 00:13:28 | Computer Name = TOSHIBA-29519BD | Source = Application Hang | ID = 1002
    Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 2012-02-08 22:07:53 | Computer Name = TOSHIBA-29519BD | Source = Application Hang | ID = 1002
    Description = Application bloquée k1qzcch4.exe, version 1.0.15.15641, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 2012-02-08 22:08:16 | Computer Name = TOSHIBA-29519BD | Source = Application Hang | ID = 1002
    Description = Application bloquée k1qzcch4.exe, version 1.0.15.15641, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 2012-02-08 22:08:21 | Computer Name = TOSHIBA-29519BD | Source = Application Hang | ID = 1001
    Description = Détecteur d'erreurs -1467729550.

    Error - 2012-02-09 00:10:34 | Computer Name = TOSHIBA-29519BD | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    [ System Events ]
    Error - 2012-02-10 21:35:07 | Computer Name = TOSHIBA-29519BD | Source = atapi | ID = 262153
    Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
    imparti.

    Error - 2012-02-10 21:35:52 | Computer Name = TOSHIBA-29519BD | Source = atapi | ID = 262153
    Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
    imparti.

    Error - 2012-02-10 21:40:22 | Computer Name = TOSHIBA-29519BD | Source = atapi | ID = 262153
    Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
    imparti.

    Error - 2012-02-10 22:23:11 | Computer Name = TOSHIBA-29519BD | Source = atapi | ID = 262153
    Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
    imparti.

    Error - 2012-02-11 10:40:44 | Computer Name = TOSHIBA-29519BD | Source = atapi | ID = 262153
    Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
    imparti.

    Error - 2012-02-11 10:41:28 | Computer Name = TOSHIBA-29519BD | Source = atapi | ID = 262153
    Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
    imparti.

    Error - 2012-02-11 10:41:40 | Computer Name = TOSHIBA-29519BD | Source = atapi | ID = 262153
    Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
    imparti.

    Error - 2012-02-11 12:56:28 | Computer Name = TOSHIBA-29519BD | Source = atapi | ID = 262153
    Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
    imparti.

    Error - 2012-02-11 16:44:58 | Computer Name = TOSHIBA-29519BD | Source = PlugPlayManager | ID = 11
    Description = Le périphérique Root\LEGACY_PXXDQKOB\0000 a disparu du système sans
    que sa suppression ait tout d'abord été préparée.

    Error - 2012-02-11 17:01:41 | Computer Name = TOSHIBA-29519BD | Source = atapi | ID = 262153
    Description = Le périphérique \Device\Ide\IdePort0 n'a pas répondu dans le délai
    imparti.


    < End of report >
     
  3. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
      O3 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
      O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  4. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Here is second OTL scan as requested:

    OTL logfile created on: 2012-02-11 19:02:15 - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Toshiba\Bureau
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

    3,00 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 73,85% Memory free
    4,84 Gb Paging File | 4,09 Gb Available in Paging File | 84,51% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111,79 Gb Total Space | 55,03 Gb Free Space | 49,23% Space Free | Partition Type: NTFS

