nohamg

Ouia desole si j'ai pas ete clair .... Je retente ma chance : Alors pour ces meme clefs il me reste encore a: retirer les troyens detecte par l'antivirus remettre les dossiers en "non caches" (-d'apres ce que j'ai pu lire sur les autres postes- ils sont devenu cache a cause de l'antivirus qui c'est fait pieger par l'autorun.inf et les a reconnu comme de fichier ".exe". Donc du coup ils ont etait mis en quarentaine et la pas moyen de les retablirs comme fichiers a lecture normale.

Salut, Je voulai te demander si tu savais comment decocher la fonction "cache" des dossiers (la fonction qui ont etaient mis en quarentaine par l'antivirus les reconnaissant comme des .exe ? Ils sont cache mais accessibles, ca serait juste quand bien plus pratique de pouvoir les remettre en affichage "normal".

Salut, Voila le rapport. C'est possible qu'il manque certains details j'ai lance la suppresion 2 fois (ici tu as le deuxieme rapport), la premiere fois notre generateur a coupe sans que je sache si le scan etait finit (j'ai pas verifier le dossier C:\UsbFix.txt a ce moment...). ############################## | UsbFix 7.014 | [Deletion] User: COOLOG (Administrator) # COOLOG-PC [Dell Inc. Vostro 1000] Updated 24/06/10 by El Desaparecido / C_XX Started at 10:22:47 | 02/07/2010 Website: Bienvenue dans nos Pages Persos Contact: [email protected] CPU: AMD Athlon 64 X2 Dual-Core Processor TK-57 CPU 2: AMD Athlon 64 X2 Dual-Core Processor TK-57 Microsoft® Windows Vista™ Home Basic (6.0.6001 32-Bit) # Service Pack 1 Internet Explorer 7.0.6001.18000 Windows Firewall: Disabled /!\ RAM -> 1917 Mb C:\ (%systemdrive%) -> Fixed drive # 139 Gb (17 Mb free - 12%) [OS] # NTFS D:\ -> Fixed drive # 10 Gb (1 Mb free - 14%) [RECOVERY] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 968 Mb (862 Mb free - 89%) [THOMAS KEY] # FAT32 G:\ -> Removable drive # 1000 Mb (931 Mb free - 93%) [ GONWHIDRUM] # FAT H:\ -> Removable drive # 4 Gb (4 Mb free - 99%) [] # FAT32 I:\ -> Fixed drive # 466 Gb (66 Mb free - 14%) [LaCie] # FAT32 ################## | Files # Infected Folders | Deleted ! H:\autorun.0nf ################## | Registry | ################## | Mountpoints2 | ################## | Listing | [01/06/2010 - 18:09:36 | HD ] C:\$AVG [02/07/2010 - 10:25:39 | SHD ] C:\$Recycle.Bin [13/03/2009 - 15:26:18 | D ] C:\ATI [18/09/2006 - 21:43:36 | A | 24] C:\autoexec.bat [02/07/2010 - 09:52:24 | RASHD ] C:\Autorun.inf [03/02/2008 - 23:33:27 | SHD ] C:\Boot [21/01/2008 - 02:34:29 | RASH | 333203] C:\bootmgr [24/06/2010 - 17:23:50 | HD ] C:\Config.Msi [18/09/2006 - 21:43:37 | A | 10] C:\config.sys [13/03/2009 - 14:31:14 | D ] C:\DELL [09/09/2008 - 04:24:28 | RAH | 4224] C:\dell.sdr [08/10/2007 - 06:46:36 | D ] C:\doctemp [13/03/2009 - 11:51:53 | SHD ] C:\Documents and Settings [13/12/2007 - 22:09:44 | D ] C:\Drivers [02/07/2010 - 09:43:54 | ASH | 2011217920] C:\hiberfil.sys [02/06/2010 - 16:23:20 | RASH | 0] C:\IO.SYS [02/06/2010 - 16:23:20 | RASH | 0] C:\MSDOS.SYS [09/06/2009 - 22:30:16 | D ] C:\Netgear [09/09/2008 - 01:51:38 | A | 22729] C:\newfile.enc [09/09/2008 - 01:51:38 | A | 22729] C:\newkey [02/07/2010 - 09:43:52 | ASH | 2325032960] C:\pagefile.sys [21/01/2008 - 02:43:50 | D ] C:\PerfLogs [01/07/2010 - 09:39:30 | RD ] C:\Program Files [02/07/2010 - 09:42:28 | HD ] C:\ProgramData [28/06/2010 - 15:26:14 | D ] C:\rsit [02/07/2010 - 09:42:39 | SHD ] C:\System Volume Information [22/01/2010 - 09:36:41 | D ] C:\Temp [02/07/2010 - 10:25:39 | D ] C:\UsbFix [02/07/2010 - 10:22:48 | A | 2525] C:\UsbFix.txt [02/07/2010 - 09:52:24 | A | 4259] C:\UsbFix_Upload_Me_COOLOG-PC.zip [28/06/2010 - 08:28:59 | RD ] C:\Users [02/07/2010 - 09:42:32 | D ] C:\Windows [01/07/2010 - 08:44:45 | D ] C:\_OTL [02/07/2010 - 10:25:39 | SHD ] D:\$RECYCLE.BIN [02/07/2010 - 09:52:24 | RASHD ] D:\Autorun.inf [16/06/2010 - 11:31:52 | D ] D:\COOLOG-PC [09/09/2008 - 05:04:02 | D ] D:\dell [16/06/2010 - 11:26:16 | RA | 528] D:\MediaID.bin [19/01/2008 - 08:45:45 | D ] D:\Program Files [19/01/2008 - 08:45:30 | HD ] D:\ProgramData [29/01/2008 - 17:53:24 | D ] D:\sources [08/09/2008 - 20:28:57 | SHD ] D:\System Volume Information [09/09/2008 - 05:15:34 | D ] D:\Tools [19/01/2008 - 08:45:30 | RD ] D:\Users [09/09/2008 - 05:03:19 | D ] D:\Windows [13/03/2008 - 23:28:12 | RAD ] E:\VIDEO_TS [13/03/2008 - 23:28:12 | RAD ] E:\AUDIO_TS [13/11/2009 - 10:49:50 | RSHD ] F:\TO BE SENT [17/12/2009 - 12:36:10 | RSHD ] F:\MOMED [23/02/2010 - 10:41:22 | A | 26624] F:\Emmett_February 20.doc [09/09/2009 - 12:25:08 | RSHD ] F:\RECYCLER [02/06/2010 - 15:32:14 | RSHD ] F:\TTHDHGC [23/02/2010 - 10:38:24 | RSHD ] F:\astry [03/11/2009 - 16:15:38 | RSHD ] F:\gb accountancy [02/06/2010 - 11:41:18 | A | 579584] F:\MON database 01 2010 MON 1ST PAYROLL_Leo.xls [21/01/2010 - 11:43:34 | RSHD ] F:\bkup [23/03/2009 - 08:19:12 | RSHD ] F:\Driver Printers [30/06/2010 - 15:21:22 | RASHD ] F:\Autorun.inf [25/02/2010 - 08:52:46 | RSHD ] F:\LEO [03/11/2009 - 20:04:50 | RSHD ] F:\ALICE [15/01/2010 - 12:39:10 | A | 2854400] F:\MON - Accountancy 122009 - CORRECTION_LEO 20100115.xls [14/12/2009 - 15:24:40 | RSHD ] F:\Scanned Docs [25/02/2010 - 13:22:50 | RSHD ] F:\Docs [20/05/2002 - 17:13:44 | A | 19968] F:\National Info.xls [18/11/2009 - 11:40:24 | RSHD ] F:\bin [18/01/2010 - 10:25:52 | A | 2903552] F:\MON - Accountancy 112009 MON - CHECK LEO 20100115.xls [05/03/2010 - 09:58:50 | A | 39424] F:\INTERNAL CASH REQUEST FORM USD.xls [16/04/2010 - 14:23:58 | A | 54784] F:\20100412 LIB Raprochement T12704 Fev_Leo.xls [02/04/2010 - 23:15:40 | A | 102400] F:\LIB - Cash controls 201003.xls [15/04/2010 - 17:22:48 | A | 2846208] F:\LIB - Accountancy 03 2010 - voucher OK.xls [17/04/2010 - 12:33:46 | A | 30720] F:\20100412 LIB Raprochement T12704 willie.xls [03/06/2010 - 13:14:44 | A | 49152] F:\200901007- ADM006 Ministry of Labour.doc [01/06/2010 - 18:44:06 | A | 50176] F:\Advance- Return.xls [20/05/2002 - 14:20:14 | A | 2966016] F:\MON - Accountancy 04 2010 - ChecK_LEO.xls [02/06/2010 - 17:05:54 | A | 115712] F:\LIB - Cash controls 201005.xls [24/06/2010 - 14:40:00 | A | 46080] F:\TENDER FOR THE SALE.doc [30/10/2009 - 15:25:46 | RSHD ] F:\HR [01/06/2010 - 17:33:52 | RSHD ] F:\Usb 2.0 Driver [31/05/2010 - 09:02:40 | A | 30208] G:\New cases form.xls [09/10/2009 - 08:56:20 | RSHD ] G:\Exchange MDM & Cap [24/02/2010 - 08:48:40 | RSHD ] G:\Nurse meeting report [28/05/2010 - 16:48:18 | A | 49664] G:\JOB DESCRIPTION may 2010.doc [24/02/2010 - 10:32:26 | RSHD ] G:\MH INSERVICE TRAINING MDM [29/04/2010 - 10:51:38 | RSHD ] G:\Mental Health [24/02/2010 - 09:04:28 | RSHD ] G:\Guideline+Case study [09/10/2009 - 08:46:24 | RSHD ] G:\kpoe document [09/10/2009 - 08:49:12 | RSHD ] G:\master trainer [09/10/2009 - 08:50:18 | RSHD ] G:\MDM activities [09/10/2009 - 09:58:12 | RSHD ] G:\MDM + PHEBE mou [24/02/2010 - 10:24:20 | RSHD ] G:\MHD Activitity [18/02/2010 - 11:51:40 | A | 1890304] G:\DATA COLLECTION TOOL - Blank format.xls [03/04/2010 - 12:56:46 | A | 882688] G:\In-service & SBMR.ppt [23/06/2009 - 15:33:14 | A | 37888] G:\Road Map 2009-2012.doc [19/02/2010 - 15:40:40 | RSHD ] G:\Monthly report of five(5) mental health clinics [28/05/2010 - 16:40:34 | RSHD ] G:\Usb 2.0 Driver [26/04/2010 - 12:01:56 | A | 93184] G:\Gbarpolu Co. Training Budget.doc [24/02/2010 - 08:41:50 | RSHD ] G:\MDM survey&workshop 2009-2010 [19/04/2010 - 15:35:30 | A | 93184] G:\Copy of Gbarpolu Co. Training Budget.doc [22/04/2010 - 08:09:40 | A | 238592] G:\OIC training.doc [12/03/2010 - 11:00:08 | A | 239104] G:\Workshop March.ppt [27/04/2010 - 15:28:22 | A | 598528] G:\DATA COLLECTION TOOL 2010 - New Version MHT.xls [29/04/2010 - 10:54:20 | RSHD ] G:\OIC Workshop [06/05/2010 - 15:25:06 | RSHD ] G:\Dweh cuc [04/05/2010 - 06:22:26 | RSHD ] G:\Dweh [12/03/2010 - 10:28:38 | A | 22016] G:\MH General assessment tool [19/02/2010 - 16:09:00 | RSHD ] G:\MDM Day - February 2010 [04/05/2010 - 19:43:32 | A | 60928] G:\evaluation.xls [06/02/2009 - 15:12:06 | RSHD ] G:\Data collection tool 2009 [15/06/2010 - 11:13:58 | A | 599] G:\MPCHS strategy planning report june 2010.lnk [14/06/2010 - 15:19:34 | RSHD ] G:\workshop letter [14/06/2010 - 15:20:32 | RSHD ] G:\SOPHIE [16/06/2010 - 17:06:16 | A | 59392] G:\MDM presentation june 2010.doc [15/06/2010 - 16:53:46 | A | 23552] G:\Doran,s base meeting, June 16, 2010.doc [21/06/2010 - 15:33:42 | A | 75264] G:\MH Presentation PP.ppt [24/06/2010 - 09:03:18 | RSHD ] G:\New Folder [24/06/2010 - 09:05:30 | RSHD ] G:\ASSESSMENT REPORT [24/06/2010 - 10:05:28 | RSHD ] G:\New Folder (2) [24/06/2010 - 10:13:38 | RSHD ] G:\New Folder (3) [28/06/2010 - 14:41:50 | D ] G:\autorun.inf [08/05/2009 - 16:52:00 | RSHD ] G:\SYSTEM [08/05/2009 - 16:52:00 | RSHD ] G:\DATA [13/05/2009 - 08:50:06 | RSHD ] G:\Protocol [14/05/2009 - 13:50:02 | RSHD ] G:\Evaluations [22/05/2009 - 13:25:56 | RSHD ] G:\In-service training BPHS [25/06/2009 - 09:22:56 | RSHD ] G:\reproductive health presentation [25/06/2009 - 15:00:16 | RSHD ] G:\group 1 modules [25/06/2009 - 15:02:26 | RSHD ] G:\RECYCLER [10/07/2009 - 14:44:08 | RSHD ] G:\2009 [10/07/2009 - 14:44:52 | RSHD ] G:\Monthly reports 2009 [20/08/2009 - 16:36:52 | RSHD ] G:\Edmund document [16/06/2008 - 16:22:40 | A | 2914296] H:\ccsetup208.exe [04/05/2010 - 10:19:36 | D ] H:\Constrof HandOver [18/05/2010 - 19:03:46 | A | 5577728] H:\paul.doc [04/06/2010 - 20:53:30 | D ] H:\Noam [17/06/2010 - 16:00:14 | D ] H:\autorun.inf [12/06/2010 - 13:40:10 | D ] H:\leo [01/07/2009 - 08:49:30 | HD ] H:\.Trashes [01/07/2009 - 08:49:32 | AH | 4096] H:\._.Trashes [01/07/2009 - 08:58:58 | AH | 82] H:\._CV Gaudin Noham.doc [29/03/2006 - 14:08:32 | AH | 82] I:\._System Volume Information [24/08/2009 - 16:56:52 | RSHD ] I:\AUTOPLAY [24/08/2009 - 16:56:52 | RSHD ] I:\System Volume Information [24/08/2009 - 16:56:52 | RSHD ] I:\MOVIES [24/08/2009 - 16:56:52 | RSHD ] I:\PICTURES [24/08/2009 - 16:56:52 | RSHD ] I:\UPDATE [09/09/2009 - 14:56:46 | RSHD ] I:\Noham [20/09/2009 - 17:17:28 | RSHD ] I:\.Trashes [09/09/2009 - 14:59:58 | RSHD ] I:\Recycled [20/09/2009 - 17:17:28 | AH | 4096] I:\._.Trashes [26/12/2009 - 11:22:20 | AH | 6148] I:\.DS_Store [20/09/2009 - 14:54:36 | RSHD ] I:\$RECYCLE.BIN [24/10/2009 - 09:55:36 | RSHD ] I:\PRO [13/03/2010 - 20:07:48 | RSHD ] I:\Copy Cles USB [01/06/2002 - 08:28:50 | RSHD ] I:\Usb 2.0 Driver [02/06/2010 - 17:09:34 | D ] I:\Noam [07/06/2010 - 08:53:20 | D ] I:\MUSICS [11/06/2010 - 08:17:54 | D ] I:\FILM [30/06/2010 - 15:21:24 | RASHD ] I:\Autorun.inf ################## | Vaccin | C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) I:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) ################## | Upload | Please send the file: C:\UsbFix_Upload_Me_COOLOG-PC.zip Upload pour UsbFix, Ad-Remover & FindyKill Thank you for your contribution. ################## | E.O.F |

Salut, Ca ete fait ! Dis moi s'il me faut le refaire. Humm comment dois je faire cela ? Une idee pour se débarrasser des troyan (troyan horse agent2.atxc / generic13.POPQ / dropper generic2.LEH) ? Merci

Salut ! Voila la suite. All processes killed ========== FILES ========== File move failed. F:\Recycled.exe scheduled to be moved on reboot. File move failed. F:\svchost.exe scheduled to be moved on reboot. File move failed. G:\New Folder.exe scheduled to be moved on reboot. File move failed. G:\New Folder (2).exe scheduled to be moved on reboot. File move failed. G:\New Folder (3).exe scheduled to be moved on reboot. File move failed. G:\RECYCLER.exe scheduled to be moved on reboot. File move failed. G:\SYSTEM.exe scheduled to be moved on reboot. File move failed. F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe scheduled to be moved on reboot. File move failed. G:\workshop report.exe scheduled to be moved on reboot. File move failed. G:\Protocol.exe scheduled to be moved on reboot. File move failed. G:\Nurse meeting report.exe scheduled to be moved on reboot. File move failed. G:\MH INSERVICE TRAINING MDM.exe scheduled to be moved on reboot. File move failed. G:\Mental Health.exe scheduled to be moved on reboot. File move failed. G:\SOPHIE.exe scheduled to be moved on reboot. File move failed. G:\unused.exe scheduled to be moved on reboot. File move failed. G:\MHD Activitity.exe scheduled to be moved on reboot. File move failed. G:\Monthly report of five(5) mental health clinics.exe scheduled to be moved on reboot. File move failed. G:\MDM survey&workshop 2009-2010.exe scheduled to be moved on reboot. File move failed. G:\OIC Workshop.exe scheduled to be moved on reboot. File move failed. G:\reproductive health presentation.exe scheduled to be moved on reboot. File move failed. G:\Monthly reports 2009.exe scheduled to be moved on reboot. File move failed. G:\WORKSHOP LETTER.exe scheduled to be moved on reboot. File move failed. G:\SURVEY REPORT.exe scheduled to be moved on reboot. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: COOLOG ->Temp folder emptied: 9249131 bytes ->Temporary Internet Files folder emptied: 162314 bytes ->Java cache emptied: 85731186 bytes ->FireFox cache emptied: 37055919 bytes ->Flash cache emptied: 2239 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 172 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 109170 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 126.00 mb [EMPTYFLASH] User: All Users User: COOLOG ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.7.0 log created on 07012010_084445 Files\Folders moved on Reboot... File move failed. F:\Recycled.exe scheduled to be moved on reboot. File move failed. F:\svchost.exe scheduled to be moved on reboot. File move failed. G:\New Folder.exe scheduled to be moved on reboot. File move failed. G:\New Folder (2).exe scheduled to be moved on reboot. File move failed. G:\New Folder (3).exe scheduled to be moved on reboot. File move failed. G:\RECYCLER.exe scheduled to be moved on reboot. File move failed. G:\SYSTEM.exe scheduled to be moved on reboot. File move failed. F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe scheduled to be moved on reboot. File move failed. G:\workshop report.exe scheduled to be moved on reboot. File move failed. G:\Protocol.exe scheduled to be moved on reboot. File move failed. G:\Nurse meeting report.exe scheduled to be moved on reboot. File move failed. G:\MH INSERVICE TRAINING MDM.exe scheduled to be moved on reboot. File move failed. G:\Mental Health.exe scheduled to be moved on reboot. File move failed. G:\SOPHIE.exe scheduled to be moved on reboot. File move failed. G:\unused.exe scheduled to be moved on reboot. File move failed. G:\MHD Activitity.exe scheduled to be moved on reboot. File move failed. G:\Monthly report of five(5) mental health clinics.exe scheduled to be moved on reboot. File move failed. G:\MDM survey&workshop 2009-2010.exe scheduled to be moved on reboot. File move failed. G:\OIC Workshop.exe scheduled to be moved on reboot. File move failed. G:\reproductive health presentation.exe scheduled to be moved on reboot. File move failed. G:\Monthly reports 2009.exe scheduled to be moved on reboot. File move failed. G:\WORKSHOP LETTER.exe scheduled to be moved on reboot. File move failed. G:\SURVEY REPORT.exe scheduled to be moved on reboot. File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. Registry entries deleted on Reboot... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4263 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 7/1/2010 11:41:54 AM mbam-log-2010-07-01 (11-41-54).txt Scan type: Quick scan Objects scanned: 127196 Time elapsed: 7 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

OTL logfile created on: 6/30/2010 3:59:54 PM - Run 3 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\COOLOG\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.96 Gb Total Space | 15.78 Gb Free Space | 11.35% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 1.42 Gb Free Space | 14.15% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 968.07 Mb Total Space | 860.00 Mb Free Space | 88.84% Space Free | Partition Type: FAT32 Drive G: | 999.69 Mb Total Space | 928.27 Mb Free Space | 92.86% Space Free | Partition Type: FAT Drive H: | 465.65 Gb Total Space | 66.49 Gb Free Space | 14.28% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: COOLOG-PC Current User Name: COOLOG Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/28 20:42:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\COOLOG\Desktop\OTL.exe PRC - [2010/06/24 12:20:11 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/06/03 09:40:00 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010/06/03 09:39:53 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/06/03 09:39:53 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/06/03 09:39:15 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/06/03 09:39:14 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/06/01 18:07:02 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010/06/01 18:06:51 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007/09/10 23:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2007/04/24 12:31:10 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe ========== Modules (SafeList) ========== MOD - [2010/06/28 