Solved Trojan Win32.Sirefef, PC reboots every minute

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 15/04/2008 21:09:42
System Uptime: 22/07/2012 00:18:36 (0 hours ago)
.
Motherboard: MSI | | Boston
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | Socket 775 | 1800/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 137,084 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1,351 GiB free.
E: is CDROM ()
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Carte Microsoft 6to4 #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0014
Manufacturer: Microsoft
Name: Carte Microsoft 6to4 #12
PNP Device ID: ROOT\*6TO4MP\0014
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0025
Manufacturer: Microsoft
Name: Carte Microsoft 6to4 #21
PNP Device ID: ROOT\*6TO4MP\0025
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0058
Manufacturer: Microsoft
Name: Carte Microsoft 6to4 #49
PNP Device ID: ROOT\*6TO4MP\0058
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0061
Manufacturer: Microsoft
Name: Carte Microsoft 6to4 #51
PNP Device ID: ROOT\*6TO4MP\0061
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0066
Manufacturer: Microsoft
Name: Carte Microsoft 6to4 #54
PNP Device ID: ROOT\*6TO4MP\0066
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0074
Manufacturer: Microsoft
Name: Carte Microsoft 6to4 #57
PNP Device ID: ROOT\*6TO4MP\0074
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0090
Manufacturer: Microsoft
Name: Carte Microsoft 6to4 #67
PNP Device ID: ROOT\*6TO4MP\0090
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft ISATAP
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Carte Microsoft ISATAP #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft ISATAP
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Carte Microsoft ISATAP #4
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft ISATAP
Device ID: ROOT\*ISATAP\0021
Manufacturer: Microsoft
Name: Carte Microsoft ISATAP #20
PNP Device ID: ROOT\*ISATAP\0021
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft ISATAP
Device ID: ROOT\*ISATAP\0042
Manufacturer: Microsoft
Name: Carte Microsoft ISATAP #39
PNP Device ID: ROOT\*ISATAP\0042
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9 - Français
Adobe Shockwave Player 11.5
Assistant de connexion Windows Live
avast! EasyPass
avast! Free Antivirus
CA Yahoo! Anti-Spy (remove only)
Canon MP Navigator 3.1
Canon MP140 series
Canon Utilities Easy-LayoutPrint
Canon Utilities Easy-PhotoPrint
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Centra Client
CyberLink DVD Suite Deluxe
DivX Setup
Driver Detective
Enregistrement utilisateur de Canon MP140 series
Facebook Video Calling 1.2.0.159
Free TV Radio
Galerie de photos Windows Live
Google Chrome
Google Update Helper
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Update
HPPhotoSmartPhotobookWebPack1
Installation Windows Live
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Module de compatibilité pour Microsoft Office System 2007
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
msvcrt_installer
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Outil de téléchargement Windows Live
Outils de diagnostic du matériel
Phonics Companion
Picasa 3
Power2Go
PowerDirector
PSSWCORE
Python 2.5
QuickTime 3.0
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.94
ScanSoft OmniPage SE 4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Skype Click to Call
Skype™ 5.8
SpeedTouch 330
Spelling Dictionaries Support For Adobe Reader 9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB PC Camera (ZS211)
VC80CRTRedist - 8.0.50727.6195
Version de démonstration de Microsoft Office Home and Student 2007
VideoToolkit01
Windows Live Call
Windows Live Communications Platform
Windows Live Contrôle parental
Windows Live FolderShare
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Toolbar
Windows Live Writer
WiseConvert Toolbar
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
ZHPDiag 1.31
.
==== End Of File ===========================
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22/07/2012 at 2:09:34.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe


Rkill completed on 22/07/2012 at 2:09:40.
 
