TechSpot

Trojan Win 64/Sirefef

By Fred-M
Jun 22, 2012
  1. Hi,

    I have trojan Win 64 Sirefef on my Windows Vista.
    It keeps rebooting avec 2-3 minutes after it starts, even after I deleted MSE.
    I can't run any program to remove the trojan because my pc reboot before.

    I would greatly appreciate help....

    Frédérique

    My log :
    Scan result of Farbar Recovery Scan Tool Version: 21-06-2012 02
    Ran by SYSTEM at 21-06-2012 08:12:07
    Running from G:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: French Standard
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-11-29] (Synaptics, Inc.)
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-01-17] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [584568 2008-04-23] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [865280 2008-03-19] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKU\Annie\...\Run: [Gestionnaire Antidote.exe] C:\Program Files (x86)\Druide\Antidote\Gestionnaire Antidote.exe [542136 2008-12-02] (Druide informatique inc.)
    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
    HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
    HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-04-24] (TOSHIBA)
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
    HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
    HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-04-24] (TOSHIBA)
    Tcpip\Parameters: [DhcpNameServer] 24.48.19.13 24.202.72.13 24.53.0.2
    AppInit_DLLs: C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll acaptuser64.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    ==================== Services (Whitelisted) ======

    2 AcronisOSSReinstallSvc; "C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" [2217416 2007-02-22] ()
    2 Ati External Event Utility; C:\Windows\System32\Ati2evxx.exe [870400 2008-04-07] (ATI Technologies Inc.)
    3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [651720 2010-02-12] (Macrovision Europe Ltd.)
    3 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-09-02] (Lavasoft Limited)
    2 lxdiCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe [33712 2007-06-11] (Lexmark International, Inc.)
    2 lxdi_device; C:\Windows\system32\lxdicoms.exe -service [876976 2007-06-11] ( )
    2 lxdi_device; C:\Windows\SysWow64\lxdicoms.exe -service [517040 2007-06-11] ( )
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-07-18] (TOSHIBA Corporation)

    ========================== Drivers (Whitelisted) =============

    3 Dot4Print; C:\Windows\System32\DRIVERS\Dot4Prt.sys [19968 2008-01-20] (Microsoft Corporation)
    0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69152 2010-08-12] (Lavasoft AB)
    3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62040 2008-04-14] (O2Micro )
    3 QIOMem; C:\Windows\System32\Drivers\QIOMem.sys [9728 2007-04-09] (TOSHIBA)
    0 snapman; C:\Windows\System32\Drivers\snapman.sys [198944 2010-12-14] (Acronis)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-09-10] (Duplex Secure Ltd.)
    3 tosporte; C:\Windows\System32\Drivers\tosporte.sys [49152 2008-03-25] (TOSHIBA Corporation)
    3 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [165888 2008-04-23] (TOSHIBA CORPORATION)
    3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [44800 2007-11-29] (TOSHIBA Corporation)
    1 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [76160 2007-10-02] (TOSHIBA Corporation)
    3 tosrfec; C:\Windows\System32\Drivers\tosrfec.sys [18944 2006-10-23] (TOSHIBA Corporation)
    3 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [88192 2008-03-19] (TOSHIBA Corporation.)
    3 tosrfnds; C:\Windows\System32\Drivers\tosrfnds.sys [28160 2005-07-13] (TOSHIBA Corporation.)
    3 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [56320 2008-01-22] (TOSHIBA Corporation)
    0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26968 2007-11-09] (TOSHIBA Corporation)
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    3 WPRO_40_1340; C:\Windows\System32\drivers\WPRO_40_1340.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-21 08:11 - 2012-06-21 08:11 - 00000000 ____D C:\FRST
    2012-06-20 16:41 - 2012-06-20 16:41 - 00015844 ____A C:\FixitRegBackup.reg
    2012-06-20 15:55 - 2012-06-20 15:55 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-20 13:20 - 2012-06-20 16:40 - 00000000 ____D C:\sh4ldr
    2012-06-20 13:20 - 2012-06-20 13:20 - 00000000 ____D C:\Program Files\Enigma Software Group
    2012-06-20 13:17 - 2012-06-21 00:49 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-06-20 12:02 - 2012-06-20 12:02 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6519815EF186CF6A
    2012-06-20 11:52 - 2012-06-20 11:52 - 00000000 ____D C:\Windows\pss
    2012-06-20 10:44 - 2012-06-20 10:44 - 00000422 ____A C:\Windows\BitsRepairTool.log
    2012-06-20 10:36 - 2012-06-20 15:20 - 00002243 ____A C:\Windows\epplauncher.mif
    2012-06-20 10:33 - 2012-06-20 10:33 - 01527300 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-20 10:33 - 2012-06-20 10:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-20 10:31 - 2012-06-20 10:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-19 06:20 - 2012-06-02 18:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-19 06:20 - 2012-06-02 18:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-19 06:20 - 2012-06-02 18:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-19 06:20 - 2012-06-02 18:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-19 06:19 - 2012-06-02 18:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-19 06:19 - 2012-06-02 18:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2012-06-19 06:19 - 2012-06-02 18:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-19 06:19 - 2012-06-02 18:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2012-06-19 06:19 - 2012-06-02 18:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-19 06:19 - 2012-06-02 18:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2012-06-19 06:19 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-19 06:19 - 2012-06-02 15:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2012-06-19 06:19 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-19 06:19 - 2012-06-02 15:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2012-06-14 06:54 - 2012-05-17 21:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 06:54 - 2012-05-17 18:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 06:53 - 2012-05-17 22:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 06:53 - 2012-05-17 22:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 06:53 - 2012-05-17 22:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 06:53 - 2012-05-17 21:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 06:53 - 2012-05-17 21:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 06:53 - 2012-05-17 21:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 06:53 - 2012-05-17 21:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 06:53 - 2012-05-17 21:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 06:53 - 2012-05-17 21:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 06:53 - 2012-05-17 21:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 06:53 - 2012-05-17 21:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 06:53 - 2012-05-17 21:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 06:53 - 2012-05-17 21:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 06:53 - 2012-05-17 19:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 06:53 - 2012-05-17 18:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 06:53 - 2012-05-17 18:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 06:53 - 2012-05-17 18:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 06:53 - 2012-05-17 18:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 06:53 - 2012-05-17 18:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 06:53 - 2012-05-17 18:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 06:53 - 2012-05-17 18:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 06:53 - 2012-05-17 18:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 06:53 - 2012-05-17 18:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 06:53 - 2012-05-17 18:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 06:53 - 2012-05-17 18:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 06:53 - 2012-05-17 18:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 20:29 - 2012-05-15 16:15 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 20:29 - 2012-05-01 10:29 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 20:29 - 2012-04-23 12:25 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 20:29 - 2012-04-23 12:25 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 20:29 - 2012-04-23 12:25 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 20:29 - 2012-04-23 12:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 20:29 - 2012-04-23 12:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 20:29 - 2012-04-23 12:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-08 19:07 - 2012-06-08 19:07 - 00001727 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-06-08 19:06 - 2012-06-08 19:07 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-06-08 18:51 - 2012-06-08 18:51 - 00001665 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-08 18:49 - 2012-06-08 18:51 - 00000000 ____D C:\Program Files\iTunes
    2012-06-08 18:49 - 2012-06-08 18:51 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-06-08 18:49 - 2012-06-08 18:49 - 00000000 ____D C:\Program Files\iPod
    2012-06-08 18:37 - 2012-06-08 18:37 - 00000000 ____D C:\Program Files\Bonjour
    2012-06-08 18:37 - 2012-06-08 18:37 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2012-05-31 20:22 - 2012-06-21 00:31 - 00001078 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3065547687-1470503384-3735164326-1000UA.job
    2012-05-31 20:22 - 2012-06-19 20:27 - 00001026 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3065547687-1470503384-3735164326-1000Core.job
    2012-05-25 15:12 - 2012-05-25 15:12 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
    2012-05-25 15:11 - 2012-05-25 15:11 - 00000000 ____D C:\Users\All Users\Cisco Systems