    Computer Name: TOSHIBA-29519BD | User Name: Toshiba | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-02-11 17:29:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Toshiba\Bureau\OTL.exe
    PRC - [2012-02-09 22:12:26 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2012-02-09 22:12:23 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2012-02-04 09:56:00 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2012-01-23 22:41:59 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    PRC - [2011-12-19 18:59:00 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
    PRC - [2011-11-28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011-11-28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011-11-23 05:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe
    PRC - [2011-08-11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011-01-17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011-01-17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2008-04-13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006-01-05 17:00:06 | 001,589,248 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\TOSHIBA\Windows Utilities\Hotkey.exe
    PRC - [2005-12-15 13:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
    PRC - [2005-12-05 12:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2005-11-28 11:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2005-11-28 11:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2005-10-05 23:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2005-05-17 03:24:50 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    PRC - [2005-04-11 10:08:00 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    PRC - [2005-01-17 12:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2004-08-27 20:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
    PRC - [2004-08-27 20:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-02-11 16:00:55 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
    MOD - [2012-02-11 16:00:52 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    MOD - [2012-02-11 13:21:35 | 001,691,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12021101\algo.dll
    MOD - [2012-02-09 22:13:00 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
    MOD - [2012-02-09 22:12:51 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
    MOD - [2012-02-09 21:58:03 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
    MOD - [2012-02-05 12:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
    MOD - [2012-02-05 12:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
    MOD - [2012-01-07 11:19:36 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2012-01-04 22:09:49 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2012-01-04 22:09:49 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2012-01-03 08:10:46 | 000,301,056 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    MOD - [2011-12-23 07:12:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
    MOD - [2005-11-28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
    MOD - [2005-11-28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
    MOD - [2005-11-28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
    MOD - [2005-11-03 11:37:58 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2012-02-09 22:12:23 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2012-01-23 22:41:59 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
    SRV - [2011-12-19 18:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2011-11-28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011-11-23 05:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
    SRV - [2011-08-11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2005-04-03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2005-01-17 12:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2004-08-27 20:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2012-01-17 16:00:48 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
    DRV - [2011-12-23 07:12:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2011-12-19 18:59:24 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
    DRV - [2011-12-19 18:59:22 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2011-11-28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011-11-28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011-11-28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011-11-28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011-11-28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011-11-28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011-11-28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011-11-02 10:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
    DRV - [2011-07-22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011-07-12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011-05-19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
    DRV - [2010-10-07 07:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32) Pilote de carte de la série Intel(R)
    DRV - [2006-01-12 10:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
    DRV - [2005-12-28 18:20:38 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
    DRV - [2005-12-04 14:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005-11-29 14:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2005-11-28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2005-11-07 19:12:00 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005-11-07 19:11:00 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005-11-07 19:11:00 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005-10-05 23:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005-10-05 23:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005-10-05 23:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005-10-05 23:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005-10-05 23:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005-10-05 23:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005-10-05 23:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005-08-25 06:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005-08-25 06:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005-06-11 00:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
    DRV - [2005-06-01 23:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
    DRV - [2005-05-05 08:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
    DRV - [2003-09-18 19:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
    DRV - [2003-01-29 10:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
    DRV - [2002-01-24 14:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========