ComboFix 12-07-21.01 - daphene 22/07/2012 2:14.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2036.1011 [GMT 2:00]
Lancé depuis: c:\users\daphene\Desktop\daphene.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\favoritevideo\InvisibleFolder\20100423150458_zhaopin100423jiao15s.gif
c:\favoritevideo\InvisibleFolder\20100610144608_ppliveshijiebei100610zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100610145021_pplivenvziwangqiu100610zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100624181647_nvziwangqiu100624zhu5s.swf
c:\favoritevideo\InvisibleFolder\20100628181546_tengfei100628zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100810151259_taobao100811zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100813174225_jingji100813zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100827103211_kubiwang100827zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100827103852_kubiwang100827zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100902163248_jingji100902zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100930152150_pptv100930zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101014160145_sasa101014jiao15s1.swf
c:\favoritevideo\InvisibleFolder\20101018182734_shoubiao101019zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101028150745_sasa101028zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101029114223_sasa101029cha15s.swf
c:\favoritevideo\InvisibleFolder\20101029175115_biyadi101029zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101029180124_biyadi101029jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20101104115357_sasa101104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101104135837_shenghuojia101104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101108143557_3mxinxueli101122zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101108143711_3mxinxueli101122zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101112103740_taobao101112cha15s.swf
c:\favoritevideo\InvisibleFolder\20101112141416_sasa101112cha2.swf
c:\favoritevideo\InvisibleFolder\20101112165425_tankedazhan101112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101112184905_tianyijue101112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101117100050_pinganchexian101117qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101118161832_kuowang101118zhu5s.swf
c:\favoritevideo\InvisibleFolder\20101119112613_xixun101105zhu15s.wmv
c:\favoritevideo\InvisibleFolder\20101119115856_taobao101119cha15sman.swf
c:\favoritevideo\InvisibleFolder\20101119120106_taobao101119cha15swoman.swf
c:\favoritevideo\InvisibleFolder\20101124180524_zuoxuan101124zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101125182742_lining101129zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101126174343_zhongguoliantong101129zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101126180350_huiyuan101126zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101130183135_aixinbaoguo101201zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101201141043_jujing101201yixingqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101202165626_yuandayiyuan101202cha15s.gif
c:\favoritevideo\InvisibleFolder\20101203150904_lining101204zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101203153518_liyijiujiuwang101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101203172801_qianjunpo101203zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101206174724_zuoxuan101206cha15s.swf
c:\favoritevideo\InvisibleFolder\20101207230205_fankong101208qipao.swf
c:\favoritevideo\InvisibleFolder\20101208123802_longze101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208141044_sanjieqiyuan101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208151716_lumi101208zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208154355_shijitiancheng101208zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101208184307_yuanda101208cha15s.gif
c:\favoritevideo\InvisibleFolder\20101208191023_tianjinyiqi101209zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101208191119_tianjinyiqi101209zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101209114035_airui101210zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101209184825_hudongbaike101210zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101210110326_tianjinyiqi101213cha15s.swf
c:\favoritevideo\InvisibleFolder\20101210151459_91wan101212zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101210154218_zhengtu2101211zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101214141308_lechi101221qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101214141935_zhoudafu101225zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101214142143_zhoudafu101215cha15s.jpg
c:\favoritevideo\InvisibleFolder\20101214174235_tianxiaer101222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101215114522_wopaiwang101215zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101215235231_bianfeng101216zanting.swf
c:\favoritevideo\InvisibleFolder\20101215235342_bianfeng101219qipao.swf
c:\favoritevideo\InvisibleFolder\20101216000731_yingjia101216qipao.gif
c:\favoritevideo\InvisibleFolder\20101216142728_lvsezhengtu101218zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101216151819_lvsezhengtu101218zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101216163549_taobao101217cha15s.swf
c:\favoritevideo\InvisibleFolder\20101216164159_taobao101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101216180507_wanmeishenmodalu101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101216180658_wanmeishenmodalu101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217100327_xiangganglvyouju101217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217145022_tianxiaer101217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217163710_baidushinianyijian101218zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217163844_baidushinianyijian101218zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217165615_dafuni101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101217165709_dafuni101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101217183731_caixin101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220113143_KFC101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220113337_KFC101220jaiobiao15s.swf
c:\favoritevideo\InvisibleFolder\20101220115046_sanling101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220141932_woyouwangluo101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220142055_woyouwangluo101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220144744_biyadi101223zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101220144923_biyadi101223cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220153904_sanchuanqipai101221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220163542_woyouwangluo101220bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101220164804_vip101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220164848_vip101220zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101220164851_eastpak101220zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220165121_eastpak101220zanting15s.gif
c:\favoritevideo\InvisibleFolder\20101220165333_eastpak101220cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220170858_pingan101220cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220171122_pingan101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220172306_pingan101220houtie.swf
c:\favoritevideo\InvisibleFolder\20101220172513_xiangganglvyouju101221jiao15s.swf
c:\favoritevideo\InvisibleFolder\20101220174642_dongfengrichan101220cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220174837_dongfengrichan101220zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220190303_taobao101221cha15s.swf
c:\favoritevideo\InvisibleFolder\20101220190358_taobao101221zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220190559_taobao101221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101220190717_taobao101221bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101220210403_shenguishijie101221zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101220210510_shenguishijie101221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101221112902_KFC101221jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20101221144017_taobao101222cha15s.swf
c:\favoritevideo\InvisibleFolder\20101221144242_taobao101222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101221145618_taobao101222zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101221153622_zhengtu101222zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101221173507_woyouwangluo101221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101221173934_woyouwangluo101221zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101221174112_woyouwangluo101221bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101221181252_ouliaoliao101222zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101222094001_shijitiancheng101222qipao15s.swf
c:\favoritevideo\InvisibleFolder\20101222094042_shijitiancheng101222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222113452_zhengtu101223zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222120626_zhengtu101224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222120709_zhengtu101225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101222133852_zhengtu101223zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230102637_tianxiaer110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230103922_tianyijue110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230110836_qinpeng101230zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230111302_wanmeishenmodalu101230zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101230142434_zhoudafu101230zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20101230142738_zhoudafu101230cha15s.jpg
c:\favoritevideo\InvisibleFolder\20101230161623_zhengtu2101231zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101230184802_shiqishidai101231zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231151726_pingan101231bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101231165505_oppo110101zhu15s.MP4
c:\favoritevideo\InvisibleFolder\20101231174418_moplongzhiren110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231174551_moplongzhiren110101zhu15syouxi.swf
c:\favoritevideo\InvisibleFolder\20101231175100_moplongzhiren110101zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231175304_moplongzhiren110102zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231175415_moplongzhiren110102zhu15syouxi.swf
c:\favoritevideo\InvisibleFolder\20101231180112_taobao110104cha15s.swf
c:\favoritevideo\InvisibleFolder\20101231180204_taobao110104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231180328_taobao110104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231192854_woyouwang110104bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20101231192955_woyouwang110104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231194942_shengui110101zanting15s.swf
c:\favoritevideo\InvisibleFolder\20101231195034_ruishishoubiao110101zhu15s.swf
c:\favoritevideo\InvisibleFolder\20101231201102_woyouwang110104zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110104094550_wanglaoji110104zanting15sps.swf
c:\favoritevideo\InvisibleFolder\20110104095524_wanglaoji110104cha15s.swf
c:\favoritevideo\InvisibleFolder\20110104095800_wanglaoji110104jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110104120819_wanglaoji110104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110104165621_ruishishoubiao110104zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110104175701_oulainuo110105qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110105145904_wanmeishenguishijie110108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110105150645_tianxiaer110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110105161556_taobao110106cha15s.swf
c:\favoritevideo\InvisibleFolder\20110105161646_taobao110106zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110105161746_taobao110106zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110105165459_juedifanji110105zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110105170002_tianyijue110106zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110105183141_juedifanji110105cha15s.swf
c:\favoritevideo\InvisibleFolder\20110105183309_juedifanji110105zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110106152512_shinianyijian110106zaiting15s.swf
c:\favoritevideo\InvisibleFolder\20110106163101_yaotiaoshunv110106zanting15s.gif
c:\favoritevideo\InvisibleFolder\20110106174326_tianshuqitan110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110106174458_tianshuqitan110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110106184633_oulainuo110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110106235116_fanrenxiuxian110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107113752_moptianshuqitan110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107113836_moptianshuqitan110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107115220_oulaiya110107zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110107142444_fanrenxiuzhen110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107144725_shinianyijian110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107151338_mengbasha110110jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110107152723_mengbasha110112cha15s.swf