    ============ 3 Months Modified Files and Folders =============

    2012-06-21 08:11 - 2012-06-21 08:11 - 00000000 ____D C:\FRST
    2012-06-21 00:59 - 2009-08-08 12:26 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-06-21 00:53 - 2009-12-03 11:08 - 00325898 ____A C:\aaw7boot.log
    2012-06-21 00:49 - 2012-06-20 13:17 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-06-21 00:42 - 2012-03-25 16:11 - 00000000 ____D C:\Users\Annie\AppData\Roaming\Dropbox
    2012-06-21 00:41 - 2012-03-25 16:13 - 00000000 ___RD C:\Users\Annie\Dropbox
    2012-06-21 00:39 - 2010-02-26 15:44 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-21 00:39 - 2009-05-21 18:14 - 00000224 ____A C:\Windows\Tasks\PAV.job
    2012-06-21 00:39 - 2006-11-02 11:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-21 00:39 - 2006-11-02 11:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-21 00:38 - 2006-11-02 11:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-21 00:31 - 2012-05-31 20:22 - 00001078 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3065547687-1470503384-3735164326-1000UA.job
    2012-06-21 00:23 - 2010-02-26 15:44 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-20 19:34 - 2009-04-21 22:05 - 00000000 ____D C:\Users\Annie\AppData\Roaming\Azureus
    2012-06-20 17:18 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\tracing
    2012-06-20 16:41 - 2012-06-20 16:41 - 00015844 ____A C:\FixitRegBackup.reg
    2012-06-20 16:40 - 2012-06-20 13:20 - 00000000 ____D C:\sh4ldr
    2012-06-20 16:32 - 2008-12-22 23:42 - 00001356 ____A C:\Users\Annie\AppData\Local\d3d9caps.dat
    2012-06-20 15:55 - 2012-06-20 15:55 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-20 15:20 - 2012-06-20 10:36 - 00002243 ____A C:\Windows\epplauncher.mif
    2012-06-20 13:20 - 2012-06-20 13:20 - 00000000 ____D C:\Program Files\Enigma Software Group
    2012-06-20 13:07 - 2008-01-21 06:01 - 01502832 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-20 13:07 - 2008-01-21 06:00 - 00680406 ____A C:\Windows\System32\perfh00C.dat
    2012-06-20 13:07 - 2008-01-21 06:00 - 00127292 ____A C:\Windows\System32\perfc00C.dat
    2012-06-20 12:17 - 2008-12-22 23:34 - 00000732 ____A C:\Users\Annie\AppData\Local\d3d9caps64.dat
    2012-06-20 12:02 - 2012-06-20 12:02 - 00384512 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6519815EF186CF6A
    2012-06-20 11:52 - 2012-06-20 11:52 - 00000000 ____D C:\Windows\pss
    2012-06-20 11:19 - 2006-11-02 11:42 - 00032616 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-20 10:54 - 2012-05-10 06:31 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-20 10:45 - 2008-12-22 19:16 - 01552521 ____A C:\Windows\WindowsUpdate.log
    2012-06-20 10:44 - 2012-06-20 10:44 - 00000422 ____A C:\Windows\BitsRepairTool.log
    2012-06-20 10:34 - 2012-06-20 10:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-20 10:33 - 2012-06-20 10:33 - 01527300 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-20 10:33 - 2012-06-20 10:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-20 10:20 - 2011-09-16 18:00 - 00056984 ____A C:\Windows\PFRO.log
    2012-06-20 10:19 - 2011-11-15 11:11 - 00000000 ____D C:\Users\All Users\MFAData
    2012-06-20 10:19 - 2008-12-22 19:17 - 00000012 ____A C:\Windows\bthservsdp.dat
    2012-06-20 10:17 - 2006-11-02 11:07 - 00000000 ____D C:\Program Files\Windows Sidebar
    2012-06-19 20:27 - 2012-05-31 20:22 - 00001026 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3065547687-1470503384-3735164326-1000Core.job
    2012-06-19 18:22 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
    2012-06-17 07:14 - 2012-05-02 19:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-16 21:35 - 2011-05-11 21:36 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
    2012-06-16 21:35 - 2011-05-11 21:36 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
    2012-06-16 15:32 - 2009-04-21 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-06-14 07:19 - 2006-11-02 11:21 - 00334376 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-14 06:39 - 2006-11-02 08:35 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-06-08 19:07 - 2012-06-08 19:07 - 00001727 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-06-08 19:07 - 2012-06-08 19:06 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-06-08 18:51 - 2012-06-08 18:51 - 00001665 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-08 18:51 - 2012-06-08 18:49 - 00000000 ____D C:\Program Files\iTunes
    2012-06-08 18:51 - 2012-06-08 18:49 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-06-08 18:49 - 2012-06-08 18:49 - 00000000 ____D C:\Program Files\iPod
    2012-06-08 18:39 - 2008-12-22 23:34 - 00000000 ____D C:\users\Annie
    2012-06-08 18:37 - 2012-06-08 18:37 - 00000000 ____D C:\Program Files\Bonjour
    2012-06-08 18:37 - 2012-06-08 18:37 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2012-06-02 18:19 - 2012-06-19 06:20 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 18:19 - 2012-06-19 06:20 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 18:19 - 2012-06-19 06:20 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 18:19 - 2012-06-19 06:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 18:19 - 2012-06-19 06:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2012-06-02 18:19 - 2012-06-19 06:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 18:19 - 2012-06-19 06:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2012-06-02 18:15 - 2012-06-19 06:20 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 18:15 - 2012-06-19 06:19 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 18:12 - 2012-06-19 06:19 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2012-06-02 15:19 - 2012-06-19 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 15:19 - 2012-06-19 06:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2012-06-02 15:15 - 2012-06-19 06:19 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 15:12 - 2012-06-19 06:19 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2012-05-31 20:53 - 2010-09-23 19:05 - 00000000 ____D C:\Program Files (x86)\Raptr
    2012-05-31 20:22 - 2008-12-23 01:10 - 00000000 ____D C:\Users\Annie\AppData\Local\Google
    2012-05-27 22:17 - 2009-01-09 12:08 - 00000000 ____D C:\Users\Annie\AppData\Roaming\Skype
    2012-05-25 15:12 - 2012-05-25 15:12 - 00000000 ____D C:\Program Files (x86)\Cisco Systems
    2012-05-25 15:11 - 2012-05-25 15:11 - 00000000 ____D C:\Users\All Users\Cisco Systems
    2012-05-25 15:11 - 2011-09-28 18:02 - 00002780 ____A C:\Windows\setupact.log
    2012-05-17 22:47 - 2012-06-14 06:53 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 22:16 - 2012-06-14 06:53 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 22:06 - 2012-06-14 06:53 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 21:59 - 2012-06-14 06:53 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 21:59 - 2012-06-14 06:53 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 21:58 - 2012-06-14 06:53 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 21:58 - 2012-06-14 06:53 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 21:56 - 2012-06-14 06:53 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 21:55 - 2012-06-14 06:53 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 21:55 - 2012-06-14 06:53 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 21:54 - 2012-06-14 06:53 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 21:51 - 2012-06-14 06:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 21:51 - 2012-06-14 06:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 21:47 - 2012-06-14 06:53 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 19:11 - 2012-06-14 06:53 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 18:48 - 2012-06-14 06:53 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 18:45 - 2012-06-14 06:53 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 18:36 - 2012-06-14 06:53 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 18:35 - 2012-06-14 06:53 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 18:35 - 2012-06-14 06:53 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 18:33 - 2012-06-14 06:53 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 18:31 - 2012-06-14 06:53 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 18:29 - 2012-06-14 06:53 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 18:29 - 2012-06-14 06:53 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 18:27 - 2012-06-14 06:53 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 18:25 - 2012-06-14 06:53 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 18:24 - 2012-06-14 06:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 18:20 - 2012-06-14 06:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-15 16:15 - 2012-06-13 20:29 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-13 22:45 - 2011-09-16 15:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-13 22:35 - 2012-05-13 22:34 - 00000000 ____D C:\Users\Annie\AppData\Local\{DC51E5D8-22C1-4FAB-A1A2-25D0F47003BE}
    2012-05-13 22:34 - 2012-05-13 22:34 - 00000000 ____D C:\Users\Annie\AppData\Local\{DDB67882-F74D-4497-8D23-D0CE141ECBF8}
    2012-05-13 22:34 - 2009-08-10 11:25 - 00000000 ____D C:\Users\Annie\Tracing
    2012-05-11 13:19 - 2006-11-02 11:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
    2012-05-11 13:19 - 2006-11-02 11:07 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-11 08:54 - 2008-06-13 20:34 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-05-10 06:31 - 2012-05-10 06:31 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-05-10 06:31 - 2011-09-06 07:28 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-05-02 19:56 - 2012-05-02 19:56 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-05-02 17:10 - 2011-02-14 20:08 - 00000448 ___AH C:\Windows\Tasks\Norton Security Scan for Annie.job
    2012-05-01 10:29 - 2012-06-13 20:29 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-23 12:25 - 2012-06-13 20:29 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 12:25 - 2012-06-13 20:29 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 12:25 - 2012-06-13 20:29 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 12:00 - 2012-06-13 20:29 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 12:00 - 2012-06-13 20:29 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 12:00 - 2012-06-13 20:29 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-18 20:56 - 2012-04-18 20:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
    2012-04-18 20:56 - 2012-04-18 20:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
    2012-04-14 10:00 - 2009-01-09 12:07 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-04-14 09:59 - 2009-01-09 12:07 - 00000000 ____D C:\Users\All Users\Skype
    2012-04-14 09:16 - 2011-06-16 15:48 - 00000000 ____D C:\Users\All Users\Skype Extras
    2012-04-14 09:06 - 2009-01-09 12:12 - 00000000 ____D C:\Users\Annie\AppData\Roaming\skypePM
    2012-04-03 04:22 - 2012-05-10 22:07 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-03-31 16:17 - 2011-01-28 19:36 - 00000000 ____D C:\Users\Annie\AppData\Roaming\Apple Computer
    2012-03-31 15:19 - 2010-12-23 07:20 - 00000000 ____D C:\Users\Annie\AppData\Local\Apple Computer
    2012-03-31 15:17 - 2012-03-31 15:16 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2012-03-31 15:16 - 2012-03-31 15:14 - 00000000 ____D C:\Users\All Users\Apple Computer
    2012-03-31 15:12 - 2012-03-31 15:12 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2012-03-30 08:45 - 2012-05-10 22:09 - 01423744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys


    ZeroAccess:
    C:\Windows\Installer\{e2f8cece-1c65-f720-ecfc-b956de1d4728}
    C:\Windows\Installer\{e2f8cece-1c65-f720-ecfc-b956de1d4728}\@
    C:\Windows\Installer\{e2f8cece-1c65-f720-ecfc-b956de1d4728}\L
    C:\Windows\Installer\{e2f8cece-1c65-f720-ecfc-b956de1d4728}\n
    C:\Windows\Installer\{e2f8cece-1c65-f720-ecfc-b956de1d4728}\U