    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    IE - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    O1 HOSTS File: ([2012-02-11 15:58:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [LaunchApp] launchapp File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
    O4 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
    O4 - Startup: C:\Documents and Settings\Toshiba\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\##aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1325644805328 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1325984729437 (MUWebControl Class)
    O18 - Protocol\Handler\intu-ir2011 - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006-01-18 05:32:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-02-11 18:25:00 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Toshiba\Bureau\TFC.exe
    [2012-02-11 17:29:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Toshiba\Bureau\OTL.exe
    [2012-02-11 16:33:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Toshiba\Recent
    [2012-02-11 16:33:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012-02-11 16:12:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012-02-11 15:28:46 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012-02-11 14:02:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012-02-11 13:41:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012-02-11 13:41:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012-02-11 13:41:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012-02-11 13:41:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012-02-11 13:39:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012-02-11 13:38:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-02-11 13:34:37 | 004,401,300 | R--- | C] (Swearware) -- C:\Documents and Settings\Toshiba\Bureau\ComboFix.exe
    [2012-02-11 10:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Bureau\bootkit_remover
    [2012-02-11 09:20:05 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Toshiba\Bureau\aswMBR.exe
    [2012-02-09 23:03:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Toshiba\Bureau\dds.scr
    [2012-02-09 21:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Lavasoft
    [2012-02-09 20:21:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2012-02-09 19:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Menu Démarrer\Programmes\HiJackThis
    [2012-02-09 19:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012-02-09 19:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Application Data\GetRightToGo
    [2012-02-09 19:38:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SpywareBlaster
    [2012-02-08 21:05:58 | 000,000,000 | ---D | C] -- C:\VritualRoot
    [2012-02-07 21:53:27 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Toshiba\Bureau\HousecallLauncher.exe
    [2012-02-07 21:46:31 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Toshiba\Bureau\mbam--setup-1.60.1.1000.exe
    [2012-02-05 09:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\Comodo
    [2012-02-04 20:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\Temp
    [2012-02-04 16:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Mes documents\ImpôtRapide
    [2012-02-04 14:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\7-Zip
    [2012-02-04 14:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2012-02-04 12:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe
    [2012-02-04 12:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2012-02-04 09:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Application Data\Intuit Canada
    [2012-02-04 09:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit Canada
    [2012-01-30 21:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Application Data\Sonic
    [2012-01-22 21:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Bureau\Photos décembre 2011 - Janvier 2012
    [2012-01-22 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Bureau\Nouveau dossier
    [2012-01-16 23:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\MetaGeek,_LLC
    [2012-01-15 19:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\MetaGeek
    [2012-01-15 19:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Menu Démarrer\Programmes\MetaGeek
    [2012-01-15 19:09:48 | 002,056,228 | ---- | C] (MetaGeek, LLC) -- C:\Documents and Settings\Toshiba\Bureau\inSSIDer-Installer-2.0.7.0126.exe
    [2012-01-14 10:57:16 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2012-01-14 10:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2012-01-14 10:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2012-01-14 10:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Toshiba\Application Data\WinPatrol
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012-02-11 18:25:09 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Toshiba\Bureau\TFC.exe
    [2012-02-11 18:24:49 | 000,336,319 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\FSS.exe
    [2012-02-11 18:24:28 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\SecurityCheck.exe
    [2012-02-11 17:29:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Toshiba\Bureau\OTL.exe
    [2012-02-11 16:31:18 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\inSSIDer 2.0.lnk
    [2012-02-11 15:58:31 | 000,043,758 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012-02-11 15:58:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012-02-11 15:52:42 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2012-02-11 15:51:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012-02-11 15:51:31 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
    [2012-02-11 14:02:30 | 000,000,456 | RHS- | M] () -- C:\BOOT.INI
    [2012-02-11 13:34:39 | 004,401,300 | R--- | M] (Swearware) -- C:\Documents and Settings\Toshiba\Bureau\ComboFix.exe
    [2012-02-11 12:01:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\MBR.dat
    [2012-02-11 09:20:34 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\bootkit_remover.zip
    [2012-02-11 09:20:07 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Toshiba\Bureau\aswMBR.exe
    [2012-02-09 23:08:58 | 119,172,784 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\setup_11.0.0.1245.x01_2012_02_10_06_53.exe
    [2012-02-09 23:03:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Toshiba\Bureau\dds.scr
    [2012-02-09 22:29:35 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012-02-09 21:57:44 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
    [2012-02-09 21:57:44 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
    [2012-02-09 21:56:59 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
    [2012-02-09 19:51:43 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\HiJackThis.lnk
    [2012-02-08 21:10:39 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe
    [2012-02-08 19:01:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012-02-08 04:16:24 | 000,302,152 | ---- | M] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\census.cache
    [2012-02-08 04:15:20 | 000,175,661 | ---- | M] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\ars.cache
    [2012-02-07 21:54:33 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\housecall.guid.cache
    [2012-02-07 21:53:27 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Toshiba\Bureau\HousecallLauncher.exe
    [2012-02-07 21:48:38 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
    [2012-02-07 21:46:31 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Toshiba\Bureau\mbam--setup-1.60.1.1000.exe
    [2012-02-07 18:59:09 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\restauration.reg