c:\favoritevideo\InvisibleFolder\20110107155910_moplongzhiren110108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107155951_moplongzhiren110108zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107160835_moplongzhiren110109zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107161108_moplongzhiren110109zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107164044_guangyuwendao110108qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110107170852_woyouwangluo110107bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110107171232_woyouwangluo110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107175703_jiguang110108zanting15s1.swf
c:\favoritevideo\InvisibleFolder\20110107181602_taobao110108cha15s.swf
c:\favoritevideo\InvisibleFolder\20110107181653_taobao110108zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107181915_taobao110108zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107182656_taobao110110cha15s.swf
c:\favoritevideo\InvisibleFolder\20110107182758_taobao110110zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107182904_taobao110110zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107184650_jingjishijie110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107185314_nikang110107zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110107185441_nikang110107zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110107185901_yimeng110110zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110110150804_fenghuangchuanshuo110112zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110110151203_fenghuangchuanshuo110112cha15s.swf
c:\favoritevideo\InvisibleFolder\20110110161433_guangyuwendao110115qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110110161527_guangyuwendao110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110110174648_tianya110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110110184927_chenggefengshang110111bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110110185008_woyouwangluo110111zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110110185329_chenggefengshang110111zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110110230157_wpyou110111bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110111105058_wopaiwang110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111152957_shenguishijia110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111161918_yimengcaopanshou110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110111174507_juedifanji110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110111174706_juedifanji110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111174828_juedifanji110112cha15s.swf
c:\favoritevideo\InvisibleFolder\20110112095745_fankong110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112125033_ruishi110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112151008_bianfeng110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112151128_bianfeng101112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112160227_ruishishoubiao110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112160420_xiaogou110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112172412_tianxiaer110114zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112173519_anjisi110103zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110112173712_anjisi110113zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112182830_taobao110113cha15s.swf
c:\favoritevideo\InvisibleFolder\20110112182915_taobao110113zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110112183023_taobao110113zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113145421_sanguosha110114zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113145618_sanguosha110114zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110113152901_doufaxiuxian110113zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110113153747_doufa110113zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110113165903_qiantengwang110114zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110114093829_taobao110114cha15s.swf
c:\favoritevideo\InvisibleFolder\20110114105016_taobao110115cha15s.swf
c:\favoritevideo\InvisibleFolder\20110114105142_taobao110115zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110114105528_taobao110115zhu15s1.swf
c:\favoritevideo\InvisibleFolder\20110114144843_ffanrenxiuxian110115zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110114145026_fanrenxiuxian110115zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110114164529_miaoxiandao110117qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110114175916_baokuang.swf
c:\favoritevideo\InvisibleFolder\20110117111638_wopaiwang110117zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110117170905_yimaishang110118zhu8s.swf
c:\favoritevideo\InvisibleFolder\20110117171735_jinshan110120zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110117171818_jinshan110120zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110117183157_juedifanji110118zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118135104_shilijia110118zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118135212_shilijia110118cha15s.swf
c:\favoritevideo\InvisibleFolder\20110118151616_guangyu110122qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110118152610_guangyuwendao110119zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110118173357_maoxiandao110119zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110119150345_shinianyijian110120zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110119151040_shinianyijian110120zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110119171326_wanglaoji110120zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110119172009_wanglaoji110120cha15s.swf
c:\favoritevideo\InvisibleFolder\20110119173551_wanglaoji110120jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110119174611_lumi110119zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110119222239_aiyaya110120zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110119222340_aiyaya110120jiao15s.png
c:\favoritevideo\InvisibleFolder\20110120105306_aiyaya110120ajiaobiao.png
c:\favoritevideo\InvisibleFolder\20110120175139_hanmei110121zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110121125809_aiyaya110121jiaobiao.png
c:\favoritevideo\InvisibleFolder\20110121130405_aiyay110121zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110124103209_hainanhangkong110124zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110124114904_aiyaya110124zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110125092435_aiyaya110125jiaobiao1.JPG
c:\favoritevideo\InvisibleFolder\20110125153233_huiyuan110125zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110125223521_shijitiancheng110127zanting15a.swf
c:\favoritevideo\InvisibleFolder\20110126134515_hudongbaike110126zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110126140202_tianyayouxi110126zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110126140419_tianyayouxi110126zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110127115622_huiyuan110127zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110127135839_mengsanguo110128zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110127140610_mengsanguo110128zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110127191719_anjisi110128zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110127191826_anjisi110128zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110128091826_tiandiyinigxiong110128zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110128092246_tiandiyingxiong110128zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110128115751_moyu110204zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110128141758_aiyaya110128jiaobiao.JPG
c:\favoritevideo\InvisibleFolder\20110128170117_wopaiwang110128zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110128172504_panpan110201jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20110128193852_guangqi110201zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110128194022_guangqi110201cha15s.swf
c:\favoritevideo\InvisibleFolder\20110129144448_wendao110131zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110131173248_huiyuan110201cha15sred.swf
c:\favoritevideo\InvisibleFolder\20110131173406_huiyuan110201cha15sor.swf
c:\favoritevideo\InvisibleFolder\20110131173528_huiyuan110201zanting15sred.swf
c:\favoritevideo\InvisibleFolder\20110131173635_huiyuan110201zanting15sor.swf
c:\favoritevideo\InvisibleFolder\20110131174053_huiyuan110201jiao15sred.swf
c:\favoritevideo\InvisibleFolder\20110131174155_huiyuan110201jiao15sor.swf
c:\favoritevideo\InvisibleFolder\20110209170756_wanglaoji110210jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110209170954_wanglaoji110210zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110209171115_wanglaoji110210cha15s.swf
c:\favoritevideo\InvisibleFolder\20110210183244_honghuang110210zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110211143720_tianxiaer110211zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110212182422_wanzaimatou110213zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110212212316_tianxiaer110214zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110215153818_maoxiandao110216qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110215164620_xiaochunzaixian110215zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110215165250_xiaochunzaixian110215zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110215171948_wendao110215zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110215172746_zuoxuan110215zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110215172900_zuoxuan110215qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110215213657_shijitiancheng110218zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110217104419_fanrenxiuzhen110217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110217115936_51job110217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110217121204_51job110301zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110217145723_fanrenxiuzhen110217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110217153032_ganjiwang110217zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110217153640_ganjiwang110217bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110217173218_zuoxuan110217zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110218182706_maiwang110221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110218185055_yimeng110218zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110221162855_taobao110221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110221163330_taobao110221zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110221163558_taobao110221cha15s.swf
c:\favoritevideo\InvisibleFolder\20110221185002_lvshou110221zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110222160721_zhengtumianfei110224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110222160855_zhengtumianfei110225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110222161225_zhengtumianfei110224qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110222180543_xiaochunzaixiang110222zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110222180855_xiaochunzaixian110222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110223084615_hongghuang110222zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110224101138_haoya110224zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110224101426_suning110224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110224112519_pinju110224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110224164100_hudongbaike110225zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20110224180735_aotuma110224zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110225130901_aotuma110225zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110225193446_kaixinwang110228qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110228135210_diguowenming110228zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110228180846_lanmiu110301cha15s.swf
c:\favoritevideo\InvisibleFolder\20110228181112_lanmiu110301zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110228181432_lanmiu110301zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110301100228_diguowenming110301zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110301104224_gaopeng110301zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110301141520_taohuawang110301bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110301142105_taohuawang110301zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110301184330_guangyu110302zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110301214329_aojian110302zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110302131501_jiarenmeizhuang110302zt.jpg