    ZeroAccess:
    C:\Users\Annie\AppData\Local\{e2f8cece-1c65-f720-ecfc-b956de1d4728}
    C:\Users\Annie\AppData\Local\{e2f8cece-1c65-f720-ecfc-b956de1d4728}\@
    C:\Users\Annie\AppData\Local\{e2f8cece-1c65-f720-ecfc-b956de1d4728}\L
    C:\Users\Annie\AppData\Local\{e2f8cece-1c65-f720-ecfc-b956de1d4728}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe BC81150939BD52DBC7A08C245F1FB229 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 13%
    Total physical RAM: 4059.93 MB
    Available physical RAM: 3502.61 MB
    Total Pagefile: 3807.07 MB
    Available Pagefile: 3475.5 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: (S3A6831D004) (Fixed) (Total:126.64 GB) (Free:73.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (Annie) (Fixed) (Total:98.05 GB) (Free:4.62 GB) NTFS
    4 Drive f: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.29 GB) NTFS
    5 Drive g: () (Removable) (Total:0.48 GB) (Free:0.06 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    N¯ disque Statut Taille Libre Dyn GPT
    ---------- ------------- ------- ------------ --- ---
    Disque 0 En ligne 233 G octets 0 octets
    Disque 1 En ligne 491 M octets 0 octets

    Partitions of Disk 0:
    ===============

    N¯ partition Type Taille DÇcalage
    ------------- ---------------- ------- --------
    Partition 1 OEM 1500 M 1024 K
    Partition 2 Principale 127 G 1501 M
    Partition 3 Principale 98 G 128 G
    Partition 4 Principale 6893 M 226 G

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 27
    MasquÇ : Oui
    Active : Non

    N¯ volume Ltr Nom Fs Type Taille Statut Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F TOSHIBA SYS NTFS Partition 1500 M Sain MasquÇ

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    MasquÇ : Non
    Active : Oui

    N¯ volume Ltr Nom Fs Type Taille Statut Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C S3A6831D004 NTFS Partition 127 G Sain

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    MasquÇ : Non
    Active : Non

    N¯ volume Ltr Nom Fs Type Taille Statut Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Annie NTFS Partition 98 G Sain

    ======================================================================================================

    Disk: 0
    Partition 4
    Type : 17
    MasquÇ : Oui
    Active : Non

    Il n'y a pas de volume associÇ avec cette partition.

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    N¯ partition Type Taille DÇcalage
    ------------- ---------------- ------- --------
    Partition 1 Principale 491 M 16 K

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 0E
    MasquÇ : Non
    Active : Oui

    N¯ volume Ltr Nom Fs Type Taille Statut Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 G FAT Amovible 491 M Sain

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-06-20 16:51

    ======================= End Of Log ==========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  3. Fred-M

    Fred-M TS Rookie Topic Starter

    Farbar Recovery Scan Tool Version: 21-06-2012 02
    Ran by SYSTEM at 2012-06-22 08:53:15
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-08-08 12:26] - [2009-04-11 02:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 22:50] - [2008-01-20 22:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2009-08-08 12:26] - [2009-04-11 03:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-20 22:49] - [2008-01-20 22:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

    C:\Windows\SysWOW64\services.exe
    [2009-08-08 12:26] - [2009-04-11 02:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\System32\services.exe
    [2009-08-08 12:26] - [2012-06-21 00:59] - 0384512 ____A (Microsoft Corporation) BC81150939BD52DBC7A08C245F1FB229

    ====== End Of Search ======
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    See if you can start normally.

    If so....

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  5. Fred-M

    Fred-M TS Rookie Topic Starter

    Here is the Fixlog.txt :

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 21-06-2012 02
    Ran by SYSTEM at 2012-06-22 12:29:04 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{e2f8cece-1c65-f720-ecfc-b956de1d4728} moved successfully.
    C:\Users\Annie\AppData\Local\{e2f8cece-1c65-f720-ecfc-b956de1d4728} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  6. Fred-M

    Fred-M TS Rookie Topic Starter

    And the ComboFix.txt :

    ComboFix 12-06-23.05 - Annie 2012-06-22 14:16:19.1.2 - x64
    MicrosoftÆ Windows Vistaô …dition Familiale Premium 6.0.6002.2.1252.2.1036.18.4060.2751 [GMT -4:00]
    LancÈ depuis: d:\desktop\ComboFix.exe
    * Un nouveau point de restauration a ÈtÈ crÈÈ
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Common Files\Uninstall
    c:\program files (x86)\Common Files\Uninstall\PAV\Uninstall.lnk
    c:\program files (x86)\FLV Direct Player
    c:\program files (x86)\FLV Direct Player\downloading.swf
    c:\program files (x86)\FLV Direct Player\FLVPlayer.exe
    c:\program files (x86)\FLV Direct Player\player.swf
    c:\program files (x86)\FLV Direct Player\preload.swf
    c:\program files (x86)\FLV Direct Player\Skin\Skin1\Button.bmp
    c:\program files (x86)\FLV Direct Player\Skin\Skin1\Logo.bmp
    c:\program files (x86)\FLV Direct Player\Skin\Skin1\skin.xml
    c:\program files (x86)\FLV Direct Player\Skin\Skin1\SysCloseButton.bmp
    c:\program files (x86)\FLV Direct Player\Skin\Skin1\SysMaxButton.bmp
    c:\program files (x86)\FLV Direct Player\Skin\Skin1\SysMinButton.bmp
    c:\program files (x86)\FLV Direct Player\Skin\Skin1\Window.bmp
    c:\program files (x86)\FLV Direct Player\uninstall.exe
    c:\program files (x86)\PAV
    c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player
    c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk
    c:\programdata\SPL59D3.tmp
    c:\programdata\SPL734B.tmp
    c:\programdata\SPLB8EB.tmp
    c:\programdata\SPLDA0C.tmp
    c:\windows\SysWow64\file.exe.tmp
    .
    .
    ((((((((((((((((((((((((((((( Fichiers crÈÈs du 2012-05-22 au 2012-06-22 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-06-22 17:58 . 2012-06-22 17:58--------d-----w-c:\users\Annie\AppData\Roaming\Tific
    2012-06-22 17:58 . 2012-06-22 17:58--------d-----w-c:\users\Annie\AppData\Local\tific
    2012-06-22 17:09 . 2012-06-22 17:09--------d-----w-c:\users\Annie\AppData\Local\Macromedia
    2012-06-22 16:45 . 2012-06-18 07:129013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A82AB7FB-2138-4081-8E7F-03D42DFFC7D4}\mpengine.dll
    2012-06-21 12:11 . 2012-06-21 12:12--------d-----w-C:\FRST
    2012-06-20 20:41 . 2012-06-20 20:4115844----a-w-C:\FixitRegBackup.reg
    2012-06-20 19:55 . 2012-06-20 19:55--------d-sh--w-c:\windows\system32\%APPDATA%
    2012-06-20 17:20 . 2012-06-20 20:40--------d-----w-C:\sh4ldr
    2012-06-20 17:20 . 2012-06-20 17:20--------d-----w-c:\program files\Enigma Software Group
    2012-06-20 17:17 . 2012-06-21 04:49--------d-----w-c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
    2012-06-20 17:07 . 2012-06-20 17:07--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-06-20 16:02 . 2012-06-20 16:02384512----a-w-c:\windows\system32\services.exe.6519815EF186CF6A
    2012-06-20 14:38 . 2012-02-09 18:17927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CA2C72-FB48-40D4-8972-6EBE9FF25B41}\gapaengine.dll
    2012-06-20 14:38 . 2012-06-18 07:129013136----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-20 14:33 . 2012-06-20 14:33--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-06-20 14:31 . 2012-06-20 14:34--------d-----w-c:\program files\Microsoft Security Client
    2012-06-19 10:20 . 2012-06-02 22:1957880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-19 10:20 . 2012-06-02 22:1944056----a-w-c:\windows\system32\wups2.dll
    2012-06-19 10:20 . 2012-06-02 22:192428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-19 10:20 . 2012-06-02 22:152622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-19 10:19 . 2012-06-02 22:1938424----a-w-c:\windows\system32\wups.dll
    2012-06-19 10:19 . 2012-06-02 22:19701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-19 10:19 . 2012-06-02 22:1599840----a-w-c:\windows\system32\wudriver.dll
    2012-06-19 10:19 . 2012-06-02 19:19186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-19 10:19 . 2012-06-02 19:1536864----a-w-c:\windows\system32\wuapp.exe
    2012-06-14 10:54 . 2012-05-18 01:512382848----a-w-c:\windows\system32\mshtml.tlb
    2012-06-14 10:54 . 2012-05-17 22:242382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-06-14 00:29 . 2012-05-01 14:29209920----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-06-14 00:29 . 2012-05-15 20:152767360----a-w-c:\windows\system32\win32k.sys
    2012-06-14 00:29 . 2012-04-23 16:25174592----a-w-c:\windows\system32\cryptsvc.dll
    2012-06-14 00:29 . 2012-04-23 16:25132096----a-w-c:\windows\system32\cryptnet.dll
    2012-06-14 00:29 . 2012-04-23 16:251267200----a-w-c:\windows\system32\crypt32.dll
    2012-06-14 00:29 . 2012-04-23 16:00984064----a-w-c:\windows\SysWow64\crypt32.dll
    2012-06-14 00:29 . 2012-04-23 16:0098304----a-w-c:\windows\SysWow64\cryptnet.dll
    2012-06-14 00:29 . 2012-04-23 16:00133120----a-w-c:\windows\SysWow64\cryptsvc.dll
    2012-06-08 22:49 . 2012-06-08 22:49--------d-----w-c:\program files\iPod
    2012-06-08 22:49 . 2012-06-08 22:51--------d-----w-c:\program files\iTunes
    2012-06-08 22:49 . 2012-06-08 22:51--------d-----w-c:\program files (x86)\iTunes
    2012-06-08 22:37 . 2012-06-08 22:37--------d-----w-c:\program files\Bonjour
    2012-06-08 22:37 . 2012-06-08 22:37--------d-----w-c:\program files (x86)\Bonjour
    2012-06-07 21:38 . 2012-06-07 21:38770384----a-w-c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-07 21:38 . 2012-06-07 21:38421200----a-w-c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-05-25 19:12 . 2012-05-25 19:12--------d-----w-c:\program files (x86)\Cisco Systems
    2012-05-25 19:11 . 2012-05-25 19:11--------d-----w-c:\programdata\Cisco Systems
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-22 16:51 . 2012-05-10 10:31426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-22 16:51 . 2011-09-06 11:2870344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-02 22:19 . 2012-06-19 10:1935864----a-w-c:\windows\SysWow64\wups.dll
    2012-06-02 22:19 . 2012-06-19 10:19577048----a-w-c:\windows\SysWow64\wuapi.dll
    2012-06-02 22:12 . 2012-06-19 10:1988576----a-w-c:\windows\SysWow64\wudriver.dll
    2012-06-02 19:19 . 2012-06-19 10:19171904----a-w-c:\windows\SysWow64\wuwebv.dll
    2012-06-02 19:12 . 2012-06-19 10:1933792----a-w-c:\windows\SysWow64\wuapp.exe
    2012-05-17 22:35 . 2012-06-14 10:531129472----a-w-c:\windows\SysWow64\wininet.dll
    2012-04-19 00:56 . 2012-04-19 00:5694208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 00:56 . 2012-04-19 00:5669632----a-w-c:\windows\SysWow64\QuickTime.qts
    2012-04-03 08:22 . 2012-05-11 02:074699520----a-w-c:\windows\system32\ntoskrnl.exe
    2012-03-30 12:45 . 2012-05-11 02:091423744----a-w-c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ÈlÈments vides & les ÈlÈments initiaux lÈgitimes ne sont pas listÈs
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]
    "{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files (x86)\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-09-12 19:023863136----a-w-c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2010-09-12 19:023863136----a-w-c:\program files (x86)\Vuze_Remote\tbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
    2011-05-09 08:49176936----a-w-c:\program files (x86)\SmileBox_EN\prxtbSmil.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
    "{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files (x86)\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Annie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Annie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5894208----a-w-c:\users\Annie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Gestionnaire Antidote.exe"="c:\program files (x86)\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-03 542136]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-04-24 432640]
    .
    c:\users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Annie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\WI371A~1\Datamngr\datamngr.dll c:\progra~2\WI371A~1\Datamngr\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 250056]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contenu du dossier 'T‚ches planifiÈes'
    .
    2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 16:52]
    .
    2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 19:44]
    .
    2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 19:44]
    .
    2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3065547687-1470503384-3735164326-1000Core.job
    - c:\users\Annie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 11:14]
    .
    2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3065547687-1470503384-3735164326-1000UA.job
    - c:\users\Annie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 11:14]
    .
    2012-05-02 c:\windows\Tasks\Norton Security Scan for Annie.job
    - c:\progra~2\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-02 05:02]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Annie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Annie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Annie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:5897792----a-w-c:\users\Annie\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-30 1216808]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\progra~2\WI371A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI371A~1\Datamngr\x64\IEBHO.dll c:\windows\System32\acaptuser64.dll
    .
    ------- Examen supplÈmentaire -------
    .
    uStart Page = hxxp://www.searchqu.com/406
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.shoptoshiba.ca/welcome
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Ajouter la cible du lien ‡ un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Ajouter ‡ un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\tsj8qz6t.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
    FF - prefs.js: network.proxy.type - 2
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    Toolbar-10 - (no file)
    Toolbar-10 - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892} - (no file)
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:00000020
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-06-22 15:14:41 - La machine a redÈmarrÈ
    ComboFix-quarantined-files.txt 2012-06-22 19:14
    .
    Avant-CF: 79†247†900†672 octets libres
    AprËs-CF: 83†134†955†520 octets libres
    .
    - - End Of File - - C8627F3770181F6F6B15978F7168AE4A
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    Any current issues?