20:42:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\COOLOG\Desktop\OTL.exe MOD - [2010/06/01 18:09:19 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll MOD - [2008/01/21 02:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008/01/21 02:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/06/01 18:07:02 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/06/01 18:06:51 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/04/24 12:31:10 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) ========== Driver Services (SafeList) ========== DRV - [2010/06/03 09:39:53 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/06/03 09:39:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010/06/01 18:09:31 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009/04/30 23:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC) DRV - [2009/04/30 23:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009/04/30 23:00:00 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009/02/05 21:06:59 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2008/06/24 05:42:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2008/06/24 05:42:16 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2008/06/24 05:42:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2008/06/24 05:42:16 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2008/01/21 02:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/21 02:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/21 02:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/21 02:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/21 02:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/21 02:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/21 02:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/21 02:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel® DRV - [2008/01/21 02:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/21 02:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/21 02:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/21 02:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/21 02:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/21 02:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/21 02:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/21 02:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/21 02:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/21 02:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/21 02:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/21 02:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/21 02:32:47 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/01/21 02:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/21 02:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008/01/21 02:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/21 02:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/21 02:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/21 02:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/21 02:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/12/07 05:52:48 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX) DRV - [2007/10/17 09:33:56 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2007/07/12 10:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2007/04/24 12:31:16 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007/04/24 12:29:38 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2007/04/24 12:00:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/04/24 12:00:18 | 000,043,520 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007/04/24 12:00:16 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/10/30 15:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825 FF - prefs.js..extensions.enabledItems: [email protected]:1.19 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/03 10:59:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 12:20:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/25 07:58:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/06/24 14:13:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/07/16 17:22:32 | 000,000,000 | ---D | M] [2010/03/31 10:38:05 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Mozilla\Extensions [2010/03/31 10:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\COOLOG\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/06/30 09:51:55 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Mozilla\Firefox\Profiles\dyivht73.default\extensions [2010/03/29 10:28:35 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Mozilla\Firefox\Profiles\dyivht73.default\extensions\[email protected] [2010/06/30 09:51:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/06/24 17:22:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/04/03 12:04:42 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/04/03 12:04:42 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/04/03 12:04:42 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2009/03/31 22:15:30 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2010/04/03 12:04:42 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/04/03 12:04:42 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Ziepod One-Click Helper) - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\Windows\System32\ZiepodOneClicker.dll (Ziepod) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2208296302-755442354-946692294-1000..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2208296302-755442354-946692294-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.127.17.71 194.25.0.58 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/06/30 15:21:20 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/06/30 15:21:20 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/06/30 15:21:22 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010/06/28 14:41:50 | 000,000,000 | ---D | M] - G:\autorun.inf -- [ FAT ] O32 - AutoRun File - [2009/08/24 16:56:52 | 000,000,000 | RHSD | M] - H:\AUTOPLAY -- [ FAT32 ] O32 - AutoRun File - [2010/06/30 15:21:24 | 000,000,000 | RHSD | M] - H:\Autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/30 15:21:20 | 000,000,000 | RHSD | C] -- C:\Autorun.inf [2010/06/28 20:41:46 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\COOLOG\Desktop\OTL.exe [2010/06/28 16:04:40 | 001,224,471 | ---- | C] (C_XX & El Desaparecido) -- C:\Users\COOLOG\Desktop\UsbFix.exe [2010/06/28 15:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010/06/28 15:24:17 | 000,000,000 | ---D | C] -- C:\rsit [2010/06/24 17:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/06/24 17:22:40 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010/06/24 17:22:40 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010/06/24 17:22:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010/06/24 17:22:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010/06/22 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\COOLOG\Documents\Back up Email Thunderbird Mozbackup [2010/06/17 15:58:26 | 000,000,000 | ---D | C] -- C:\UsbFix [2010/06/17 12:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\usb-set [2010/06/04 21:09:50 | 000,000,000 | ---D | C] -- C:\Users\COOLOG\AppData\Roaming\HP [2010/06/04 09:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2010/06/04 09:16:26 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010/06/04 09:16:25 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010/06/04 09:10:46 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010/06/04 09:10:32 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2010/06/04 09:10:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2010/06/04 09:10:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2010/06/04 09:10:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2010/06/04 09:10:29 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010/06/04 09:09:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010/06/04 09:06:47 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2010/06/04 08:32:34 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2010/06/04 08:32:34 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2010/06/04 08:32:17 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2010/06/04 08:32:17 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2010/06/04 08:32:17 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2010/06/04 08:31:55 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2010/06/04 08:31:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2010/06/01 18:09:36 | 000,000,000 | -H-D | C] -- C:\$AVG [2010/06/01 18:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9 [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/30 16:03:25 | 003,145,728 | -HS- | M] () -- C:\Users\COOLOG\NTUSER.DAT [2010/06/30 16:03:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/06/30 16:03:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/06/30 15:30:11 | 000,708,438 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/06/30 15:30:11 | 000,607,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/06/30 15:30:11 | 000,106,220 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/06/30 15:26:13 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/06/30 15:23:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/30 15:23:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/30 15:23:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/30 15:23:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/30 15:23:42 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys [2010/06/30 15:22:36 | 000,524,288 | -HS- | M] () -- C:\Users\COOLOG\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms [2010/06/30 15:22:36 | 000,065,536 | -HS- | M] () -- C:\Users\COOLOG\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2010/06/30 15:21:23 | 000,006,783 | ---- | M] () -- C:\UsbFix_Upload_Me_COOLOG-PC.zip [2010/06/30 14:43:40 | 001,667,311 | -H-- | M] () -- C:\Users\COOLOG\AppData\Local\IconCache.db [2010/06/30 10:44:51 | 061,526,149 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/06/28 20:42:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\COOLOG\Desktop\OTL.exe [2010/06/28 16:11:05 | 001,224,471 | ---- | M] (C_XX & El Desaparecido) -- C:\Users\COOLOG\Desktop\UsbFix.exe [2010/06/28 08:29:05 | 000,000,940 | ---- | M] () -- C:\Users\COOLOG\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010/06/25 18:13:18 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010/06/24 14:44:39 | 000,050,176 | ---- | M] () -- C:\Users\COOLOG\Desktop\TENDER FOR THE SALE.doc [2010/06/23 09:59:34 | 000,000,862 | ---- | M] () -- C:\Users\COOLOG\Desktop\092010_072010 Noham Gaudin - Shortcut.lnk [2010/06/23 09:49:14 | 000,048,640 | ---- | M] () -- C:\Users\COOLOG\Desktop\6 MDM Order to Superior Level.xls [2010/06/19 23:26:16 | 000,239,104 | ---- | M] () -- C:\Users\COOLOG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/18 12:17:02 | 000,102,592 | ---- | M] () -- C:\Users\COOLOG\AppData\Roaming\GDIPFONTCACHEV1.DAT [2010/06/04 21:04:17 | 000,102,592 | ---- | M] () -- C:\Users\COOLOG\AppData\Local\GDIPFONTCACHEV1.DAT [2010/06/04 21:01:55 | 000,157,369 | ---- | M] () -- C:\Windows\hpoins27.dat [2010/06/04 12:28:01 | 000,156,886 | ---- | M] () -- C:\Windows\hpoins27.dat.temp [2010/06/04 09:47:16 | 000,383,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/06/03 09:39:53 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010/06/03 09:39:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010/06/02 16:23:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/06/02 16:23:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/06/01 18:16:37 | 000,140,800 | ---- | M] () -- C:\Users\COOLOG\Desktop\Bookfile Label2.xls [2010/06/01 18:09:31 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2010/06/01 18:09:19 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010/06/01 18:09:17 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm [2010/06/01 09:27:08 | 000,308,736 | ---- | M] () -- C:\Users\COOLOG\Desktop\Folders labels.xls [2010/05/31 17:08:48 | 000,351,744 | ---- | M] () -- C:\Users\COOLOG\Desktop\Folders labels 2006.xls [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/29 10:33:22 | 000,006,783 | ---- | C] () -- C:\UsbFix_Upload_Me_COOLOG-PC.zip [2010/06/23 09:59:34 | 000,000,862 | ---- | C] () -- C:\Users\COOLOG\Desktop\092010_072010 Noham Gaudin - Shortcut.lnk [2010/06/23 09:49:14 | 000,048,640 | ---- | C] () -- C:\Users\COOLOG\Desktop\6 MDM Order to Superior Level.xls [2010/06/15 10:34:27 | 000,061,440 | ---- | C] () -- C:\Users\COOLOG\Desktop\Inccident report for MDM vehicles.doc [2010/06/02 16:23:20 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2010/06/02 16:23:20 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2010/05/31 17:08:26 | 000,351,744 | ---- | C] () -- C:\Users\COOLOG\Desktop\Folders labels 2006.xls [2010/05/31 17:08:01 | 000,308,736 | ---- | C] () -- C:\Users\COOLOG\Desktop\Folders labels.xls [2010/01/22 09:39:09 | 000,000,729 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2010/01/15 08:37:08 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009/06/12 22:13:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009/03/21 10:23:34 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009/03/13 12:31:13 | 000,000,493 | ---- | C] () -- C:\Windows\ODBC.INI [2008/09/09 04:24:17 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/09/09 04:24:16 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008/09/09 01:51:45 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2008/09/09 01:42:34 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll [2007/08/23 10:34:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll [2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll [2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2009/05/05 19:02:09 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Azureus [2009/03/30 04:53:33 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\gtk-2.0 [2009/05/05 14:27:28 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\IrfanView [2010/01/15 08:38:04 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Leadertech [2009/07/24 23:32:15 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\OpenOffice.org [2009/10/15 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\PeerNetworking [2010/03/31 10:38:02 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Thunderbird [2009/03/31 22:13:39 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\uTorrent [2010/06/30 15:22:26 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 6/28/2010 8:44:01 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\COOLOG\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.96 Gb Total Space | 16.21 Gb Free Space | 11.67% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 1.42 Gb Free Space | 14.15% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 968.07 Mb Total Space | 860.00 Mb Free Space | 88.84% Space Free | Partition Type: FAT32 Drive G: | 999.69 Mb Total Space | 928.22 Mb Free Space | 92.85% Space Free | Partition Type: FAT Drive H: | 465.65 Gb Total Space | 65.07 Gb Free Space | 13.98% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: COOLOG-PC Current User Name: COOLOG Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2208296302-755442354-946692294-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\services.exe" = C:\WINDOWS\services.exe -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1E1969B6-CD9D-4305-B7EE-F5D1D2AEC2EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{20D20DB0-7DE5-40C8-9053-8BB21C686B41}" = lport=139 | protocol=6 | dir=in | app=system | "{24FD79E5-62BD-4115-840C-638FEC4B44ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2E59FED8-D565-403F-BBA6-522790BE5D50}" = lport=138 | protocol=17 | dir=in | app=system | "{41C018A8-6466-40E4-97E4-BE6DC409D43D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{461CB209-9480-478B-9DB3-994B8C5D536E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{49E111C8-CB06-45C0-BDEF-48BCED509A42}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5298327E-15D2-4CA4-A159-F7DB53E9D563}" = lport=2869 | protocol=6 | dir=in | app=system | "{543755AD-DF4A-4430-A0C5-A2C13BE64745}" = lport=137 | protocol=17 | dir=in | app=system | "{5E977CE4-6EB9-4CD3-BE04-AF30332E80BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6FFDA7E9-92DE-4573-A28C-755775DEA7F4}" = rport=445 | protocol=6 | dir=out | app=system | "{824FECB3-BD13-4ED6-8DA7-43FBC7DE45B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{88FD2BBD-12BD-45A8-9916-25C7A6056602}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8A0813BA-6516-4B3F-B13B-719F1C1B316F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{931F3668-53F5-4505-B6E6-227E59F9D585}" = rport=137 | protocol=17 | dir=out | app=system | "{981D9ED4-56FD-40D9-B034-18CDC9B532FF}" = lport=10243 | protocol=6 | dir=in | app=system | "{9AF32F19-A9E9-41E5-B494-F1D330773946}" = rport=10243 | protocol=6 | dir=out | app=system | "{B277D816-4FD6-4B99-A0F7-F5561450985C}" = rport=139 | protocol=6 | dir=out | app=system | "{C85B98FD-33BC-4386-8E2A-8E2A43B3EFFC}" = lport=445 | protocol=6 | dir=in | app=system | "{CB587DC2-0C8E-4A16-B21F-32EAB03C255A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CE5CB10C-2763-4C53-A9E0-437BFC633765}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CEDCED38-77C5-4426-9135-8DB5075A49BC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D03BE591-06B2-4EA6-8218-C4BEF5023946}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E25FC2E5-257B-40AC-8776-69A54EF58879}" = rport=138 | protocol=17 | dir=out | app=system | "{ED2D6A08-4882-4F36-BC59-5D05415E3249}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F0FABB48-D295-493F-8E67-94B2E25E2BB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{F20D9EC6-9152-449F-9884-A1B38F116284}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0055C498-D02A-4EA9-8F7C-FC55C2A2D356}" = protocol=1 | dir=out | [email protected],-28544 | "{005B07CA-BF7C-4C76-B3C5-A11E919B66DE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{04573FB0-5189-46CB-829B-C1272A2AD276}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{07889CA3-9223-44B0-86AD-453015988BB0}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | "{08F12C3A-1F80-496A-9A13-CC469A4CF4FB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{14CA5DF2-231C-468D-BC5E-BFE149F2982F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{16AF3F3E-5EC8-406C-8BE0-530BE5F766C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{18623327-3630-4169-BDA1-F746D5E25E28}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{222CD897-EE2E-41DB-8917-20E881C6183C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{23469703-BD1F-4505-8614-732D5792BB5E}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "{276545A9-852F-4286-AEBD-DFFA09467AD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{28498760-5F2B-47C9-8867-C193089C2E43}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{28E07CEA-4E92-4C89-8160-9F882DED118C}" = protocol=58 | dir=in | [email protected],-28545 | "{2BCAE47F-355F-460C-AE04-26E6543397F3}" = protocol=1 | dir=in | [email protected],-28543 | "{2FD3C3DA-2C39-465D-A0AD-A9A41BB847E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{31368DB7-33D0-453B-8AD1-844F6EB230F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{31E7DEB0-3B52-42A8-911F-67E0805E5FB2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3526D31E-425A-43A4-B960-FB1D8A193792}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3C1F0B93-9392-49B5-BD30-4F3468E60242}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe | "{493378D9-FE7A-47F8-9E69-CA3B74401AF0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4CCBFD5D-CF5C-4B36-BBFA-6F929C285DE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{51607506-2BCE-4AFC-A9F9-62A8973F981F}" = protocol=6 | dir=out | app=system | "{5647FE0B-0565-4CA7-A408-EDF3A56539DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{58BED4B1-4D0B-468A-AB80-A9C1F8257533}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5BA9FB81-FDA8-490F-AA56-0E9990220E11}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5C52EC73-D274-4EE1-A546-5A0F25E544A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5EAA2054-B374-4BC2-BC66-E8CE18F48EF7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5F8AFBAB-E075-4083-8128-E89457885262}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{64F9E623-8C2D-4973-9214-C0D289EC4544}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{668139E4-F3B0-44C8-8212-E4E37ECF9581}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{68DF4F13-CB1F-4F4E-B4FF-40863414C447}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | "{6944C4BB-ED97-43BC-AAE4-32877F57453C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | "{6D9426E4-868D-4A3C-A527-12D68B4E6757}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7E04099A-02D4-4B3F-984C-D0EFC1745B49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8843DABA-7056-457E-B8D7-7FEF4FA24217}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9707CFDE-C9B0-4D1E-8212-A2D17092DA11}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A091706F-6725-4B59-8A01-37A3C801D87B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A41BF765-18C9-4EDF-9399-60F1DB1FD054}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A46AB48E-1738-4760-B55C-4DD84383F3CD}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "{A5EA9DA0-D538-49BA-8954-BAC1B995AE61}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A5FE7AEF-D464-4227-A7BD-C22D1E965899}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A79F4A71-F868-45AA-9E38-A204E38D2756}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AA4F44FF-48C9-4889-B8ED-A221E7305196}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "{AB521057-6CDB-42AD-BB62-7B5463AD4607}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AF7A7B07-DF42-4818-AAF5-3B3B374EBD1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B03E23D1-7AA7-4FA1-865C-E335C458002F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B1ABFFB2-9351-4CB5-846E-B3EDD7C4D592}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B599779C-7A89-4797-B552-AA2B5AA017E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B7395FA7-8D84-4A1B-A5C3-4FAA47A04AAA}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{BF9640FB-3154-4544-93E3-84F3082E8525}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BFBCC3EF-8C89-4C9F-940D-5F3CD1010E08}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C0401AB1-9EFD-4663-A459-53EE168B927B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C04CE893-9AE4-411F-9792-F4E87E123548}" = protocol=58 | dir=out | [email protected],-28546 | "{CA063513-CDF1-4E69-9A93-0124C52799AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CB1D6300-8E07-4B90-82CE-1461F0D797A8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CCED5D90-85D2-4811-B6F8-F5EF44620897}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CDBF3F4B-2377-457F-8D02-589B9D2182B7}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "{CE3400A3-8C64-4FC6-B1C0-B0AFB65DCA65}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CE983D41-FFF3-420A-A519-E411D3E79B0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D6AD244F-EE42-4543-9661-AB8CC0B30D07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DA0E9ED9-CB27-4A8B-BA26-0689F5CAEC2E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E52D852F-D34B-4AEA-B94D-02D55136A7FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E6A67B95-99F9-4802-80EE-8243ABA66E86}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ECF50A9D-0271-4D63-BF2E-39B07EE00082}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | "{F6E216BA-8138-4CF9-AD26-F458F1C26886}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F7E8A2F5-3E4C-40E9-B1F9-1E02412F7D6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F80613A4-A628-45A1-8599-F3C333829D8F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F8B49CAD-4B2F-40D5-B6D7-02DC81436076}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{2EB0FCCA-7F19-4870-9D46-8ECB6F8FE226}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{A5E686F0-CCEE-4838-A100-1A512A920AD5}E:\setup\hppnet01.exe" = protocol=6 | dir=in | app=e:\setup\hppnet01.exe | "UDP Query User{699870C8-3BC8-492E-9675-6D2CBAF2DDEA}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{742C60A2-334B-4DF9-B25C-0691FEDE3A8B}E:\setup\hppnet01.exe" = protocol=17 | dir=in | app=e:\setup\hppnet01.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1 "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15CC668C-F37C-CE24-9047-40EC8034E29D}" = ATI Catalyst Control Center Ex "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 20 "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool "{2C091730-3788-4F16-A032-433AC9931375}" = Misc "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher "{3871DA1E-D863-4548-8465-A2F55D4BFC95}" = UGuide "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2 "{6F801026-6AF0-4520-9153-4C9B4CAAB361}" = HP LaserJet P2050 Series 2.0 "{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module "{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderP2050 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{B92B952E-4459-480F-A500-60D87F6F527F}_is1" = USB-set 1.4.1 "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8 "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module "{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs "{C9F9BEAE-3963-41D3-B970-CA60C6A71179}" = HP Officejet K7100 Series Toolbox "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 "{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver "{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AVG9Uninstall" = AVG Free 9.0 "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "FairUse Wizard 2 