c:\favoritevideo\InvisibleFolder\20110302155337_maiwang110303bkqipao.swf
c:\favoritevideo\InvisibleFolder\20110302160427_maiwang110303zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110302161027_maiwang110303zhanting15s.swf
c:\favoritevideo\InvisibleFolder\20110302161314_maiwang110303zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110303155639_n8110303zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110303170427_letaoqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110303170728_letao110304cha15s.swf
c:\favoritevideo\InvisibleFolder\20110303170943_letao110304zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110303181200_maibaobao110304zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110303182716_zhengtu2110304zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110304165815_xianyu110307zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110304172051_zhengtu110305zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110304173215_xiaochunzaixian110304zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110304173904_xiaochunzaixian110304zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110304175623_caipiao110304zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110304180136_yimeng110305zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110304180331_yimeng110305zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110304181859_lanmiu110305zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110304182301_lanmiu110305cha15s.swf
c:\favoritevideo\InvisibleFolder\20110304183724_letao110305qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110304184535_rexueshijie110307zanting15s.gif
c:\favoritevideo\InvisibleFolder\20110304194245_baomashouji110304zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110305114814_jianeng100307zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110306131502_tiandiyingxiong110306zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110307170537_maiwang110308zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110307170949_maiwang110308zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110307171614_xiaochunzaixian110307zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110307171753_xiaochuzaixian110307zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110308141033_chuangshixiyou110313zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110308141136_chuangshixiyou110309bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110310213303_xiyou110311zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311134354_yaodian100110311cha15s.swf
c:\favoritevideo\InvisibleFolder\20110311163707_shoubiao110311zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311180028_qiangxianwang110312zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311180615_huanxiangshidaixiyou110312zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110311181215_chuangshixiyou110313zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110311181537_bmw110311zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110311212019_tankeshijie110313zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110311213731_redaifengbao110312zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110314170021_sasa110314cha15s.swf
c:\favoritevideo\InvisibleFolder\20110315215843_fanren110316zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110316181043_fanrenxiuxian110317zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110316182151_tankeshijie110317zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110316195754_wushen110317zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110316215945_alibaba110317zhu8s.swf
c:\favoritevideo\InvisibleFolder\20110316220133_alibaba110317cha15s.swf
c:\favoritevideo\InvisibleFolder\20110316220239_alibaba110317zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110316221307_caipiao110316bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110317141854_yichuanmei110317qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110317145935_tianlongbabu110318zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110317175626_chuangshixiyou110318bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110317191220_fanrenxiuxian110318zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110317221838_tanke110318zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110319234532_xingji110320zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110322171242_maiwang110323zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110329160235_xunyou110330zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110331144844_vasshinianyijian110401bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110331165954_guangfayinhang110401zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110331191123_91wan110401qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110331204249_24quan110401cha15s.swf
c:\favoritevideo\InvisibleFolder\20110401155430_guanyingshan110403zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110401183802_aifangwang110406jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110402135808_lanmiu110403zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110402231225_gaopeng110403zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110403001032_zhengtu110405zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110403205605_caipiao110403zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110403211409_doufaxiuxian110404bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110406172826_xingji110406zhu15s1.swf
c:\favoritevideo\InvisibleFolder\20110407154517_maiwang110408zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408174809_souhuweibo110409qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110408214743_dell110411zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110409160658_zhengtu110411zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110411163057_maiwang110412zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110412140526_haiyang110412zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110412161939_shushanshenhua110414qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110412185727_maibaobao110413zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110414133913_lanqiu110414zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110414170055_tianxi110415qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110414173246_maiwang110414zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110414190209_51job110415zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110414190306_pangukaitian110415zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110414190513_pangukaitian110415zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110415151859_changhong110418zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110415175204_tianxi110416zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110416210637_fanrenxiuzhen110417zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110418155817_Lacoste110418cha15s.swf
c:\favoritevideo\InvisibleFolder\20110418173558_pangu110419zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110418174651_feixue110419zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110419161102_maibaobao110419zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110419175755_zuoxuan110420zhu15s.gif
c:\favoritevideo\InvisibleFolder\20110419201457_xinlang110420zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110419211259_yingxiongyuanzheng110420zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110420180759_qiannvyouhun110421zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110420191022_fangbushengfang110420zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110421000617_suning110421bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110421132719_xinlangchezhan110421zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110421162753_1haodian110421qipao.swf
c:\favoritevideo\InvisibleFolder\20110421190458_pptv110421zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110421200407_woyouwang110418zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110423205824_shenghuojia110425ikanback.swf
c:\favoritevideo\InvisibleFolder\20110423215754_xianxiafengyun110424zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110425221051_moyu110426zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110426181634_guomei110428jiao15s.swf
c:\favoritevideo\InvisibleFolder\20110426215329_honghuang110426cha15s.swf
c:\favoritevideo\InvisibleFolder\20110427104353_dangdangwang110427zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110427134130_sinaweibo110427zanting.swf
c:\favoritevideo\InvisibleFolder\20110427144754_vip110428zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110427145940_V1tuan110427zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110427151349_vip110427zhu15s.jpg
c:\favoritevideo\InvisibleFolder\20110427160806_kangshifu110428zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110427161021_kangshifu110428cha15s.swf
c:\favoritevideo\InvisibleFolder\20110427161416_maiwang110428zanting.swf
c:\favoritevideo\InvisibleFolder\20110427163112_maibaobao110428zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110427163243_maibaobao110428zanting.swf
c:\favoritevideo\InvisibleFolder\20110427163412_maibaobao110428cha15s.swf
c:\favoritevideo\InvisibleFolder\20110427172016_hudongbaike110427zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110427172425_moshoushijie110502zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110427202738_yihaodian110428jiao15s.swf
c:\favoritevideo\InvisibleFolder\admodule.dll
c:\favoritevideo\InvisibleFolder\condisp.dll
c:\favoritevideo\InvisibleFolder\externtab(1.0.0.7).zip
c:\favoritevideo\InvisibleFolder\mir.dll
c:\favoritevideo\InvisibleFolder\peer(0).dll
c:\favoritevideo\InvisibleFolder\peer(1).dll
c:\favoritevideo\InvisibleFolder\peer(2).dll
c:\favoritevideo\InvisibleFolder\peer(3).dll
c:\favoritevideo\InvisibleFolder\peer.dll
c:\favoritevideo\InvisibleFolder\pplss2.swf
c:\favoritevideo\InvisibleFolder\ppp.dll
c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0031_s.exe
c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0032_s.exe
c:\favoritevideo\InvisibleFolder\uilib.dll
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\arwDwn.gif
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\ae.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\bg.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\ch.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\cn.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\cz.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\de.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\eg.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\en.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\es.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\fr.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\gr.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\he.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\il.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\it.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\ja.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\jp.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\nl.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\no.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\pl.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\pt.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\ro.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\ru.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\sa.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\se.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\sv.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\tr.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\ua.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\flgs\us.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\help_16.gif
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\home.gif
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\icon_seperator.png
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\logo.PNG
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\privecy_16_hot.gif
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\specialoffer.gif
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\imgs\tellafriend.gif
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\searchya.css
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\content\searchya.xul
c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@searchya.com\install.rdf
c:\users\daphene\AppData\Roaming\OfferBox\config.xml
c:\users\maxime\AppData\Roaming\OfferBox\config.xml
c:\windows\security\Database\tmp.edb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a196ca26420e2541.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d06e05a0bbbb6bb5.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
 