    Reinstall MSE as soon as possible.

    Next....

    Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ======================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. Fred-M

    Fred-M TS Rookie Topic Starter

    No current issues, thanks to you :)

    Here is the log from Malwarebytes' Anti-Malware (Sorry it's in french... I tried to reinstall it in english but it didn't work. But it says that everything is fine, it didn't detect anything :)

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Version de la base de données: v2012.06.23.06

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Annie :: PC-DE-ANNIE [administrateur]

    2012-06-22 16:54:16
    mbam-log-2012-06-22 (16-54-16).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 221979
    Temps écoulé: 4 minute(s), 1 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    (fin)
     
  9. Fred-M

    Fred-M TS Rookie Topic Starter

    OTL.txt :

    OTL logfile created on: 2012-06-22 17:09:34 - Run 1
    OTL by OldTimer - Version 3.2.52.0 Folder = D:\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c0c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

    3,96 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 55,28% Memory free
    8,12 Gb Paging File | 6,29 Gb Available in Paging File | 77,49% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 126,64 Gb Total Space | 77,65 Gb Free Space | 61,32% Space Free | Partition Type: NTFS
    Drive D: | 98,05 Gb Total Space | 11,01 Gb Free Space | 11,23% Space Free | Partition Type: NTFS

    Computer Name: PC-DE-ANNIE | User Name: Annie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-06-22 16:53:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
    PRC - [2012-06-22 12:51:59 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    PRC - [2012-06-16 15:32:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012-05-24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Annie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2008-12-02 22:13:14 | 000,542,136 | ---- | M] (Druide informatique inc.) -- C:\Program Files (x86)\Druide\Antidote\Gestionnaire Antidote.exe
    PRC - [2008-07-18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2008-04-17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2008-04-03 21:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    PRC - [2007-02-12 04:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    PRC - [2006-08-23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-06-22 12:51:55 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    MOD - [2012-06-16 15:32:17 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012-03-26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012-03-26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2008-04-24 19:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
    SRV:64bit: - [2008-04-07 09:58:44 | 000,870,400 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
    SRV:64bit: - [2008-01-20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV:64bit: - [2008-01-17 18:29:48 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2007-12-03 18:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
    SRV:64bit: - [2007-11-21 17:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2007-10-17 11:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
    SRV:64bit: - [2007-06-11 11:15:08 | 000,876,976 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdicoms.exe -- (lxdi_device)
    SRV:64bit: - [2007-06-11 11:15:00 | 000,033,712 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
    SRV - [2012-06-22 12:52:00 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-06-16 15:32:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011-09-02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-02-12 01:36:12 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009-05-21 22:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2009-03-30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008-07-18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008-04-17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008-04-11 12:58:10 | 000,158,568 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2008-04-03 21:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
    SRV - [2007-06-11 11:15:00 | 000,033,712 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
    SRV - [2007-06-11 11:14:52 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdicoms.exe -- (lxdi_device)
    SRV - [2007-02-22 20:53:16 | 002,217,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
    SRV - [2007-02-12 04:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
    SRV - [2006-08-23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012-03-20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012-02-29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011-05-10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010-12-14 10:48:11 | 000,198,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
    DRV:64bit: - [2010-08-12 08:15:20 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
    DRV:64bit: - [2009-09-30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009-09-10 23:49:07 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2009-06-04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008-11-17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
    DRV:64bit: - [2008-07-18 19:52:16 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2008-06-26 17:24:18 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV:64bit: - [2008-04-23 18:14:48 | 000,165,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfbd.sys -- (tosrfbd)
    DRV:64bit: - [2008-04-14 22:14:40 | 000,062,040 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
    DRV:64bit: - [2008-04-07 22:46:44 | 000,051,928 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
    DRV:64bit: - [2008-04-07 14:24:48 | 004,257,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2008-04-04 11:57:00 | 000,404,992 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
    DRV:64bit: - [2008-03-25 14:54:26 | 000,049,152 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosporte.sys -- (tosporte)
    DRV:64bit: - [2008-03-25 04:51:16 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2008-03-25 04:47:06 | 000,294,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
    DRV:64bit: - [2008-03-25 04:45:44 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2008-03-19 12:38:46 | 000,088,192 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Tosrfhid.sys -- (Tosrfhid)
    DRV:64bit: - [2008-03-03 22:32:00 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2008-01-22 21:58:12 | 000,056,320 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfsnd.sys -- (TosRfSnd)
    DRV:64bit: - [2008-01-20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2007-12-11 14:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2007-11-29 21:58:00 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2007-11-29 10:45:58 | 000,044,800 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV:64bit: - [2007-11-09 15:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2007-10-18 15:25:00 | 000,051,328 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfusb.sys -- (Tosrfusb)
    DRV:64bit: - [2007-10-17 11:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
    DRV:64bit: - [2007-10-02 12:43:08 | 000,076,160 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\tosrfcom.sys -- (Tosrfcom)
    DRV:64bit: - [2007-04-09 04:15:44 | 000,009,728 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\QIOMem.sys -- (QIOMem)
    DRV:64bit: - [2006-10-23 17:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
    DRV:64bit: - [2006-10-04 22:13:38 | 000,585,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
    DRV:64bit: - [2006-06-18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
    DRV:64bit: - [2005-07-13 07:43:00 | 000,028,160 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfnds.sys -- (tosrfnds)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca/search?q={sear...&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca/search?q={sear...&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2009787