    [2012-02-07 17:19:45 | 000,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012-02-04 21:10:02 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
    [2012-02-04 12:11:30 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk
    [2012-01-21 13:59:50 | 000,553,636 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2012-01-21 13:59:50 | 000,482,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012-01-21 13:59:50 | 000,094,952 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2012-01-21 13:59:50 | 000,080,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012-01-17 16:00:48 | 000,494,968 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
    [2012-01-15 19:09:49 | 002,056,228 | ---- | M] (MetaGeek, LLC) -- C:\Documents and Settings\Toshiba\Bureau\inSSIDer-Installer-2.0.7.0126.exe
    [2012-01-14 10:57:03 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2012-01-14 10:48:00 | 012,410,880 | ---- | M] () -- C:\Documents and Settings\Toshiba\Bureau\Ad-Aware96Install.msi
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012-02-11 18:24:47 | 000,336,319 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\FSS.exe
    [2012-02-11 18:24:19 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\SecurityCheck.exe
    [2012-02-11 14:02:29 | 000,000,340 | ---- | C] () -- C:\Boot.bak
    [2012-02-11 14:02:22 | 000,263,488 | RHS- | C] () -- C:\cmldr
    [2012-02-11 13:41:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012-02-11 13:41:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012-02-11 13:41:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012-02-11 13:41:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012-02-11 13:41:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012-02-11 12:01:10 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\MBR.dat
    [2012-02-11 09:20:34 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\bootkit_remover.zip
    [2012-02-09 23:07:20 | 119,172,784 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\setup_11.0.0.1245.x01_2012_02_10_06_53.exe
    [2012-02-09 21:56:59 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
    [2012-02-09 19:47:17 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\HiJackThis.lnk
    [2012-02-08 21:10:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\k9it3vi3.exe
    [2012-02-08 04:16:24 | 000,302,152 | ---- | C] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\census.cache
    [2012-02-08 04:15:20 | 000,175,661 | ---- | C] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\ars.cache
    [2012-02-07 21:54:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\housecall.guid.cache
    [2012-02-07 18:59:09 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\restauration.reg
    [2012-02-07 18:54:58 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
    [2012-02-04 12:11:30 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk
    [2012-02-04 12:11:30 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader X.lnk
    [2012-01-17 19:03:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2012-01-17 19:03:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2012-01-15 19:12:12 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\inSSIDer 2.0.lnk
    [2012-01-14 10:50:36 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2012-01-14 10:47:58 | 012,410,880 | ---- | C] () -- C:\Documents and Settings\Toshiba\Bureau\Ad-Aware96Install.msi
    [2012-01-07 22:11:56 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012-01-03 20:38:44 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Toshiba\Local Settings\Application Data\fusioncache.dat
    [2012-01-03 20:34:54 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
    [2012-01-03 20:34:50 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
    [2012-01-03 20:34:44 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006-01-19 16:40:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006-01-18 14:28:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2006-01-18 14:28:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2006-01-18 14:28:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2006-01-18 14:28:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2006-01-18 14:28:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2006-01-18 14:28:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2006-01-18 07:34:09 | 000,012,060 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
    [2006-01-18 07:34:09 | 000,002,226 | R--- | C] () -- C:\WINDOWS\SVPW32Str.ini
    [2006-01-18 06:23:57 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006-01-18 06:22:57 | 000,134,872 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006-01-18 06:07:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\WHideCmd.exe
    [2006-01-18 06:06:23 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
    [2006-01-18 06:06:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
    [2006-01-18 06:06:23 | 000,009,378 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
    [2006-01-18 06:06:23 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
    [2006-01-18 06:04:16 | 000,553,636 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
    [2006-01-18 06:04:16 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
    [2006-01-18 06:04:16 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
    [2006-01-18 06:04:15 | 000,094,952 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
    [2006-01-18 06:04:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006-01-18 06:03:59 | 000,482,174 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006-01-18 06:03:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006-01-18 06:03:59 | 000,080,056 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006-01-18 06:03:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006-01-18 06:03:57 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006-01-18 06:03:57 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006-01-18 06:03:56 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2006-01-18 06:03:51 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006-01-18 06:03:51 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006-01-18 06:03:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006-01-18 06:03:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006-01-18 05:56:34 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006-01-18 05:52:58 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006-01-18 05:50:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
    [2006-01-18 05:50:36 | 000,022,529 | ---- | C] () -- C:\WINDOWS\System32\ortag32.dll
    [2006-01-18 05:36:37 | 000,002,368 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2006-01-18 05:35:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006-01-18 05:33:29 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2006-01-18 05:33:27 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006-01-18 05:33:27 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006-01-18 05:33:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006-01-18 05:33:24 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006-01-18 05:33:24 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2006-01-18 05:33:24 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006-01-18 05:33:21 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2006-01-18 05:33:21 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2006-01-18 05:33:20 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2006-01-18 05:29:54 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005-12-16 12:35:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
    [2005-12-08 14:56:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
    [2005-11-28 16:33:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