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-22 au 2012-07-22 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-22 01:27 . 2012-07-22 01:27 -------- d-----w- C:\_OTL
2012-07-22 00:26 . 2012-07-22 00:26 -------- d-----w- c:\users\daphene\AppData\Local\temp
2012-07-22 00:26 . 2012-07-22 00:26 -------- d-----w- c:\users\maxime\AppData\Local\temp
2012-07-22 00:26 . 2012-07-22 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 00:01 . 2012-07-22 00:01 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79D816C2-56B7-46D0-A951-F61FA4F17F0A}\offreg.dll
2012-07-21 23:11 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79D816C2-56B7-46D0-A951-F61FA4F17F0A}\mpengine.dll
2012-07-21 20:58 . 2012-07-21 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 20:58 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 20:28 . 2012-07-21 20:28 -------- d-----w- c:\programdata\RoboForm
2012-07-21 20:27 . 2012-07-21 20:27 -------- d-----w- c:\program files\Siber Systems
2012-07-21 20:25 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-21 20:25 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-21 20:25 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-21 20:25 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-21 20:25 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-21 20:25 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-21 20:23 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-21 20:23 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-21 20:23 . 2012-07-21 20:23 -------- d-----w- c:\programdata\AVAST Software
2012-07-21 20:23 . 2012-07-21 20:23 -------- d-----w- c:\program files\AVAST Software
2012-07-11 12:56 . 2012-07-21 23:58 -------- d-----w- c:\windows\system32\DBBK
2012-07-11 12:56 . 2012-03-22 16:17 225664 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
2012-07-11 12:56 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
2012-07-11 12:56 . 2012-01-17 20:55 27528 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
2012-07-11 12:56 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
2012-07-11 12:56 . 2012-01-17 20:55 59272 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
2012-07-11 12:56 . 2012-01-17 20:55 20744 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
2012-07-11 12:56 . 2010-05-04 01:37 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
2012-07-08 19:37 . 2012-07-09 19:54 -------- d-----w- C:\ZHP
2012-07-08 19:37 . 2012-07-09 19:54 -------- d-----w- c:\program files\ZHPDiag
2012-07-08 16:01 . 2012-07-08 16:34 -------- d-----w- C:\FRST
2012-07-07 15:50 . 2012-07-07 15:50 -------- d-----w- c:\program files\Conduit
2012-07-07 15:50 . 2012-07-07 15:50 -------- d-----w- c:\users\daphene\AppData\Local\Conduit
2012-07-07 15:50 . 2012-07-07 15:50 -------- d-----w- c:\program files\WiseConvert
2012-07-07 13:05 . 2012-07-07 13:05 -------- d-----w- c:\program files\VS Revo Group
2012-07-07 13:04 . 2012-07-07 13:04 -------- d-----w- c:\users\daphene\AppData\Roaming\Malwarebytes
2012-07-07 13:04 . 2012-07-07 13:04 -------- d-----w- c:\programdata\Malwarebytes
2012-07-07 12:52 . 2012-07-07 18:14 -------- d-----w- c:\program files\CCleaner
2012-07-07 11:00 . 2012-07-07 11:00 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-07-05 22:55 . 2012-02-09 12:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA5E48EF-0547-462B-AE3F-F9252F8E6A7D}\gapaengine.dll
2012-07-05 22:53 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-05 22:52 . 2012-07-05 22:52 -------- d--h--w- c:\windows\msdownld.tmp
2012-07-04 10:32 . 2012-07-04 10:32 -------- d-----w- C:\rei
2012-07-04 10:32 . 2012-07-04 10:32 -------- d-----w- c:\program files\Reimage
2012-07-04 10:11 . 2012-07-05 22:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-03 18:54 . 2012-07-03 18:54 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-23 17:30 . 2012-06-23 17:30 -------- d-----w- c:\users\daphene\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 15:19 . 2012-03-30 09:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 15:19 . 2011-05-21 09:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 12:00 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 12:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 12:00 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 11:59 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 11:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-29 07:05 . 2012-05-29 07:05 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B40AB41F-4AB8-436C-A6DB-8ACA15A107CF}\offreg.dll
2012-05-27 13:50 . 2008-03-26 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-17 22:45 . 2012-06-16 08:01 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35 . 2012-06-16 08:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35 . 2012-06-16 08:01 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29 . 2012-06-16 08:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24 . 2012-06-16 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 19:51 . 2012-06-15 15:47 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-08 16:40 . 2012-05-29 06:21 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B40AB41F-4AB8-436C-A6DB-8ACA15A107CF}\mpengine.dll
2012-05-01 14:03 . 2012-06-15 15:47 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-15 15:48 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-15 15:48 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-23 16:00 . 2012-06-15 15:48 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-02-17 15:41 . 2011-09-15 13:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
2011-05-09 08:49 176936 ----a-w- c:\program files\WiseConvert\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-21 96056]
"Facebook Update"="c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-21 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]
2008-06-30 21:23 557149 ----a-w- c:\program files\Thomson\ST330\diagnostics\diagnostics.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2007-04-13 02:46 49152 ----a-w- c:\windows\Domino.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-21 21:25 138096 ----atw- c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-03-25 15:07 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-01-12 10:21 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2009-08-05 09:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-03-25 15:07 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 19:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 15:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 10:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-03-25 15:07 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-03 09:27 6266880 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 01:56 54936 ----a-w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-27 13:50 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
2007-04-13 02:46 57344 ----a-w- c:\windows\ZSSnp211.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:19]
.
2012-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000Core.job
- c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 21:25]
.
2012-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000UA.job
- c:\users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-03 21:25]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 13:47]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 13:47]
.
2012-07-21 c:\windows\Tasks\HPCeeScheduleFordaphene.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-03-26 11:10]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/search?hl=fr&q=++&meta=
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://fr.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show avast! EasyPass Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|http://my.ebay.co.uk/ws/eBayISAPI.d...S/firefox/search/?q=ixquick&appver=&platform=
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cd192d3&v=7.005.030.004&I=23&tp=ab&iy=b&ychte=fr&lng=en-US&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-96833962.sys
MSConfigStartUp-PPAP - c:\program files\Common Files\PPLiveNetwork\PPAP.EXE
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 02:26
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{00000000-0593-4356-9CF7-1D8C2B3343C0}"=hex:51,66,7a,6c,4c,1d,38,12,6e,03,13,
04,a1,4b,38,06,e3,e1,5e,cc,2e,6d,07,d4
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{25BC7718-0BFA-40EA-B381-4B2D9732D686}"=hex:51,66,7a,6c,4c,1d,38,12,76,74,af,
21,c8,45,84,05,cc,97,08,6d,92,6c,92,92
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA}"=hex:51,66,7a,6c,4c,1d,38,12,73,d4,59,
48,d3,1c,6c,01,e1,4d,88,bc,2c,00,8d,ae
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:26,f7,ff,3c,32,26,cd,01
.
Heure de fin: 2012-07-22 02:31:19
ComboFix-quarantined-files.txt 2012-07-22 00:31
.
Avant-CF: 151 668 916 224 octets libres
Après-CF: 151 567 216 640 octets libres
.
- - End Of File - - 875FC6CC8134472D6AD943C39BADC454
 