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca/search?q={sear...={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_fr
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...42ef95f30e8&lang=fr&ds=AVG&pr=fr&d=2011-11-17 14:37:44&v=8.0.0.40&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=VZ2
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.smilebox.com/?search={searchTerms}&loc=SB_DS&a=6PQjjtuMn1
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\SearchScopes\{F2331DFE-F735-42A9-B566-B55BDE290498}: "URL" = http://flvdirect.iamwired.net/websearch.php?src=tops&search={SearchTerms}
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "https://www.google.ca/"
    FF - prefs.js..extensions.enabledItems: {d6902984-559d-4d30-83ba-6315d7c84cd1}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
    FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q="
    FF - prefs.js..network.proxy.autoconfig_url: "http://www.bibliotheques.uqam.ca/bibuqam.pac"
    FF - prefs.js..network.proxy.type: 2
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Annie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Annie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-02-14 17:12:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-02-14 17:12:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-13 21:50:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-06-16 15:32:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-08 19:07:41 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-13 21:50:37 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-06-16 15:32:18 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-08 19:07:41 | 000,000,000 | ---D | M]

    [2012-01-26 06:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annie\AppData\Roaming\mozilla\Extensions
    [2012-06-20 10:17:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\tsj8qz6t.default\extensions
    [2010-12-07 12:53:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\tsj8qz6t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012-01-26 06:30:39 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\tsj8qz6t.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2012-06-04 07:17:35 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\tsj8qz6t.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2012-05-21 08:02:03 | 000,000,000 | ---D | M] (ST.en Community Toolbar) -- C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\tsj8qz6t.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1}
    [2011-05-08 13:06:45 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Annie\AppData\Roaming\mozilla\Firefox\Profiles\tsj8qz6t.default\extensions\engine@conduit.com
    [2010-09-23 23:42:51 | 000,000,903 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\tsj8qz6t.default\searchplugins\conduit.xml
    [2011-12-25 12:14:46 | 000,002,169 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\tsj8qz6t.default\searchplugins\MyStart Search.xml
    [2010-09-21 20:45:29 | 000,000,266 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\tsj8qz6t.default\searchplugins\Search.xml
    [2012-01-26 06:30:30 | 000,002,519 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\tsj8qz6t.default\searchplugins\Search_Results.xml
    [2012-04-14 10:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012-04-14 10:00:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012-06-16 15:32:18 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012-01-30 08:59:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011-09-30 04:14:19 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
    [2012-06-12 20:12:24 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2011-09-30 04:14:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011-09-30 04:14:19 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2011-09-30 04:14:19 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
    [2012-01-26 06:30:30 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
    [2011-09-30 04:14:19 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2011-09-30 04:14:19 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Annie\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Annie\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Annie\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Recherche Google = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: DivX HiQ = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: \u003Cvideo\u003E HTML5 DivX Plus Web Player = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
    CHR - Extension: Gmail = C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012-06-22 15:02:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Barre d'outils) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKU\.DEFAULT..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
    O4 - HKU\.DEFAULT..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)
    O4 - HKU\S-1-5-18..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000..\Run: [Gestionnaire Antidote.exe] C:\Program Files (x86)\Druide\Antidote\Gestionnaire Antidote.exe (Druide informatique inc.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Annie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{065DC305-B889-4047-A65C-A96DF50AB9C6}: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C313A2A-BE96-47D3-86C6-527ADA03D22F}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
    O20 - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Annie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Annie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
  10. Fred-M

    Fred-M TS Rookie Topic Starter

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-06-22 16:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012-06-22 16:52:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012-06-22 16:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012-06-22 16:31:25 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Malwarebytes
    [2012-06-22 16:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012-06-22 15:14:45 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\temp
    [2012-06-22 15:03:02 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012-06-22 14:11:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012-06-22 14:11:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012-06-22 14:11:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012-06-22 13:58:19 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Tific
    [2012-06-22 13:58:18 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\tific
    [2012-06-22 13:09:05 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Local\Macromedia
    [2012-06-22 12:55:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-06-22 12:55:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012-06-22 12:46:59 | 004,565,820 | R--- | C] (Swearware) -- D:\Desktop\ComboFix.exe
    [2012-06-21 08:11:57 | 000,000,000 | ---D | C] -- C:\FRST
    [2012-06-20 15:55:49 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012-06-20 13:20:14 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2012-06-20 13:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012-06-20 13:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012-06-20 13:05:11 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- D:\Desktop\SpyHunter-Installer.exe
    [2012-06-20 11:52:00 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012-06-20 10:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012-06-20 10:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012-06-11 20:47:49 | 000,000,000 | ---D | C] -- D:\Desktop\pm
    [2012-06-08 19:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012-06-08 19:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2012-06-08 18:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012-06-08 18:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012-06-08 18:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012-06-08 18:49:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012-06-08 18:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2012-06-08 18:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2012-05-31 20:23:17 | 000,000,000 | ---D | C] -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012-05-25 15:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
    [2012-05-25 15:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [10 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012-06-22 17:20:04 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012-06-22 16:50:15 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012-06-22 16:27:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065547687-1470503384-3735164326-1000UA.job
    [2012-06-22 16:15:05 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012-06-22 16:13:28 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-06-22 16:13:27 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-06-22 16:13:17 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2012-06-22 16:13:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012-06-22 16:10:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012-06-22 16:10:29 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012-06-22 16:09:59 | 001,527,300 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012-06-22 16:09:59 | 000,681,420 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2012-06-22 16:09:59 | 000,598,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012-06-22 16:09:59 | 000,127,904 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2012-06-22 16:09:59 | 000,105,348 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012-06-22 15:38:38 | 001,502,832 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012-06-22 15:02:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012-06-22 12:47:08 | 004,565,820 | R--- | M] (Swearware) -- D:\Desktop\ComboFix.exe
    [2012-06-21 12:57:18 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- D:\Desktop\SpyHunter-Installer.exe
    [2012-06-20 16:41:58 | 000,015,844 | ---- | M] () -- C:\FixitRegBackup.reg
    [2012-06-20 16:32:58 | 000,001,356 | ---- | M] () -- C:\Users\Annie\AppData\Local\d3d9caps.dat
    [2012-06-20 12:17:40 | 000,000,732 | ---- | M] () -- C:\Users\Annie\AppData\Local\d3d9caps64.dat
    [2012-06-19 20:27:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065547687-1470503384-3735164326-1000Core.job
    [2012-06-19 19:27:32 | 000,116,567 | ---- | M] () -- D:\Desktop\langage et organisation.pdf
    [2012-06-16 21:35:45 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012-06-16 21:35:45 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
    [2012-06-14 07:19:44 | 000,334,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012-06-08 19:07:11 | 000,001,727 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012-06-08 18:51:30 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012-06-07 06:33:17 | 000,000,962 | ---- | M] () -- C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012-05-30 14:26:41 | 000,026,850 | ---- | M] () -- D:\Desktop\printpdf&m_ctry=ca&m_lang=fr&m_airline=kl&mfinfo.pdf
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [10 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012-06-22 16:10:07 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012-06-22 14:11:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012-06-22 14:11:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012-06-22 14:11:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012-06-22 14:11:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012-06-22 14:11:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012-06-20 16:41:28 | 000,015,844 | ---- | C] () -- C:\FixitRegBackup.reg
    [2012-06-20 10:36:54 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012-06-20 10:33:15 | 001,527,300 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012-06-19 19:27:32 | 000,116,567 | ---- | C] () -- D:\Desktop\langage et organisation.pdf
    [2012-06-08 19:07:11 | 000,001,727 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012-06-08 18:51:30 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012-05-31 20:22:27 | 000,001,078 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065547687-1470503384-3735164326-1000UA.job
    [2012-05-31 20:22:27 | 000,001,026 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065547687-1470503384-3735164326-1000Core.job
    [2012-05-30 14:26:41 | 000,026,850 | ---- | C] () -- D:\Desktop\printpdf&m_ctry=ca&m_lang=fr&m_airline=kl&mfinfo.pdf
    [2012-05-25 15:13:43 | 000,001,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
    [2012-02-17 07:37:45 | 000,000,552 | ---- | C] () -- C:\Users\Annie\AppData\Local\d3d8caps.dat
    [2011-12-13 20:45:47 | 000,242,807 | ---- | C] () -- C:\Windows\hpwins28.dat
    [2011-08-13 21:33:25 | 000,000,000 | ---- | C] () -- C:\Users\Annie\AppData\Local\{D9D45C07-AE5A-47C9-B09A-C90B2C9427C2}
    [2011-08-09 21:42:30 | 000,000,000 | ---- | C] () -- C:\Users\Annie\AppData\Local\{557B8EA8-5B3F-4EA6-A7DE-565017212F59}
    [2011-07-18 23:08:04 | 000,000,000 | ---- | C] () -- C:\Users\Annie\AppData\Local\{EA9D3B90-1CBA-46F3-B371-CCB3A5EB0E2A}
    [2011-06-28 22:25:37 | 000,000,000 | ---- | C] () -- C:\Users\Annie\AppData\Local\{0C70BD80-B942-49B1-807C-74E18161ECAC}
    [2011-06-21 12:42:31 | 000,000,000 | ---- | C] () -- C:\Users\Annie\AppData\Local\{0C24EC24-9B7F-4202-8914-D7A9112BE301}
    [2011-05-11 21:36:34 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2011-05-11 21:36:34 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2010-12-15 21:42:48 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
    [2010-12-15 21:42:48 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
    [2010-12-15 21:42:48 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
    [2010-12-15 21:42:48 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
    [2010-12-15 21:42:48 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
    [2010-12-15 21:42:47 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
    [2010-12-15 21:42:47 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
    [2010-12-15 21:42:47 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
    [2010-12-15 21:42:47 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
    [2010-12-15 21:42:47 | 000,517,040 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicoms.exe
    [2010-12-15 21:42:47 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiih.exe
    [2010-12-15 21:42:47 | 000,054,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdippls.exe
    [2010-12-15 21:42:47 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
    [2010-12-15 21:42:47 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
    [2010-12-15 21:42:46 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
    [2010-12-15 21:42:46 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
    [2010-12-15 21:42:46 | 000,340,912 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicfg.exe
    [2010-09-11 12:57:12 | 000,000,000 | ---- | C] () -- C:\Users\Annie\AppData\Local\prvlcl.dat
    [2009-01-09 12:12:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2008-12-29 00:03:10 | 000,067,072 | ---- | C] () -- C:\Users\Annie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008-12-22 23:42:06 | 000,001,356 | ---- | C] () -- C:\Users\Annie\AppData\Local\d3d9caps.dat
    [2008-12-22 23:34:29 | 000,000,732 | ---- | C] () -- C:\Users\Annie\AppData\Local\d3d9caps64.dat