LE" = FairUse Wizard 2 LE "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "HP LaserJet P1000 series" = HP LaserJet P1000 series "HP Officejet K7100 Series" = HP Officejet K7100 Series "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "IrfanView" = IrfanView (remove only) "lvdrivers_12.0" = Logitech Webcam Software Driver Package "Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10) "Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4) "Picasa 3" = Picasa 3 "pycairo-py2.5" = Python 2.5 pycairo-1.4.12 "pygobject-py2.5" = Python 2.5 pygobject-2.14.1 "pygtk-py2.5" = Python 2.5 pygtk-2.12.1 "RealAlt_is1" = Real Alternative 1.46 "Shop for HP Supplies" = Shop for HP Supplies "Usbfix" = Usbfix By C_XX & El Desaparecido "VLC media player" = VLC media player 0.9.8a "WinGimp-2.0_is1" = The GIMP 2.2.13 "WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment "WinRAR archiver" = Archiveur WinRAR "Ziepod_is1" = Ziepod version 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/17/2010 10:23:08 AM | Computer Name = COOLOG-PC | Source = Application Hang | ID = 1002 Description = The program thunderbird.exe version 1.9.1.3728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 4a0 Start Time: 01cb0df4681706fb Termination Time: 47 Error - 6/18/2010 4:35:08 AM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10 Description = Error - 6/18/2010 6:41:11 AM | Computer Name = COOLOG-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1610 Start Time: 01cb0ed21bc976f1 Termination Time: 16 Error - 6/19/2010 10:27:43 AM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10 Description = Error - 6/19/2010 4:16:50 PM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10 Description = Error - 6/21/2010 3:59:39 AM | Computer Name = COOLOG-PC | Source = Application Error | ID = 1000 Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp 0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x04728a82, process id 0x7c0, application start time 0x01cb1117acedfb3d. Error - 6/21/2010 3:59:52 AM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10 Description = Error - 6/21/2010 4:10:50 AM | Computer Name = COOLOG-PC | Source = Application Error | ID = 1000 Description = Faulting application HP1006MC.EXE, version 4.0.0.47, time stamp 0x46c2fc48, faulting module HP1006MC.EXE, version 4.0.0.47, time stamp 0x46c2fc48, exception code 0xc0000005, fault offset 0x00005b15, process id 0x868, application start time 0x01cb11194246ab7a. Error - 6/21/2010 4:48:05 AM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10 Description = Error - 6/21/2010 4:49:06 AM | Computer Name = COOLOG-PC | Source = Application Error | ID = 1000 Description = Faulting application NMIndexStoreSvr.exe, version 3.3.3.0, time stamp 0x47c6bd1b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x17271727, process id 0xd58, application start time 0x01cb111e71d14378. [ Broadcom Wireless LAN Events ] Error - 1/23/2010 8:19:35 AM | Computer Name = COOLOG-PC | Source = WLAN-Tray | ID = 0 Description = 12:19:35, Sat, Jan 23, 10 Error - Unable to decrypt string [ System Events ] Error - 6/28/2010 4:29:09 AM | Computer Name = COOLOG-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/28/2010 4:29:09 AM | Computer Name = COOLOG-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/28/2010 4:29:09 AM | Computer Name = COOLOG-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/28/2010 4:29:09 AM | Computer Name = COOLOG-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/28/2010 4:29:35 AM | Computer Name = COOLOG-PC | Source = DCOM | ID = 10016 Description = Error - 6/28/2010 4:50:46 AM | Computer Name = COOLOG-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 10.2.0.129 for the Network Card with network address 002269941550 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). Error - 6/28/2010 4:51:36 AM | Computer Name = COOLOG-PC | Source = bowser | ID = 8003 Description = Error - 6/28/2010 7:10:19 AM | Computer Name = COOLOG-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.12 for the Network Card with network address 002269941550 has been denied by the DHCP server 10.0.0.2 (The DHCP Server sent a DHCPNACK message). Error - 6/28/2010 9:50:54 AM | Computer Name = COOLOG-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 10.2.0.129 for the Network Card with network address 002269941550 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). Error - 6/28/2010 9:51:56 AM | Computer Name = COOLOG-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.10 for the Network Card with network address 002269941550 has been denied by the DHCP server 10.0.0.2 (The DHCP Server sent a DHCPNACK message). < End of report >

Salut, Desole ... j'ai refait le scan avec OLT aussi. ############################## | UsbFix 7.014 | [Deletion] User: COOLOG (Administrator) # COOLOG-PC [Dell Inc. Vostro 1000] Updated 24/06/10 by El Desaparecido / C_XX Started at 14:56:29 | 30/06/2010 Website: Bienvenue dans nos Pages Persos Contact: [email protected] CPU: AMD Athlon 64 X2 Dual-Core Processor TK-57 CPU 2: AMD Athlon 64 X2 Dual-Core Processor TK-57 Microsoft® Windows Vista™ Home Basic (6.0.6001 32-Bit) # Service Pack 1 Internet Explorer 7.0.6001.18000 Windows Firewall: Enabled Antivirus: AVG Anti-Virus Free 8.0 [Enabled | Updated] RAM -> 1917 Mb C:\ (%systemdrive%) -> Fixed drive # 139 Gb (16 Mb free - 11%) [OS] # NTFS D:\ -> Fixed drive # 10 Gb (1 Mb free - 14%) [RECOVERY] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 968 Mb (860 Mb free - 89%) [THOMAS KEY] # FAT32 G:\ -> Removable drive # 1000 Mb (928 Mb free - 93%) [ GONWHIDRUM] # FAT H:\ -> Fixed drive # 466 Gb (66 Mb free - 14%) [LaCie] # FAT32 ################## | Files # Infected Folders | Not deleted ! F:\Recycled.exe Not deleted ! F:\svchost.exe Not deleted ! G:\New Folder.exe Not deleted ! G:\New Folder (2).exe Not deleted ! G:\New Folder (3).exe Not deleted ! G:\RECYCLER.exe Not deleted ! G:\system.exe Not deleted ! F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe Not deleted ! G:\workshop report.exe Not deleted ! G:\Protocol.exe Not deleted ! G:\Nurse meeting report.exe Not deleted ! G:\MH INSERVICE TRAINING MDM.exe Not deleted ! G:\Mental Health.exe Not deleted ! G:\SOPHIE.exe Not deleted ! G:\unused.exe Not deleted ! G:\MHD Activitity.exe Not deleted ! G:\Monthly report of five(5) mental health clinics.exe Not deleted ! G:\MDM survey&workshop 2009-2010.exe Not deleted ! G:\OIC Workshop.exe Not deleted ! G:\reproductive health presentation.exe Not deleted ! G:\Monthly reports 2009.exe Not deleted ! G:\WORKSHOP LETTER.exe Not deleted ! G:\SURVEY REPORT.exe ################## | Registry | ################## | Mountpoints2 | ################## | Listing | [01/06/2010 - 18:09:36 | HD ] C:\$AVG [30/06/2010 - 15:21:16 | SHD ] C:\$Recycle.Bin [13/03/2009 - 15:26:18 | D ] C:\ATI [18/09/2006 - 21:43:36 | A | 24] C:\autoexec.bat [30/06/2010 - 14:42:43 | RASHD ] C:\Autorun.inf [03/02/2008 - 23:33:27 | SHD ] C:\Boot [21/01/2008 - 02:34:29 | RASH | 333203] C:\bootmgr [24/06/2010 - 17:23:50 | HD ] C:\Config.Msi [18/09/2006 - 21:43:37 | A | 10] C:\config.sys [13/04/2009 - 09:55:47 | A | 172] C:\curr_ver.tmp [13/03/2009 - 14:31:14 | D ] C:\DELL [09/09/2008 - 04:24:28 | RAH | 4224] C:\dell.sdr [08/10/2007 - 06:46:36 | D ] C:\doctemp [13/03/2009 - 11:51:53 | SHD ] C:\Documents and Settings [13/12/2007 - 22:09:44 | D ] C:\Drivers [30/06/2010 - 14:45:02 | ASH | 2009157632] C:\hiberfil.sys [02/06/2010 - 16:23:20 | RASH | 0] C:\IO.SYS [02/06/2010 - 16:23:20 | RASH | 0] C:\MSDOS.SYS [09/06/2009 - 22:30:16 | D ] C:\Netgear [09/09/2008 - 01:51:38 | A | 22729] C:\newfile.enc [09/09/2008 - 01:51:38 | A | 22729] C:\newkey [30/06/2010 - 14:45:01 | ASH | 2325032960] C:\pagefile.sys [21/01/2008 - 02:43:50 | D ] C:\PerfLogs [29/06/2010 - 14:35:17 | RD ] C:\Program Files [25/06/2010 - 07:58:24 | HD ] C:\ProgramData [28/06/2010 - 15:26:14 | D ] C:\rsit [25/06/2010 - 08:35:32 | SHD ] C:\System Volume Information [22/01/2010 - 09:36:41 | D ] C:\Temp [30/06/2010 - 15:21:16 | D ] C:\UsbFix [30/06/2010 - 14:56:30 | A | 3468] C:\UsbFix.txt [30/06/2010 - 14:42:46 | A | 6686] C:\UsbFix_Upload_Me_COOLOG-PC.zip [28/06/2010 - 08:28:59 | RD ] C:\Users [28/06/2010 - 14:41:53 | D ] C:\Windows [30/06/2010 - 15:21:16 | SHD ] D:\$RECYCLE.BIN [30/06/2010 - 14:42:43 | RASHD ] D:\Autorun.inf [16/06/2010 - 11:31:52 | D ] D:\COOLOG-PC [09/09/2008 - 05:04:02 | D ] D:\dell [16/06/2010 - 11:26:16 | RA | 528] D:\MediaID.bin [19/01/2008 - 08:45:45 | D ] D:\Program Files [19/01/2008 - 08:45:30 | HD ] D:\ProgramData [29/01/2008 - 17:53:24 | D ] D:\sources [08/09/2008 - 20:28:57 | SHD ] D:\System Volume Information [09/09/2008 - 05:15:34 | D ] D:\Tools [19/01/2008 - 08:45:30 | RD ] D:\Users [09/09/2008 - 05:03:19 | D ] D:\Windows [13/11/2009 - 10:49:50 | RSHD ] F:\TO BE SENT [17/12/2009 - 12:36:10 | RSHD ] F:\MOMED [17/05/2010 - 19:31:08 | N | 259395] F:\svchost.exe [23/02/2010 - 10:41:22 | A | 26624] F:\Emmett_February 20.doc [09/09/2009 - 12:25:08 | RSHD ] F:\RECYCLER [02/06/2010 - 15:32:14 | RSHD ] F:\TTHDHGC [23/02/2010 - 10:38:24 | RSHD ] F:\astry [03/11/2009 - 16:15:38 | RSHD ] F:\gb accountancy [02/06/2010 - 11:41:18 | A | 579584] F:\MON database 01 2010 MON 1ST PAYROLL_Leo.xls [21/01/2010 - 11:43:34 | RSHD ] F:\bkup [23/03/2009 - 08:19:12 | RSHD ] F:\Driver Printers [30/06/2010 - 14:42:46 | RASHD ] F:\Autorun.inf [25/02/2010 - 08:52:46 | RSHD ] F:\LEO [03/11/2009 - 20:04:50 | RSHD ] F:\ALICE [15/01/2010 - 12:39:10 | A | 2854400] F:\MON - Accountancy 122009 - CORRECTION_LEO 20100115.xls [14/12/2009 - 15:24:40 | RSHD ] F:\Scanned Docs [25/02/2010 - 13:22:50 | RSHD ] F:\Docs [20/05/2002 - 17:13:44 | A | 19968] F:\National Info.xls [18/11/2009 - 11:40:24 | RSHD ] F:\bin [18/01/2010 - 10:25:52 | A | 2903552] F:\MON - Accountancy 112009 MON - CHECK LEO 20100115.xls [05/03/2010 - 09:58:50 | A | 39424] F:\INTERNAL CASH REQUEST FORM USD.xls [16/04/2010 - 14:23:58 | A | 54784] F:\20100412 LIB Raprochement T12704 Fev_Leo.xls [02/04/2010 - 23:15:40 | A | 102400] F:\LIB - Cash controls 201003.xls [15/04/2010 - 17:22:48 | A | 2846208] F:\LIB - Accountancy 03 2010 - voucher OK.xls [17/04/2010 - 12:33:46 | A | 30720] F:\20100412 LIB Raprochement T12704 willie.xls [03/06/2010 - 13:14:44 | A | 49152] F:\200901007- ADM006 Ministry of Labour.doc [01/06/2010 - 18:44:06 | A | 50176] F:\Advance- Return.xls [01/06/2010 - 18:46:00 | N | 1471163] F:\Recycled.exe [20/05/2002 - 14:20:14 | A | 2966016] F:\MON - Accountancy 04 2010 - ChecK_LEO.xls [02/06/2010 - 17:05:54 | A | 115712] F:\LIB - Cash controls 201005.xls [24/06/2010 - 14:40:00 | A | 46080] F:\TENDER FOR THE SALE.doc [30/10/2009 - 15:25:46 | RSHD ] F:\HR [01/06/2010 - 17:33:52 | RSHD ] F:\Usb 2.0 Driver [08/05/2009 - 16:52:00 | N | 140288] G:\SYSTEM.exe [31/05/2010 - 09:02:40 | A | 30208] G:\New cases form.xls [09/10/2009 - 08:56:20 | RSHD ] G:\Exchange MDM & Cap [24/02/2010 - 08:48:40 | RSHD ] G:\Nurse meeting report [28/05/2010 - 16:48:18 | A | 49664] G:\JOB DESCRIPTION may 2010.doc [24/02/2010 - 10:32:26 | RSHD ] G:\MH INSERVICE TRAINING MDM [29/04/2010 - 10:51:38 | RSHD ] G:\Mental Health [24/02/2010 - 09:04:28 | RSHD ] G:\Guideline+Case study [09/10/2009 - 08:46:24 | RSHD ] G:\kpoe document [09/10/2009 - 08:49:12 | RSHD ] G:\master trainer [09/10/2009 - 08:50:18 | RSHD ] G:\MDM activities [09/10/2009 - 09:58:12 | RSHD ] G:\MDM + PHEBE mou [24/02/2010 - 10:24:20 | RSHD ] G:\MHD Activitity [18/02/2010 - 11:51:40 | A | 1890304] G:\DATA COLLECTION TOOL - Blank format.xls [03/04/2010 - 12:56:46 | A | 882688] G:\In-service & SBMR.ppt [23/06/2009 - 15:33:14 | A | 37888] G:\Road Map 2009-2012.doc [19/02/2010 - 15:40:40 | RSHD ] G:\Monthly report of five(5) mental health clinics [28/05/2010 - 16:40:34 | RSHD ] G:\Usb 2.0 Driver [13/05/2009 - 08:50:06 | N | 140288] G:\workshop report.exe [13/05/2009 - 08:50:06 | N | 140288] G:\Protocol.exe [26/04/2010 - 12:01:56 | A | 93184] G:\Gbarpolu Co. Training Budget.doc [25/06/2009 - 15:02:26 | N | 140288] G:\RECYCLER.exe [24/02/2010 - 08:41:50 | RSHD ] G:\MDM survey&workshop 2009-2010 [19/04/2010 - 15:35:30 | A | 93184] G:\Copy of Gbarpolu Co. Training Budget.doc [22/04/2010 - 08:09:40 | A | 238592] G:\OIC training.doc [12/03/2010 - 11:00:08 | A | 239104] G:\Workshop March.ppt [27/04/2010 - 15:28:22 | A | 598528] G:\DATA COLLECTION TOOL 2010 - New Version MHT.xls [29/04/2010 - 10:54:20 | RSHD ] G:\OIC Workshop [06/05/2010 - 15:25:06 | RSHD ] G:\Dweh cuc [04/05/2010 - 06:22:26 | RSHD ] G:\Dweh [12/03/2010 - 10:28:38 | A | 22016] G:\MH General assessment tool [24/02/2010 - 08:48:40 | N | 140288] G:\Nurse meeting report.exe [24/02/2010 - 10:32:26 | N | 140288] G:\MH INSERVICE TRAINING MDM.exe [29/04/2010 - 10:51:38 | N | 140288] G:\Mental Health.exe [19/02/2010 - 16:09:00 | RSHD ] G:\MDM Day - February 2010 [04/05/2010 - 19:43:32 | A | 60928] G:\evaluation.xls [14/06/2010 - 15:20:32 | N | 140288] G:\SOPHIE.exe [24/06/2010 - 10:05:28 | N | 140288] G:\unused.exe [06/02/2009 - 15:12:06 | RSHD ] G:\Data collection tool 2009 [24/02/2010 - 10:24:20 | N | 140288] G:\MHD Activitity.exe [19/02/2010 - 15:40:40 | N | 140288] G:\Monthly report of five(5) mental health clinics.exe [24/02/2010 - 08:41:50 | N | 140288] G:\MDM survey&workshop 2009-2010.exe [29/04/2010 - 10:54:20 | N | 140288] G:\OIC Workshop.exe [25/06/2009 - 09:22:56 | N | 140288] G:\reproductive health presentation.exe [10/07/2009 - 14:44:52 | N | 140288] G:\Monthly reports 2009.exe [15/06/2010 - 11:13:58 | A | 599] G:\MPCHS strategy planning report june 2010.lnk [24/06/2010 - 09:03:18 | N | 140288] G:\New Folder.exe [14/06/2010 - 15:19:34 | RSHD ] G:\workshop letter [14/06/2010 - 15:20:32 | RSHD ] G:\SOPHIE [14/06/2010 - 15:19:34 | N | 140288] G:\WORKSHOP LETTER.exe [16/06/2010 - 17:06:16 | A | 59392] G:\MDM presentation june 2010.doc [15/06/2010 - 16:53:46 | A | 23552] G:\Doran,s base meeting, June 16, 2010.doc [21/06/2010 - 15:33:42 | A | 75264] G:\MH Presentation PP.ppt [24/06/2010 - 09:03:18 | RSHD ] G:\New Folder [24/06/2010 - 09:05:30 | RSHD ] G:\ASSESSMENT REPORT [24/06/2010 - 10:05:28 | N | 140288] G:\New Folder (2).exe [24/06/2010 - 10:05:28 | RSHD ] G:\New Folder (2) [24/06/2010 - 10:13:38 | RSHD ] G:\New Folder (3) [24/06/2010 - 10:05:28 | N | 140288] G:\SURVEY REPORT.exe [24/06/2010 - 10:13:38 | N | 140288] G:\New Folder (3).exe [28/06/2010 - 14:41:50 | D ] G:\autorun.inf [08/05/2009 - 16:52:00 | RSHD ] G:\SYSTEM [08/05/2009 - 16:52:00 | RSHD ] G:\DATA [13/05/2009 - 08:50:06 | RSHD ] G:\Protocol [14/05/2009 - 13:50:02 | RSHD ] G:\Evaluations [22/05/2009 - 13:25:56 | RSHD ] G:\In-service training BPHS [25/06/2009 - 09:22:56 | RSHD ] G:\reproductive health presentation [25/06/2009 - 15:00:16 | RSHD ] G:\group 1 modules [25/06/2009 - 15:02:26 | RSHD ] G:\RECYCLER [10/07/2009 - 14:44:08 | RSHD ] G:\2009 [10/07/2009 - 14:44:52 | RSHD ] G:\Monthly reports 2009 [20/08/2009 - 16:36:52 | RSHD ] G:\Edmund document [29/03/2006 - 14:08:32 | AH | 82] H:\._System Volume Information [24/08/2009 - 16:56:52 | RSHD ] H:\AUTOPLAY [24/08/2009 - 16:56:52 | RSHD ] H:\System Volume Information [24/08/2009 - 16:56:52 | RSHD ] H:\MOVIES [24/08/2009 - 16:56:52 | RSHD ] H:\PICTURES [24/08/2009 - 16:56:52 | RSHD ] H:\UPDATE [09/09/2009 - 14:56:46 | RSHD ] H:\Noham [20/09/2009 - 17:17:28 | RSHD ] H:\.Trashes [09/09/2009 - 14:59:58 | RSHD ] H:\Recycled [20/09/2009 - 17:17:28 | AH | 4096] H:\._.Trashes [26/12/2009 - 11:22:20 | AH | 6148] H:\.DS_Store [20/09/2009 - 14:54:36 | RSHD ] H:\$RECYCLE.BIN [24/10/2009 - 09:55:36 | RSHD ] H:\PRO [13/03/2010 - 20:07:48 | RSHD ] H:\Copy Cles USB [01/06/2002 - 08:28:50 | RSHD ] H:\Usb 2.0 Driver [02/06/2010 - 17:09:34 | D ] H:\Noam [07/06/2010 - 08:53:20 | D ] H:\MUSICS [11/06/2010 - 08:17:54 | D ] H:\FILM [30/06/2010 - 14:42:46 | RASHD ] H:\Autorun.inf ################## | Vaccin | C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX) ################## | Upload | Please send the file: C:\UsbFix_Upload_Me_COOLOG-PC.zip Upload pour UsbFix, Ad-Remover & FindyKill Thank you for your contribution. ################## | E.O.F |