It's almost 2 am....thanks so much for being super patient and supportive. I'll be back after catching some Zzzzs....
You ROCK :-°(y)
 
Looks good :)

Any current issues?

==================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL Extras logfile created on: 22/07/2012 12:01:38 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\daphene\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,21% Memory free
4,21 Gb Paging File | 2,88 Gb Available in Paging File | 68,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,91 Gb Total Space | 141,74 Gb Free Space | 63,58% Space Free | Partition Type: NTFS
Drive D: | 9,97 Gb Total Space | 1,35 Gb Free Space | 13,55% Space Free | Partition Type: NTFS
Drive J: | 3,76 Gb Total Space | 2,28 Gb Free Space | 60,81% Space Free | Partition Type: FAT32

Computer Name: PC-DE-DAPHENE | User Name: daphene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 
"FirewallDisableNotify" = 0
"FirewallOverride" = 
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230B83A5-7D88-4B95-B71E-F44C0C78B002}" = Windows Live Movie Maker
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{38470B46-9BF1-40AE-A588-F6AD6D1C2D42}" = Free TV Radio
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = USB PC Camera (ZS211)
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6068A42A-C1CF-45F2-9859-5DB16287FE5D}" = msvcrt_installer
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9D6524E6-15CF-4852-BF70-04FE973A3DE1}" = Windows Live Toolbar
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}" = Windows Live Contrôle parental
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = avast! EasyPass
"avast" = avast! Free Antivirus
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner
"CentraClient" = Centra Client
"DivX Setup" = DivX Setup
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Enregistrement utilisateur de Canon MP140 series" = Enregistrement utilisateur de Canon MP140 series
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"OfficeTrial" = Version de démonstration de Microsoft Office Home and Student 2007
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Outils de diagnostic du matériel
"Phonics Companion" = Phonics Companion
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007 Trial
"QuickTime 3.0" = QuickTime 3.0
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.94
"SpeedTouch 330" = SpeedTouch 330
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Installation Windows Live
"WiseConvert Toolbar" = WiseConvert Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"ZHPDiag_is1" = ZHPDiag 1.31

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21/07/2012 20:28:09 | Computer Name = PC-de-daphene | Source = Windows Search Service | ID = 3013
Description =

Error - 21/07/2012 20:29:19 | Computer Name = PC-de-daphene | Source = Windows Search Service | ID = 3013
Description =

Error - 21/07/2012 20:29:19 | Computer Name = PC-de-daphene | Source = Windows Search Service | ID = 3013
Description =

Error - 21/07/2012 20:30:02 | Computer Name = PC-de-daphene | Source = Windows Search Service | ID = 3013
Description =

Error - 21/07/2012 20:30:02 | Computer Name = PC-de-daphene | Source = Windows Search Service | ID = 3013
Description =

Error - 21/07/2012 20:32:21 | Computer Name = PC-de-daphene | Source = Windows Search Service | ID = 3013
Description =

Error - 21/07/2012 20:37:06 | Computer Name = PC-de-daphene | Source = Application Error | ID = 1000
Description = Application défaillante WLXQuickTimeControlHost.exe, version 14.0.8117.416,
horodatage 0x4bc95684, module défaillant QuickTime.qts, version 3.0.0.116, horodatage
0x351af0fc, code d’exception 0xc0000005, décalage d’erreur 0x002b6f6e, ID du processus
0xaa8, heure de début de l’application 0x01cd67a21cfd16d4.

Error - 21/07/2012 21:02:29 | Computer Name = PC-de-daphene | Source = MsiInstaller | ID = 10005
Description =

Error - 21/07/2012 21:02:29 | Computer Name = PC-de-daphene | Source = MsiInstaller | ID = 1024
Description =

Error - 22/07/2012 05:57:01 | Computer Name = PC-de-daphene | Source = Application Error | ID = 1000
Description = Application défaillante plugin-container.exe, version 10.0.2.4428,
horodatage 0x4f3cdac0, module défaillant NPSWF32_11_3_300_262.dll_unloaded, version
0.0.0.0, horodatage 0x4fe21212, code d’exception 0xc0000005, décalage d’erreur
0x65cd9973, ID du processus 0x8f0, heure de début de l’application 0x01cd67ef9716d05e.

[ System Events ]
Error - 21/07/2012 20:00:11 | Computer Name = PC-de-daphene | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 01:58:39 le 22/07/2012 n'était pas prévu.

Error - 21/07/2012 20:01:48 | Computer Name = PC-de-daphene | Source = Service Control Manager | ID = 7026
Description =

Error - 21/07/2012 20:02:32 | Computer Name = PC-de-daphene | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890

Name:
Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\DBBK\8737764F4FD36D6808EE80578409C843

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: AUTORITE NT\SYSTEM

Process
Name: Unknown Action: %%810 Action Status: To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: Ce programme est bloqué
par la stratégie de groupe. Pour plus d'informations, contactez votre administrateur
système. Signature Version: AV: 1.131.405.0, AS: 1.131.405.0, NIS: 11.159.0.0 Engine
Version: AM: 1.1.8601.0, NIS: 2.0.8001.0

Error - 21/07/2012 20:13:50 | Computer Name = PC-de-daphene | Source = Service Control Manager | ID = 7030
Description =

Error - 21/07/2012 20:21:55 | Computer Name = PC-de-daphene | Source = Service Control Manager | ID = 7030
Description =

Error - 21/07/2012 20:26:34 | Computer Name = PC-de-daphene | Source = Service Control Manager | ID = 7030
Description =

Error - 21/07/2012 20:49:52 | Computer Name = PC-de-daphene | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Erreur non spécifiée Reason: %%838

Error - 21/07/2012 21:02:34 | Computer Name = PC-de-daphene | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 22/07/2012 05:47:23 | Computer Name = PC-de-daphene | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 11:44:25 le 22/07/2012 n'était pas prévu.