    ========== LOP Check ==========

    [2009-10-04 16:48:03 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Acoustica
    [2011-10-04 16:05:58 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Audacity
    [2012-06-20 19:34:44 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Azureus
    [2009-10-04 16:08:10 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Cakewalk
    [2009-09-11 00:10:12 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\DAEMON Tools Lite
    [2012-06-22 16:23:38 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Dropbox
    [2009-03-28 16:22:28 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Druide
    [2011-08-30 03:14:25 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\EurekaLog
    [2009-04-16 00:08:16 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\GraphPad Software
    [2011-01-09 20:02:19 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Lexmark Productivity Studio
    [2011-08-30 03:13:53 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\mquadr.at
    [2012-01-20 14:31:52 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Smilebox
    [2010-02-26 15:38:38 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\StreamTorrent
    [2012-06-22 13:58:19 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\Tific
    [2010-12-14 10:57:43 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\TOSHIBA
    [2010-12-14 11:18:31 | 000,000,000 | ---D | M] -- C:\Users\Annie\AppData\Roaming\WinBatch
    [2012-06-22 16:10:46 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012-06-22 16:11:57 | 000,327,018 | ---- | M] () -- C:\aaw7boot.log
    [2009-04-11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008-06-13 23:12:05 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012-06-22 15:14:42 | 000,022,589 | ---- | M] () -- C:\ComboFix.txt
    [2012-06-20 16:41:58 | 000,015,844 | ---- | M] () -- C:\FixitRegBackup.reg
    [2010-12-15 21:37:22 | 000,001,581 | ---- | M] () -- C:\lxdi.log
    [2005-09-23 01:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012-06-22 16:11:57 | 276,746,239 | -HS- | M] () -- C:\pagefile.sys
    [2003-03-12 13:50:11 | 000,000,140 | -H-- | M] () -- C:\WM800918.bin

    < %systemroot%\Fonts\*.com >
    [2006-11-02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006-11-02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006-11-02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009-09-11 09:00:16 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006-09-18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010-11-10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008-01-20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011-09-16 18:03:45 | 000,000,350 | -HS- | M] () -- C:\Users\Annie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012-06-22 16:50:15 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012-06-22 16:15:05 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012-06-22 17:20:04 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012-06-19 20:27:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065547687-1470503384-3735164326-1000Core.job
    [2012-06-22 17:27:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065547687-1470503384-3735164326-1000UA.job
    [2012-05-02 17:10:04 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Annie.job
    [2012-06-22 16:13:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012-06-22 16:10:46 | 000,032,616 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011-12-14 09:24:33 | 000,001,294 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < End of report >
     
  11. Fred-M

    Fred-M TS Rookie Topic Starter

    duplicate
     
  12. Fred-M

    Fred-M TS Rookie Topic Starter

    Extras.Txt :

    OTL Extras logfile created on: 2012-06-22 17:09:34 - Run 1
    OTL by OldTimer - Version 3.2.52.0 Folder = D:\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c0c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

    3,96 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 55,28% Memory free
    8,12 Gb Paging File | 6,29 Gb Available in Paging File | 77,49% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 126,64 Gb Total Space | 77,65 Gb Free Space | 61,32% Space Free | Partition Type: NTFS
    Drive D: | 98,05 Gb Total Space | 11,01 Gb Free Space | 11,23% Space Free | Partition Type: NTFS

    Computer Name: PC-DE-ANNIE | User Name: Annie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 65 61 92 05 E8 32 CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0B13AA03-ED4D-4CA2-9A43-A3007937AC95}" = TOSHIBA Disc Creator64
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
    "{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
    "{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{76273129-3BA1-BBFD-F13F-637E61A54594}" = ccc-utility64
    "{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AE64AAFB-8C9A-482A-B2A9-3A420A65D5D5}" = O2Micro Flash Memory Card Reader Driver (x64)
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
    "{E2276807-C713-CBD3-D5D9-516E8E49B9B5}" = ATI Catalyst Install Manager
    "{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "CCleaner" = CCleaner
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
    "Lexmark Fax Solutions" = Solutions de télécopie Lexmark
    "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
    "Microsoft Security Client" = Microsoft Security Essentials
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{08233ADA-AA4C-A977-58FD-DB6C684BE010}" = Catalyst Control Center Localization Norwegian
    "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B4C7D42-323A-F3FD-5B18-0222082E6FDD}" = Catalyst Control Center Localization Dutch
    "{0D348034-9CBE-19FC-19B0-B2CDC78E50F1}" = ccc-core-static
    "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{10B35323-BE1A-61FB-C4D1-E88F24147617}" = Catalyst Control Center Localization Thai
    "{11FC2772-F7FD-21FD-614F-CE58BF52C398}" = Catalyst Control Center Localization Chinese Standard
    "{12911298-DDB4-AD44-E530-AEB8127503C9}" = CCC Help Italian
    "{1714616C-61CE-44D5-AF0B-53404D7FA83A}" = Catalyst Control Center Localization Korean
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18625A47-84A9-6F6C-3780-79221B6095C3}" = CCC Help Norwegian
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
    "{1C3F57C7-8474-DF38-8F9F-0EBFB554FD56}" = Catalyst Control Center Localization Hungarian
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{264324EA-35F7-AD77-CC96-F9F47A9A6284}" = Catalyst Control Center Localization Czech
    "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
    "{2A6F930B-12DA-AD4F-C4A4-E008F73A8016}" = CCC Help English
    "{2AEC1EC0-0C01-8831-B04F-41FB4A92B677}" = Catalyst Control Center Localization Spanish
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{31326B80-1D01-4DBA-1DCA-A0731182A2E6}" = CCC Help Korean
    "{31DD9FF4-23CD-7898-0305-70D806E2F7DB}" = CCC Help Japanese
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33AC44A1-81C2-0A61-0EC0-59EFC503A1EA}" = Catalyst Control Center Localization Danish
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
    "{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3DFE65B6-3AC9-C44A-1160-A449E0DFFE94}" = CCC Help Greek
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{405AE172-0CE0-E2A1-1693-1B120B71AF32}" = Catalyst Control Center Localization Japanese
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = Réducteur de bruit du lecteur de CD/DVD
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4DC3B285-BE6C-E873-42A1-AE221B3BE4F2}" = CCC Help Hungarian
    "{54CAB637-25EA-33FE-2FF4-6F6182BCCF12}" = CCC Help Chinese Standard
    "{55A75679-02D1-4C8C-85CA-B4E4DF4D775F}" = MSM32Installer
    "{567AE922-FB8D-943D-921E-B390A2FBD625}" = CCC Help Russian
    "{5788504C-08BC-E414-C019-60D8E2A2A1EB}" = CCC Help Portuguese
    "{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{631141AD-79AA-447F-B403-21C704D39B8C}" = UPC Fiber Power Optimizer
    "{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
    "{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6BCE01B8-333E-667E-0FC9-5070EA9B8108}" = Catalyst Control Center Localization Swedish
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6EA4F33E-8F12-AB92-D497-2D454E3C4BB7}" = CCC Help Polish
    "{6FB6D968-6E8D-3FCB-1F2D-7ED24FC1BA07}" = CCC Help Swedish
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7206AFB8-99ED-B788-3DE8-0AE3DBD97B24}" = Catalyst Control Center Localization French
    "{732662AE-82C0-9184-CE57-4257695EE1CE}" = CCC Help German
    "{754F90E7-DE41-0ADE-2E3F-2C269ED9C2EE}" = CCC Help Finnish
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B12F319-43E1-D2DD-ABFE-50E34F76A740}" = Catalyst Control Center Graphics Full New
    "{7E340EDB-9BF0-5CF2-C12D-7C31992070E3}" = CCC Help Turkish
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-040C-1000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
    "{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9AF16DB8-2845-88FE-BDC2-EEF067F9B1EC}" = Catalyst Control Center Graphics Full Existing
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E166691-B3ED-0F76-1FE9-AB3DBAAD75DD}" = CCC Help French
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A474EA56-5DBD-4181-8230-806A4762EA7F}" = Antidote RX v8
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{AED994C5-E6CE-0377-09ED-C4000E4189BF}" = Catalyst Control Center Core Implementation
    "{B245D989-F88A-C2C3-1958-A91254DEC387}" = Catalyst Control Center Graphics Light
    "{B3D15F34-F377-26A0-4CCF-2CB47E5810CD}" = CCC Help Dutch
    "{B5359AD5-4950-174E-4070-CDB1881B161F}" = CCC Help Czech
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C07CA803-141E-A7C3-13E0-AB99FC5DC7B4}" = Catalyst Control Center Localization Polish
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
    "{C7838AAD-8B29-86D3-6E04-417C7B7EE628}" = Catalyst Control Center Localization Greek
    "{C8585E46-A5C9-8E20-77CA-378D5C291B09}" = Catalyst Control Center Localization Finnish
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C92C2F87-1E84-A9E5-81F3-3B93DC991A4E}" = Catalyst Control Center Localization Chinese Traditional
    "{CB01DA5C-48B7-D9A6-22DE-D678D6007C56}" = Catalyst Control Center Localization German
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D05EB4EF-29BE-8031-9AF5-2DC9485D5870}" = Catalyst Control Center Localization Russian
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7F069BF-7A9F-6A09-D5AE-E77F8B2E892F}" = CCC Help Danish
    "{DB8CEC42-30B1-4F49-BD06-9393EB81CCF7}" = SPSS 13.0 for Windows
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DDC519DE-AC45-634C-C009-6FCE1EF313F3}" = Catalyst Control Center Localization Portuguese
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED3C1C9D-0496-6884-8B32-8A2B73219C20}" = Catalyst Control Center Localization Italian
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{F0A85260-5B90-4C0E-07FF-72A89AA18F77}" = Skins
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
    "{F24E1A94-76DD-85BD-5B6C-6701CC4E8A0F}" = CCC Help Chinese Traditional
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F4614173-1F8B-A19A-C2CC-57834FBCCE6C}" = CCC Help Spanish
    "{F61310F9-DE52-4EF9-B514-F41DE0BC0418}" = upc cablecom Installer
    "{F89CF986-3AA7-8B20-390A-D5C09F27F85D}" = Catalyst Control Center Localization Turkish
    "{F8F37F88-4CB6-9162-AE65-7BBA7E476547}" = Catalyst Control Center Graphics Previews Vista
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FFF7CB0F-FA65-7115-2CEC-16C21037C88E}" = CCC Help Thai
    "8461-7759-5462-8226" = Vuze
    "Acronis Disk Director Suite 10 build 2160" = Acronis Disk Director Suite 10 build 2160
    "Ad-Aware" = Ad-Aware
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "Cisco Connect" = Cisco Connect
    "conduitEngine" = Conduit Engine
    "DivX Setup.divx.com" = Configuration DivX
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "iLivid" = iLivid
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
    "InstallShield_{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}" = TOSHIBA Supervisor Password
    "InstallShield_{E8B39B08-7FAB-48CC-89E9-37C5589E130C}" = TOSHIBA Hardware Setup
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Standard)
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Mozilla Firefox 13.0.1 (x86 fr)" = Mozilla Firefox 13.0.1 (x86 fr)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NSS" = Norton Security Scan
    "Quick Search Box" = Champ de recherche rapide Google
    "Revo Uninstaller" = Revo Uninstaller 1.90
    "SmileBox_EN Toolbar" = SmileBox EN Toolbar
    "SwitchOff" = Switch Off
    "TigerCad_is1" = TigerCad version 3.001 Free
    "upc cablecom Installer" = upc cablecom Installer
    "UPC Fiber Power Optimizer" = UPC Fiber Power Optimizer
    "VLC media player" = VLC media player 1.1.11
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Searchqu Toolbar" = Windows iLivid Toolbar
    "WinLiveSuite" = Windows Live
    "Yahoo! Companion" = Yahoo! Barre d'outils