    ========== LOP Check ==========

    [2012-01-04 19:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba\Application Data\ElevatedDiagnostics
    [2012-02-09 19:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba\Application Data\GetRightToGo
    [2012-01-07 11:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba\Application Data\OpenOffice.org
    [2012-01-14 13:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba\Application Data\toshiba
    [2012-01-14 10:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Toshiba\Application Data\WinPatrol
    [2012-01-04 23:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012-01-03 23:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
    [2006-01-18 07:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
    [2012-02-11 15:52:42 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < :OTL >

    < O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. >

    < O3 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. >

    < O3 - HKU\S-1-5-21-2094576669-3068703796-1105417404-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. >

    < O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found >

    < >

    < :Commands >

    < [purity] >

    < [emptytemp] >

    < [emptyjava] >

    < [emptyflash] >

    < [Reboot] >

    < End of report >
     
  5. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Security Check scan as requested:

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    avast! Free Antivirus
    COMODO Internet Security
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Spybot - Search & Destroy
    SUPERAntiSpyware
    CCleaner
    Adobe Reader X (10.1.2)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe
    Comodo Firewall cmdagent.exe
    Emsisoft Anti-Malware a2service.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    ``````````End of Log````````````
     
  6. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    FSS Scan as requested:

    Farbar Service Scanner Version: 10-02-2012
    Ran by Toshiba (administrator) on 11-02-2012 at 19:23:39
    Running from "C:\Documents and Settings\Toshiba\Bureau"
    Microsoft Windows XP Édition familiale Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================
     
  7. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    ESET online scan is in progress

    I will post results when finished.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    OTL log is incorrect.
    You clicked on "scan" button instead of "Fix" button.
    Redo after Eset.
     
  9. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Oh sorry, I must have misread that part, I will redo the scan indeed after E-set, no problem.
     
  10. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    E-Set Online scanner came out without infections - No log.

    I'll redo OTL.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Go ahead....
     
     
  12. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    OTL redone with "fix" and custom elements requested... Here is the log.

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2094576669-3068703796-1105417404-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2094576669-3068703796-1105417404-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 602 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Toshiba
    ->Temp folder emptied: 74719 bytes
    ->Temporary Internet Files folder emptied: 47539350 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 558 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 3072 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 43928 bytes
    RecycleBin emptied: 113 bytes

    Total Files Cleaned = 46,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Toshiba
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Toshiba
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 02112012_224727

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  13. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  14. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Hello here is the requested log from step 1.

    I will complete other steps.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Toshiba
    ->Temp folder emptied: 17241 bytes
    ->Temporary Internet Files folder emptied: 4452877 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 4,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Toshiba
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Toshiba
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0,00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 02112012_232348

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Toshiba\Local Settings\Temporary Internet Files\Content.IE5\OK4ZFKXY\partner[2].htm moved successfully.
    C:\Documents and Settings\Toshiba\Local Settings\Temporary Internet Files\Content.IE5\OK4ZFKXY\search[1].htm moved successfully.
    C:\Documents and Settings\Toshiba\Local Settings\Temporary Internet Files\Content.IE5\OK4ZFKXY\showthread[1].php moved successfully.
    C:\Documents and Settings\Toshiba\Local Settings\Temporary Internet Files\Content.IE5\5YF1S1BT\partner[1].htm moved successfully.
    C:\Documents and Settings\Toshiba\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
     
  15. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Thank you !