Error - 22/07/2012 05:50:12 | Computer Name = PC-de-daphene | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890

Name:
Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\Windows\System32\DBBK\8737764F4FD36D6808EE80578409C843

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: AUTORITE NT\SYSTEM

Process
Name: Unknown Action: %%810 Action Status: To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: Ce programme est bloqué
par la stratégie de groupe. Pour plus d'informations, contactez votre administrateur
système. Signature Version: AV: 1.131.405.0, AS: 1.131.405.0, NIS: 11.159.0.0 Engine
Version: AM: 1.1.8601.0, NIS: 2.0.8001.0


< End of report >
 
OTL logfile created on: 22/07/2012 12:01:38 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\daphene\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,21% Memory free
4,21 Gb Paging File | 2,88 Gb Available in Paging File | 68,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,91 Gb Total Space | 141,74 Gb Free Space | 63,58% Space Free | Partition Type: NTFS
Drive D: | 9,97 Gb Total Space | 1,35 Gb Free Space | 13,55% Space Free | Partition Type: NTFS
Drive J: | 3,76 Gb Total Space | 2,28 Gb Free Space | 60,81% Space Free | Partition Type: FAT32

Computer Name: PC-DE-DAPHENE | User Name: daphene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 11:55:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\daphene\Downloads\OTL.exe
PRC - [2012/07/21 22:27:15 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/07/03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/30 23:23:22 | 000,581,632 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\ST330\service\st330service.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/07/03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/23 17:19:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/06/30 23:23:22 | 000,581,632 | ---- | M] () [Auto | Running] -- C:\Program Files/Thomson/ST330/service/st330service.exe -- (st330service)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\daphene\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/07/03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/17 22:55:36 | 000,059,272 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\DasBootF.SYS -- (DasBootF)
DRV - [2012/01/17 22:55:34 | 000,020,744 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\DasBoot.SYS -- (DasBoot)
DRV - [2008/06/30 23:23:21 | 000,040,320 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\steth.sys -- (STETH)
DRV - [2008/06/30 23:23:21 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\st330.sys -- (ST330)
DRV - [2008/06/30 23:23:21 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stbus.sys -- (STBUS)
DRV - [2007/10/03 18:18:12 | 000,099,840 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/13 04:46:00 | 001,469,184 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZS211.sys -- (ZSMC211) ZSMC USB PC Camera (ZS211)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{391EC5ED-FAB8-4645-80EC-66E3E1D3E972}: "URL" = http://fr.kelkoopartners.net/ctl/do...e&x=true&y=true&partner=hp&partnerId=96913932
IE - HKLM\..\SearchScopes\{99C0E773-E2BB-4133-B058-31CDDA3B8805}: "URL" = http://slirsredirect.search.aol.com...archTerms}&invocationType=tb50hpcndtie7-fr-fr
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/search?hl=fr&q=++&meta=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {EFA4CECC-9F8E-4451-8450-1157FC0FAA67}
IE - HKCU\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
IE - HKCU\..\SearchScopes\{843E540A-079E-4785-AE77-8FF08B02F171}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...3113eee14b0&lang=us&ds=AVG&pr=fr&d=2011-12-06 09:54:39&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\..\SearchScopes\{EFA4CECC-9F8E-4451-8450-1157FC0FAA67}: "URL" = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.defaulturl: "http://fr.search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=...S/firefox/search/?q=ixquick&appver=&platform="
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: freetvradio@spointer.com:3.0.1474.124
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cd192d3&v=7.005.030.004&I=23&tp=ab&iy=b&ychte=fr&lng=en-US&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\daphene\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\freetvradio@spointer.com: C:\Program Files\freeTVRadio\spointer\extensions\freetvradio@spointer.com [2010/10/29 21:41:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/29 21:44:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/06 01:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/21 22:24:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/07/21 22:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 09:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/27 15:51:48 | 000,000,000 | ---D | M]