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3065547687-1470503384-3735164326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
    "Smilebox" = Smilebox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2012-06-22 13:49:28 | Computer Name = PC-de-Annie | Source = System Restore | ID = 8193
    Description =

    Error - 2012-06-22 13:58:44 | Computer Name = PC-de-Annie | Source = WinMgmt | ID = 10
    Description =

    Error - 2012-06-22 14:02:39 | Computer Name = PC-de-Annie | Source = WinMgmt | ID = 10
    Description =

    Error - 2012-06-22 14:11:20 | Computer Name = PC-de-Annie | Source = System Restore | ID = 8193
    Description =

    Error - 2012-06-22 14:59:55 | Computer Name = PC-de-Annie | Source = EventSystem | ID = 4621
    Description =

    Error - 2012-06-22 15:03:01 | Computer Name = PC-de-Annie | Source = WinMgmt | ID = 10
    Description =

    Error - 2012-06-22 16:06:49 | Computer Name = PC-de-Annie | Source = System Restore | ID = 8193
    Description =

    Error - 2012-06-22 16:06:59 | Computer Name = PC-de-Annie | Source = System Restore | ID = 8193
    Description =

    Error - 2012-06-22 16:14:02 | Computer Name = PC-de-Annie | Source = WinMgmt | ID = 10
    Description =

    Error - 2012-06-22 16:26:59 | Computer Name = PC-de-Annie | Source = System Restore | ID = 8193
    Description =

    [ OSession Events ]
    Error - 2010-04-30 22:31:28 | Computer Name = PC-de-Annie | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 598 seconds with 540 seconds of active time. This session ended with a crash.

    Error - 2010-05-01 09:57:13 | Computer Name = PC-de-Annie | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 1205 seconds with 660 seconds of active time. This session ended with a
    crash.

    Error - 2011-03-27 19:11:46 | Computer Name = PC-de-Annie | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9016
    seconds with 4680 seconds of active time. This session ended with a crash.

    Error - 2011-03-29 13:26:05 | Computer Name = PC-de-Annie | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2011-04-14 06:55:56 | Computer Name = PC-de-Annie | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2011-04-23 09:14:02 | Computer Name = PC-de-Annie | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2011-05-26 10:26:45 | Computer Name = PC-de-Annie | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2011-06-02 08:00:53 | Computer Name = PC-de-Annie | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2011-08-31 14:21:58 | Computer Name = PC-de-Annie | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2011-10-19 16:49:15 | Computer Name = PC-de-Annie | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 2012-06-22 16:16:39 | Computer Name = PC-de-Annie | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 a rencontré une erreur lors de la tentative de mise à jour des
    signatures. Nouvelle version des signatures : Version précédente des signatures :
    0.0.0.0 Source de la mise à jour : %%851 Étape de la mise à jour : %%852 Chemin d'accès
    source : http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Type
    de signature : %%800 Type de la mise à jour : %%803 Utilisateur : PC-de-Annie\Annie

    Version
    actuelle du moteur : Version précédente du moteur : 0.0.0.0 Code d'erreur : 0x80072ee7

    Description
    de l'erreur : L'adresse ou le nom de serveur n'a pas pu être résolu

    Error - 2012-06-22 16:16:39 | Computer Name = PC-de-Annie | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 a rencontré une erreur lors de la tentative de mise à jour des
    signatures. Nouvelle version des signatures : Version précédente des signatures :
    0.0.0.0 Source de la mise à jour : %%851 Étape de la mise à jour : %%852 Chemin d'accès
    source : http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Type
    de signature : %%801 Type de la mise à jour : %%803 Utilisateur : PC-de-Annie\Annie

    Version
    actuelle du moteur : Version précédente du moteur : 0.0.0.0 Code d'erreur : 0x80072ee7

    Description
    de l'erreur : L'adresse ou le nom de serveur n'a pas pu être résolu

    Error - 2012-06-22 16:19:29 | Computer Name = PC-de-Annie | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 a rencontré une erreur lors de la tentative de mise à jour des
    signatures. Nouvelle version des signatures : Version précédente des signatures :
    0.0.0.0 Source de la mise à jour : %%859 Étape de la mise à jour : %%853 Chemin d'accès
    source : http://www.microsoft.com Type de signature : %%800 Type de la mise à jour :
    %%803 Utilisateur : AUTORITE NT\SYSTEM Version actuelle du moteur : Version précédente
    du moteur : 0.0.0.0 Code d'erreur : 0x80240022 Description de l'erreur : Le programme
    ne peut pas rechercher les mises à jour de définitions.

    Error - 2012-06-22 16:19:29 | Computer Name = PC-de-Annie | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 a rencontré une erreur lors de la tentative de mise à jour des
    signatures. Nouvelle version des signatures : Version précédente des signatures :
    0.0.0.0 Source de la mise à jour : %%859 Étape de la mise à jour : %%853 Chemin d'accès
    source : http://www.microsoft.com Type de signature : %%800 Type de la mise à jour :
    %%803 Utilisateur : AUTORITE NT\SYSTEM Version actuelle du moteur : Version précédente
    du moteur : 0.0.0.0 Code d'erreur : 0x80240022 Description de l'erreur : Le programme
    ne peut pas rechercher les mises à jour de définitions.