    I believe everything is complete now.

    Thank you very much for your help, I deeply deeply appreciate the advice you have given me. My computer seems much more healthy now.

    Just for my own interest: what virus / rootkit / other did I have? One or two? Lots?
     
  16. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    There was a trojan, which we removed through Combofix.

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
  17. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Computer works great this morning, thanks to you, and thanks for the explanation also.

    I think I'll have my girlfriend's computer checked next, same cpu behavior... Probably the same virus. Possible here or shall I start a new thread?
     
  18. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    New topic please.
     
  19. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Hello. Tonight, my computer fell again in very high CPU. Something blocks my avast from starting at boot-up. I suspect something came back. ONly things I did since this morning was to isntall WOT and PSIsetup and follow PSIsetup recommndations about updating java and intel pro card. I did create a restore point this morning after all was fine. Even after recovering that point, avast does want to start.

    Have I done something wrong ? :(
     
  20. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    You may need to reinstall Avast since you used restore point.

    Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Attach the file to your next reply.
     
  21. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Procexp log:

    Process PID CPU Private Bytes Working Set Description Company Name Command Line
    System Idle Process 0 98.44 0 K 16 K
    System 4 0 K 240 K
    Interrupts n/a 0.78 0 K 0 K Hardware Interrupts and DPCs
    smss.exe 900 172 K 940 K Gestionnaire de session Windows NT Microsoft Corporation \SystemRoot\System32\smss.exe
    csrss.exe 984 1 816 K 8 136 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    winlogon.exe 1028 7 124 K 1 280 K Application d'ouverture de session Windows NT Microsoft Corporation winlogon.exe
    services.exe 1072 2 240 K 9 480 K Applications Services et Contrôleur Microsoft Corporation C:\WINDOWS\system32\services.exe
    a2service.exe 1244 37 684 K 1 184 K Emsisoft Anti-Malware Service Emsi Software GmbH "C:\Program Files\Emsisoft Anti-Malware\a2service.exe"
    CLPSLS.exe 1304 976 K 8 044 K COMODO livePCsupport Service COMODO "C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe"
    svchost.exe 1424 3 500 K 30 912 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    unsecapp.exe 696 2 636 K 27 896 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
    wmiprvse.exe 2380 2 728 K 31 824 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
    Dot1XCfg.exe 732 4 496 K 35 224 K Intel 802.1x Server Intel Corporation C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe -Embedding
    svchost.exe 1492 2 464 K 28 260 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss
    cmdagent.exe 1532 37 440 K 4 684 K COMODO Internet Security COMODO "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
    svchost.exe 1560 25 320 K 78 052 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs
    EvtEng.exe 1640 3 756 K 33 388 K Intel(R) PROSet/Wireless Event Log Intel Corporation "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe"
    S24EvMon.exe 1732 3 316 K 28 564 K Wireless Management Service Intel Corporation "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe"
    svchost.exe 1908 1 824 K 23 048 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
    svchost.exe 168 5 080 K 29 976 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
    AAWService.exe 284 67 340 K 89 128 K Ad-Aware Service Application Lavasoft Limited "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"
    AAWTray.exe 2648 3 400 K 22 764 K Ad-Aware Tray Application Lavasoft Limited "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
    spoolsv.exe 452 3 672 K 29 920 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
    svchost.exe 908 1 848 K 29 368 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
    SASCore.exe 1396 1 116 K 18 240 K Core Service SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