[2008/06/30 23:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daphene\AppData\Roaming\mozilla\Extensions
[2012/07/22 01:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daphene\AppData\Roaming\mozilla\Firefox\Profiles\hpb4mssk.default\extensions
[2011/03/10 18:18:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\daphene\AppData\Roaming\mozilla\Firefox\Profiles\hpb4mssk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/26 11:03:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\daphene\AppData\Roaming\mozilla\Firefox\Profiles\hpb4mssk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(15)
[2012/05/19 12:16:09 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\daphene\AppData\Roaming\mozilla\Firefox\Profiles\hpb4mssk.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012/02/05 21:39:15 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\daphene\AppData\Roaming\mozilla\Firefox\Profiles\hpb4mssk.default\extensions\ffxtlbr@babylon.com
[2011/10/09 19:53:33 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Users\daphene\AppData\Roaming\mozilla\Firefox\Profiles\hpb4mssk.default\extensions\fr-moderne@dictionaries.addons.mozilla.org
[2009/09/20 15:09:20 | 000,002,163 | ---- | M] () -- C:\Users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\searchplugins\bing.xml
[2010/11/01 14:33:06 | 000,002,559 | ---- | M] () -- C:\Users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\searchplugins\fissa.xml
[2012/02/20 14:10:42 | 000,002,484 | ---- | M] () -- C:\Users\daphene\AppData\Roaming\Mozilla\Firefox\Profiles\hpb4mssk.default\searchplugins\ixquick.xml
[2012/07/21 23:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/04/16 10:13:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/08/15 01:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2012/07/21 22:24:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/02/29 21:44:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/02/17 17:41:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/12/15 17:17:07 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCentraUpdater.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/27 15:50:52 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/04/29 20:01:51 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/05 21:35:31 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/02 18:38:21 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/02 18:38:21 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Interest Recognizer for Freetvradio (Enabled) = C:\Users\daphene\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohnlejpdjjmpndgdpcicjiajhmgeoma\3.0.1474.124_0\freetvradio_air_chrome.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Centra Updater Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCentraUpdater.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\daphene\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\daphene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\daphene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\daphene\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\daphene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\daphene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Interest Recognizer for Freetvradio = C:\Users\daphene\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohnlejpdjjmpndgdpcicjiajhmgeoma\3.0.1474.124_0\
CHR - Extension: Gmail = C:\Users\daphene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/22 01:36:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\daphene\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6842C249-F4A1-4611-B850-D4CFED67C3E2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\daphene\Pictures\Picasa\Montages\Montages.jpg
O24 - Desktop BackupWallPaper: C:\Users\daphene\Pictures\Picasa\Montages\Montages.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/27 01:12:52 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 03:27:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/22 03:12:09 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/22 03:03:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/22 03:03:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/22 03:03:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/22 03:03:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/22 03:03:00 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/22 03:02:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/22 03:02:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/22 03:02:29 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2012/07/22 02:31:21 | 000,000,000 | ---D | C] -- C:\Users\daphene\AppData\Local\temp
[2012/07/22 02:29:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/22 02:12:15 | 000,000,000 | ---D | C] -- C:\daphene.exe
[2012/07/22 02:05:08 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\daphene\Desktop\daphene.exe.exe
[2012/07/21 22:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/21 22:58:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/21 22:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/21 22:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2012/07/21 22:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! EasyPass
[2012/07/21 22:27:37 | 000,000,000 | ---D | C] -- C:\Users\daphene\Documents\My Avast EasyPass Data
[2012/07/21 22:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2012/07/21 22:25:20 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/21 22:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/21 22:25:19 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/21 22:25:16 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/21 22:25:15 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/21 22:25:14 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/21 22:25:10 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/21 22:23:53 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/21 22:23:51 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/21 22:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/21 22:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/21 19:01:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/21 12:58:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/11 14:56:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\DBBK
[2012/07/08 21:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2012/07/08 21:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2012/07/08 21:37:12 | 000,000,000 | ---D | C] -- C:\ZHP
[2012/07/08 18:01:05 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/07 17:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/07/07 17:50:07 | 000,000,000 | ---D | C] -- C:\Users\daphene\AppData\Local\Conduit
[2012/07/07 17:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\WiseConvert
[2012/07/07 15:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/07/07 15:05:57 | 000,000,000 | ---D | C] -- C:\Users\daphene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/07/07 15:04:40 | 000,000,000 | ---D | C] -- C:\Users\daphene\AppData\Roaming\Malwarebytes
[2012/07/07 15:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/07 14:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/07 13:00:22 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2012/07/06 23:25:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/06 23:25:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/06 23:25:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/06 23:24:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/04 12:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2012/07/04 12:32:53 | 000,000,000 | ---D | C] -- C:\rei
[2012/07/04 12:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2012/07/04 12:11:17 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/03 20:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/23 19:30:08 | 000,000,000 | ---D | C] -- C:\Users\daphene\AppData\Local\Macromedia
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/22 11:55:11 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 11:49:36 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/22 11:47:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 11:47:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 11:47:55 | 000,395,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/22 11:47:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 11:45:39 | 2136,137,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/22 11:45:38 | 218,712,765 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/22 02:30:05 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000UA.job
[2012/07/22 02:18:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 01:36:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/22 00:54:16 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\daphene\Desktop\daphene.exe.exe
[2012/07/22 00:12:57 | 000,024,576 | ---- | M] () -- C:\Users\daphene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/21 23:30:40 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509705252-2750708441-1710655355-1000Core.job
[2012/07/21 22:25:10 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/07/21 21:23:04 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordaphene.job
[2012/07/07 20:24:44 | 000,001,063 | ---- | M] () -- C:\Users\daphene\Desktop\Revo Uninstaller.lnk
[2012/07/07 13:00:22 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2012/07/06 23:19:26 | 000,005,892 | ---- | M] () -- C:\Users\daphene\AppData\Local\d3d9caps.dat
[2012/07/03 20:54:40 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/03 20:54:16 | 000,680,904 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/07/03 20:54:16 | 000,597,898 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/03 20:54:16 | 000,127,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/07/03 20:54:16 | 000,104,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/23 17:19:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/23 17:19:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/22 01:58:33 | 2136,137,728 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/11 14:56:44 | 000,225,664 | ---- | C] () -- C:\Windows\System32\drivers\DasBootS.SYS
[2012/07/11 14:56:44 | 000,059,272 | ---- | C] () -- C:\Windows\System32\drivers\DasBootF.SYS
[2012/07/11 14:56:44 | 000,027,528 | ---- | C] () -- C:\Windows\System32\drivers\DasBootK.SYS
[2012/07/11 14:56:44 | 000,020,744 | ---- | C] () -- C:\Windows\System32\drivers\DasBoot.SYS
[2012/07/11 14:56:44 | 000,009,096 | ---- | C] () -- C:\Windows\System32\drivers\DasBootI.SYS
[2012/07/11 14:56:44 | 000,009,096 | ---- | C] () -- C:\Windows\System32\drivers\DasBootE.SYS
[2012/07/11 14:56:44 | 000,003,072 | ---- | C] () -- C:\Windows\System32\drivers\DasBootD.SYS
[2012/07/07 20:24:44 | 000,001,063 | ---- | C] () -- C:\Users\daphene\Desktop\Revo Uninstaller.lnk
[2012/07/06 23:25:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/06 23:25:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/06 23:25:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/06 23:25:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/06 23:25:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/03 20:54:28 | 000,001,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/20 16:59:56 | 000,000,702 | ---- | C] () -- C:\Users\daphene\.jscreenfix.licence
[2011/09/15 15:23:23 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/07/02 11:32:50 | 000,027,136 | ---- | C] () -- C:\Windows\System32\QTUninst.dll
[2011/05/27 14:05:02 | 000,468,027 | ---- | C] () -- C:\Users\daphene\La Poste Letters.pdf
[2011/05/26 17:45:32 | 000,670,518 | ---- | C] () -- C:\Users\daphene\Colissimo.pdf
[2010/12/20 15:35:35 | 000,000,664 | RHS- | C] () -- C:\Users\daphene\ntuser.pol
[2009/08/23 11:46:44 | 000,005,892 | ---- | C] () -- C:\Users\daphene\AppData\Local\d3d9caps.dat
[2008/07/04 09:47:05 | 000,024,206 | ---- | C] () -- C:\Users\daphene\AppData\Roaming\UserTile.png
[2008/07/01 15:11:12 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/07/01 00:17:39 | 000,013,796 | ---- | C] () -- C:\Users\daphene\AppData\Roaming\wklnhst.dat
[2008/06/30 21:27:43 | 000,024,576 | ---- | C] () -- C:\Users\daphene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >
 
You didn't say:
Any current issues?
Click to expand...

p4494882.gif


====================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys -- (SABKUTIL)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
[2012/07/08 18:01:05 | 000,000,000 | ---D | C] -- C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==========================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I spoke too soon I think... after clicking on OTL , pc crashed and tried rebooting on Safe Mode to repair and then Normal Mode ...got as far as logging into pc with password and then black screen.
 
Yes, I tried it, restarting the pc manually ( pulling the plug ) after 1 mn, 5 mns, 20 mns but the same thing happened - when I could get past the log in, pc froze and hung there till I had to shut it down.
 
Right, remember in my msg#18, thereabouts, I mentioned that when I type in J:\frst.exe that I got a message saying J:\frst.exe is not recognized as internal or external command, operable program or batch file
Do I slot in the OTLPE cd to get the log ?
 
Let's try something else.

You will need a USB flash drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download rst.sh to your USB flash drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named enum.log
  • Remove the USB drive and insert it back in your working computer and navigate to enum.log

    Please note - all text entries are case sensitive
Copy and paste the enum.log for my review
 
Hate to give this up for a week.... is there a possibility to burn the CD using the infected pc but in Safe Mode or using the OTLPE cd ?
 
I managed to burn the CD but I can't find rst.sh in either sda1 or sda 2 which are the only 2 items I see when I click to open mnt.
I checked my usb that rst.sh is saved on it.
 
Yes, I suppose Safe Mode worked .
I've left the infected pc on with the ePid cd running for more than 40 mns now and I still don't see sdb.
 
You must log in or register to reply here.

Similar threads

TimTom
PC Blue screens but works in safe mode
Replies
5
Views
1K
Kshipper
Kshipper
Ivan Franco
New Microsoft Surface devices and HP PCs show off ongoing PC innovation
Replies
0
Views
1K
Ivan Franco
Ivan Franco
C
PC works in safe mode but keeps rebooting in normal mode
Replies
14
Views
4K
ravisunny2
ravisunny2

Latest posts

Back