    Error - 2012-06-22 16:19:47 | Computer Name = PC-de-Annie | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 a rencontré une erreur lors de la tentative de mise à jour des
    signatures. Nouvelle version des signatures : Version précédente des signatures :
    0.0.0.0 Source de la mise à jour : %%851 Étape de la mise à jour : %%852 Chemin d'accès
    source : http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Type
    de signature : %%800 Type de la mise à jour : %%803 Utilisateur : AUTORITE NT\SERVICE
    RÉSEAU Version actuelle du moteur : Version précédente du moteur : 0.0.0.0 Code d'erreur :
    0x80072ee7 Description de l'erreur : L'adresse ou le nom de serveur n'a pas pu être
    résolu

    Error - 2012-06-22 16:19:47 | Computer Name = PC-de-Annie | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 a rencontré une erreur lors de la tentative de mise à jour des
    signatures. Nouvelle version des signatures : Version précédente des signatures :
    0.0.0.0 Source de la mise à jour : %%851 Étape de la mise à jour : %%852 Chemin d'accès
    source : http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Type
    de signature : %%801 Type de la mise à jour : %%803 Utilisateur : AUTORITE NT\SERVICE
    RÉSEAU Version actuelle du moteur : Version précédente du moteur : 0.0.0.0 Code d'erreur :
    0x80072ee7 Description de l'erreur : L'adresse ou le nom de serveur n'a pas pu être
    résolu

    Error - 2012-06-22 16:19:47 | Computer Name = PC-de-Annie | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 a rencontré une erreur lors de la tentative de mise à jour des
    signatures. Nouvelle version des signatures : Version précédente des signatures :
    0.0.0.0 Source de la mise à jour : %%851 Étape de la mise à jour : %%852 Chemin d'accès
    source : http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Type
    de signature : %%800 Type de la mise à jour : %%803 Utilisateur : AUTORITE NT\SERVICE
    RÉSEAU Version actuelle du moteur : Version précédente du moteur : 0.0.0.0 Code d'erreur :
    0x80072ee7 Description de l'erreur : L'adresse ou le nom de serveur n'a pas pu être
    résolu

    Error - 2012-06-22 16:19:47 | Computer Name = PC-de-Annie | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 a rencontré une erreur lors de la tentative de mise à jour des
    signatures. Nouvelle version des signatures : Version précédente des signatures :
    0.0.0.0 Source de la mise à jour : %%851 Étape de la mise à jour : %%852 Chemin d'accès
    source : http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Type
    de signature : %%801 Type de la mise à jour : %%803 Utilisateur : AUTORITE NT\SERVICE
    RÉSEAU Version actuelle du moteur : Version précédente du moteur : 0.0.0.0 Code d'erreur :
    0x80072ee7 Description de l'erreur : L'adresse ou le nom de serveur n'a pas pu être
    résolu

    Error - 2012-06-22 16:19:47 | Computer Name = PC-de-Annie | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 a rencontré une erreur lors de la tentative de mise à jour des
    signatures. Nouvelle version des signatures : Version précédente des signatures :
    0.0.0.0 Source de la mise à jour : %%851 Étape de la mise à jour : %%852 Chemin d'accès
    source : http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Type
    de signature : %%800 Type de la mise à jour : %%803 Utilisateur : AUTORITE NT\SERVICE
    RÉSEAU Version actuelle du moteur : Version précédente du moteur : 0.0.0.0 Code d'erreur :
    0x80072ee7 Description de l'erreur : L'adresse ou le nom de serveur n'a pas pu être
    résolu

    Error - 2012-06-22 16:20:04 | Computer Name = PC-de-Annie | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 a rencontré une erreur lors de la tentative de mise à jour des
    signatures. Nouvelle version des signatures : Version précédente des signatures :
    0.0.0.0 Source de la mise à jour : %%851 Étape de la mise à jour : %%852 Chemin d'accès
    source : http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Type
    de signature : %%800 Type de la mise à jour : %%803 Utilisateur : AUTORITE NT\SERVICE
    RÉSEAU Version actuelle du moteur : Version précédente du moteur : 0.0.0.0 Code d'erreur :
    0x80072ee7 Description de l'erreur : L'adresse ou le nom de serveur n'a pas pu être
    résolu


    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKU\S-1-5-21-3065547687-1470503384-3735164326-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011-08-13 21:33:25 | 000,000,000 | ---- | C] () -- C:\Users\Annie\AppData\Local\{D9D45C07-AE5A-47C9-B09A-C90B2C9427C2}
      [2011-08-09 21:42:30 | 000,000,000 | ---- | C] () -- C:\Users\Annie\AppData\Local\{557B8EA8-5B3F-4EA6-A7DE-565017212F59}
      [2011-07-18 23:08:04 | 000,000,000 | ---- | C] () -- C:\Users\Annie\AppData\Local\{EA9D3B90-1CBA-46F3-B371-CCB3A5EB0E2A}
      [2011-06-28 22:25:37 | 000,000,000 | ---- | C] () -- C:\Users\Annie\AppData\Local\{0C70BD80-B942-49B1-807C-74E18161ECAC}
      [2011-06-21 12:42:31 | 000,000,000 | ---- | C] () -- C:\Users\Annie\AppData\Local\{0C24EC24-9B7F-4202-8914-D7A9112BE301}
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =========================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. Fred-M

    Fred-M TS Rookie Topic Starter

    OTL :

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3065547687-1470503384-3735164326-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Users\Annie\AppData\Local\{D9D45C07-AE5A-47C9-B09A-C90B2C9427C2} moved successfully.
    C:\Users\Annie\AppData\Local\{557B8EA8-5B3F-4EA6-A7DE-565017212F59} moved successfully.
    C:\Users\Annie\AppData\Local\{EA9D3B90-1CBA-46F3-B371-CCB3A5EB0E2A} moved successfully.
    C:\Users\Annie\AppData\Local\{0C70BD80-B942-49B1-807C-74E18161ECAC} moved successfully.
    C:\Users\Annie\AppData\Local\{0C24EC24-9B7F-4202-8914-D7A9112BE301} moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Annie
    ->Temp folder emptied: 235431 bytes
    ->Temporary Internet Files folder emptied: 227406472 bytes
    ->Java cache emptied: 28619 bytes
    ->FireFox cache emptied: 71767992 bytes
    ->Google Chrome cache emptied: 15814946 bytes
    ->Flash cache emptied: 61088 bytes

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2237232 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 37107 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 54710906 bytes
    RecycleBin emptied: 5292204 bytes

    Total Files Cleaned = 360,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Annie
    ->Java cache emptied: 0 bytes

    User: AppData

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Annie
    ->Flash cache emptied: 0 bytes

    User: AppData

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.52.0 log created on 06232012_110731

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  15. Fred-M

    Fred-M TS Rookie Topic Starter

    Security Check :

    Results of screen317's Security Check version 0.99.24
    Windows Vista x64 (UAC is disabled!)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Java(TM) 6 Update 29
    Java(TM) 6 Update 6
    Out of date Java installed!
    Adobe Flash Player 11.3.300.262
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
     
  16. Fred-M

    Fred-M TS Rookie Topic Starter

    Farbar Service Scanner :

    Farbar Service Scanner Version: 23-06-2012
    Ran by Annie (administrator) on 23-06-2012 at 11:33:43
    Running from "D:\Desktop"
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll
    [2008-01-20 22:49] - [2008-01-20 22:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcsvc.dll
    [2009-08-08 12:25] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

    C:\Windows\System32\drivers\afd.sys
    [2012-02-14 21:33] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-10 22:09] - [2012-03-30 08:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

    C:\Windows\System32\dnsrslvr.dll
    [2011-04-15 07:47] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

    C:\Windows\System32\mpssvc.dll
    [2009-08-08 12:26] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

    C:\Windows\System32\bfe.dll
    [2009-08-08 12:25] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2008-01-20 22:47] - [2008-01-20 22:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

    C:\Windows\System32\vssvc.exe
    [2009-08-08 12:27] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

    C:\Windows\System32\wscsvc.dll
    [2009-08-08 12:24] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

    C:\Windows\System32\wbem\WMIsvc.dll
    [2009-08-08 12:26] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll
    [2009-08-08 12:27] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

    C:\Windows\System32\es.dll
    [2009-08-08 12:27] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

    C:\Windows\System32\cryptsvc.dll
    [2012-06-13 20:29] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

    C:\Program Files\Windows Defender\MpSvc.dll
    [2008-01-20 22:47] - [2008-01-20 22:47] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC

    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-08-08 12:27] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



    **** End of log ****
     
  17. Fred-M

    Fred-M TS Rookie Topic Starter

    And ESET :

    C:\FRST\Quarantine\{e2f8cece-1c65-f720-ecfc-b956de1d4728}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
    C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files (x86)\FLV Direct Player\player.swf.vir Win32/Adware.FlvDirect application cleaned by deleting - quarantined
    D:\Downloads\a_rush_of_blood_to_the_head_videobb.[full_HD].zip.exe a variant of Win32/Adware.MediaFinder.C application cleaned by deleting - quarantined
    D:\Downloads\MPLSetup.exe a variant of Win32/Adware.HotBar.K application cleaned by deleting - quarantined
    D:\Downloads\XvidSetup.exe a variant of Win32/Adware.HotBar.K application cleaned by deleting - quarantined
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ======================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  19. Fred-M

    Fred-M TS Rookie Topic Starter

    OTL :

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Annie
    ->Temp folder emptied: 94043 bytes
    ->Temporary Internet Files folder emptied: 56753 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 56769867 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 28593 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 54,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Annie
    ->Flash cache emptied: 0 bytes

    User: AppData

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Annie
    ->Java cache emptied: 0 bytes

    User: AppData

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.52.0 log created on 06242012_162200

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  20. Fred-M

    Fred-M TS Rookie Topic Starter

    I followed all your instructions in your last post.

    The computer seems to run perfectly fine.

    So thank you sooo much for all your help, I really aprreciate it! :).
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...