    CFSvcs.exe 1448 2 072 K 27 144 K Service of ConfigFree. TOSHIBA CORPORATION "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe"
    DVDRAMSV.exe 1620 988 K 6 900 K DVD-RAM Utility Helper Service Matsushita Electric Industrial Co., Ltd. C:\WINDOWS\system32\DVDRAMSV.exe
    nvsvc32.exe 1696 3 836 K 19 880 K NVIDIA Driver Helper Service, Version 83.20 NVIDIA Corporation C:\WINDOWS\system32\nvsvc32.exe
    RegSrvc.exe 1768 1 360 K 24 504 K Intel(R) PROSet/Wireless Registry Service Intel Corporation "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe"
    svchost.exe 1844 2 908 K 29 232 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
    alg.exe 2364 1 628 K 26 808 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
    svchost.exe 3988 2 048 K 26 140 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    lsass.exe 1084 4 436 K 30 228 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
    explorer.exe 200 0.78 23 508 K 19 400 K Explorateur Windows Microsoft Corporation C:\WINDOWS\Explorer.EXE
    DLACTRLW.EXE 2940 1 720 K 25 752 K Drive Letter Access Component Sonic Solutions "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
    SmoothView.exe 2948 1 080 K 18 240 K SmoothView TOSHIBA Corporation "C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe"
    Hotkey.exe 2956 5 600 K 38 524 K TOSHIBA Hotkey Filter Application TOSHIBA Inc. "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR
    SynTPEnh.exe 2964 2 328 K 23 468 K Synaptics TouchPad Enhancements Synaptics, Inc. "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    Toshiba.exe 3332 1 576 K 21 120 K Toshiba Custom PlugIn Application Synaptics, Inc. "C:\Program Files\Synaptics\SynTP\Toshiba" /RegPlugIn
    ZCfgSvc.exe 2992 2 900 K 34 140 K ZeroCfgSvc MFC Application Intel Corporation "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    iFrmewrk.exe 3000 5 700 K 42 304 K Intel Framework MFC Application Intel Corporation "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    cfp.exe 3008 17 304 K 6 288 K COMODO Internet Security COMODO "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    AvastUI.exe 3016 4 808 K 39 176 K avast! Antivirus AVAST Software "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    TOSCDSPD.exe 3032 1 132 K 18 508 K CD/DVD Drive Acoustic Silencer TOSHIBA "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
    SUPERANTISPYWARE.EXE 3056 176 600 K 820 K SUPERAntiSpyware Application SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    ctfmon.exe 3108 1 408 K 22 448 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe"
    RAMASST.exe 3436 1 216 K 18 828 K CD Burning of Windows XP disabling tool for DVD MULTI Drive Matsushita Electric Industrial Co., Ltd. "C:\WINDOWS\system32\RAMASST.exe"
    iexplore.exe 2360 13 500 K 4 668 K Internet Explorer Microsoft Corporation "C:\Program Files\internet explorer\iexplore.exe"
    iexplore.exe 1516 59 196 K 66 728 K Internet Explorer Microsoft Corporation "C:\Program Files\internet explorer\iexplore.exe" SCODEF:2360 CREDAT:79873
    iexplore.exe 368 46 124 K 56 072 K Internet Explorer Microsoft Corporation "C:\Program Files\internet explorer\iexplore.exe" SCODEF:2360 CREDAT:145409
    procexp.exe 1520 11 860 K 17 784 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\Toshiba\Bureau\ProcessExplorer\procexp.exe"
    soffice.exe 3832 12 480 K 28 364 K OpenOffice.org 3.3 OpenOffice.org "C:\Program Files\OpenOffice.org 3\program\soffice.exe" -quickstart
    soffice.bin 1656 43 872 K 107 676 K OpenOffice.org 3.3 OpenOffice.org "C:\Program Files\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files\\OpenOffice.org 3\\program"
     
  22. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    Oops, just seen you asked to attach the file, here it is.
     

    Attached Files:

  23. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    I don't see any high CPU usage.
    System Idle Process (CPU NOT used) is listed at 98.44%.
     
  24. needhelp51

    needhelp51 TS Enthusiast Topic Starter Posts: 218

    CPU was 100% at boot-up and many minutes after, better now indeed, but avast out of order. SHould I go ahead uninstalling and installing it again?
     
  25. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Yes, reinstall it.

    If you're able to catch high CPU usage with Process Explorer I'll gladly take another look.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.