OTL Extras logfile created on: 6/28/2010 8:44:01 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\COOLOG\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.96 Gb Total Space | 16.21 Gb Free Space | 11.67% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 1.42 Gb Free Space | 14.15% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 968.07 Mb Total Space | 860.00 Mb Free Space | 88.84% Space Free | Partition Type: FAT32 Drive G: | 999.69 Mb Total Space | 928.22 Mb Free Space | 92.85% Space Free | Partition Type: FAT Drive H: | 465.65 Gb Total Space | 65.07 Gb Free Space | 13.98% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: COOLOG-PC Current User Name: COOLOG Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2208296302-755442354-946692294-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\services.exe" = C:\WINDOWS\services.exe -- File not found ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1E1969B6-CD9D-4305-B7EE-F5D1D2AEC2EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{20D20DB0-7DE5-40C8-9053-8BB21C686B41}" = lport=139 | protocol=6 | dir=in | app=system | "{24FD79E5-62BD-4115-840C-638FEC4B44ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2E59FED8-D565-403F-BBA6-522790BE5D50}" = lport=138 | protocol=17 | dir=in | app=system | "{41C018A8-6466-40E4-97E4-BE6DC409D43D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{461CB209-9480-478B-9DB3-994B8C5D536E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{49E111C8-CB06-45C0-BDEF-48BCED509A42}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5298327E-15D2-4CA4-A159-F7DB53E9D563}" = lport=2869 | protocol=6 | dir=in | app=system | "{543755AD-DF4A-4430-A0C5-A2C13BE64745}" = lport=137 | protocol=17 | dir=in | app=system | "{5E977CE4-6EB9-4CD3-BE04-AF30332E80BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6FFDA7E9-92DE-4573-A28C-755775DEA7F4}" = rport=445 | protocol=6 | dir=out | app=system | "{824FECB3-BD13-4ED6-8DA7-43FBC7DE45B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{88FD2BBD-12BD-45A8-9916-25C7A6056602}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8A0813BA-6516-4B3F-B13B-719F1C1B316F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{931F3668-53F5-4505-B6E6-227E59F9D585}" = rport=137 | protocol=17 | dir=out | app=system | "{981D9ED4-56FD-40D9-B034-18CDC9B532FF}" = lport=10243 | protocol=6 | dir=in | app=system | "{9AF32F19-A9E9-41E5-B494-F1D330773946}" = rport=10243 | protocol=6 | dir=out | app=system | "{B277D816-4FD6-4B99-A0F7-F5561450985C}" = rport=139 | protocol=6 | dir=out | app=system | "{C85B98FD-33BC-4386-8E2A-8E2A43B3EFFC}" = lport=445 | protocol=6 | dir=in | app=system | "{CB587DC2-0C8E-4A16-B21F-32EAB03C255A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CE5CB10C-2763-4C53-A9E0-437BFC633765}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CEDCED38-77C5-4426-9135-8DB5075A49BC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D03BE591-06B2-4EA6-8218-C4BEF5023946}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E25FC2E5-257B-40AC-8776-69A54EF58879}" = rport=138 | protocol=17 | dir=out | app=system | "{ED2D6A08-4882-4F36-BC59-5D05415E3249}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F0FABB48-D295-493F-8E67-94B2E25E2BB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{F20D9EC6-9152-449F-9884-A1B38F116284}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0055C498-D02A-4EA9-8F7C-FC55C2A2D356}" = protocol=1 | dir=out | [email protected],-28544 | "{005B07CA-BF7C-4C76-B3C5-A11E919B66DE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{04573FB0-5189-46CB-829B-C1272A2AD276}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{07889CA3-9223-44B0-86AD-453015988BB0}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | "{08F12C3A-1F80-496A-9A13-CC469A4CF4FB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{14CA5DF2-231C-468D-BC5E-BFE149F2982F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{16AF3F3E-5EC8-406C-8BE0-530BE5F766C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{18623327-3630-4169-BDA1-F746D5E25E28}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{222CD897-EE2E-41DB-8917-20E881C6183C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{23469703-BD1F-4505-8614-732D5792BB5E}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "{276545A9-852F-4286-AEBD-DFFA09467AD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{28498760-5F2B-47C9-8867-C193089C2E43}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{28E07CEA-4E92-4C89-8160-9F882DED118C}" = protocol=58 | dir=in | [email protected],-28545 | "{2BCAE47F-355F-460C-AE04-26E6543397F3}" = protocol=1 | dir=in | [email protected],-28543 | "{2FD3C3DA-2C39-465D-A0AD-A9A41BB847E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{31368DB7-33D0-453B-8AD1-844F6EB230F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{31E7DEB0-3B52-42A8-911F-67E0805E5FB2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3526D31E-425A-43A4-B960-FB1D8A193792}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3C1F0B93-9392-49B5-BD30-4F3468E60242}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe | "{493378D9-FE7A-47F8-9E69-CA3B74401AF0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4CCBFD5D-CF5C-4B36-BBFA-6F929C285DE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{51607506-2BCE-4AFC-A9F9-62A8973F981F}" = protocol=6 | dir=out | app=system | "{5647FE0B-0565-4CA7-A408-EDF3A56539DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{58BED4B1-4D0B-468A-AB80-A9C1F8257533}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5BA9FB81-FDA8-490F-AA56-0E9990220E11}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5C52EC73-D274-4EE1-A546-5A0F25E544A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5EAA2054-B374-4BC2-BC66-E8CE18F48EF7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5F8AFBAB-E075-4083-8128-E89457885262}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{64F9E623-8C2D-4973-9214-C0D289EC4544}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{668139E4-F3B0-44C8-8212-E4E37ECF9581}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{68DF4F13-CB1F-4F4E-B4FF-40863414C447}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | "{6944C4BB-ED97-43BC-AAE4-32877F57453C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | "{6D9426E4-868D-4A3C-A527-12D68B4E6757}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7E04099A-02D4-4B3F-984C-D0EFC1745B49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8843DABA-7056-457E-B8D7-7FEF4FA24217}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9707CFDE-C9B0-4D1E-8212-A2D17092DA11}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A091706F-6725-4B59-8A01-37A3C801D87B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A41BF765-18C9-4EDF-9399-60F1DB1FD054}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A46AB48E-1738-4760-B55C-4DD84383F3CD}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "{A5EA9DA0-D538-49BA-8954-BAC1B995AE61}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A5FE7AEF-D464-4227-A7BD-C22D1E965899}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A79F4A71-F868-45AA-9E38-A204E38D2756}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AA4F44FF-48C9-4889-B8ED-A221E7305196}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "{AB521057-6CDB-42AD-BB62-7B5463AD4607}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AF7A7B07-DF42-4818-AAF5-3B3B374EBD1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B03E23D1-7AA7-4FA1-865C-E335C458002F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B1ABFFB2-9351-4CB5-846E-B3EDD7C4D592}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B599779C-7A89-4797-B552-AA2B5AA017E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B7395FA7-8D84-4A1B-A5C3-4FAA47A04AAA}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{BF9640FB-3154-4544-93E3-84F3082E8525}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BFBCC3EF-8C89-4C9F-940D-5F3CD1010E08}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C0401AB1-9EFD-4663-A459-53EE168B927B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C04CE893-9AE4-411F-9792-F4E87E123548}" = protocol=58 | dir=out | [email protected],-28546 | "{CA063513-CDF1-4E69-9A93-0124C52799AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CB1D6300-8E07-4B90-82CE-1461F0D797A8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CCED5D90-85D2-4811-B6F8-F5EF44620897}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CDBF3F4B-2377-457F-8D02-589B9D2182B7}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "{CE3400A3-8C64-4FC6-B1C0-B0AFB65DCA65}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CE983D41-FFF3-420A-A519-E411D3E79B0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D6AD244F-EE42-4543-9661-AB8CC0B30D07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DA0E9ED9-CB27-4A8B-BA26-0689F5CAEC2E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E52D852F-D34B-4AEA-B94D-02D55136A7FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E6A67B95-99F9-4802-80EE-8243ABA66E86}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ECF50A9D-0271-4D63-BF2E-39B07EE00082}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | "{F6E216BA-8138-4CF9-AD26-F458F1C26886}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F7E8A2F5-3E4C-40E9-B1F9-1E02412F7D6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F80613A4-A628-45A1-8599-F3C333829D8F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F8B49CAD-4B2F-40D5-B6D7-02DC81436076}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{2EB0FCCA-7F19-4870-9D46-8ECB6F8FE226}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{A5E686F0-CCEE-4838-A100-1A512A920AD5}E:\setup\hppnet01.exe" = protocol=6 | dir=in | app=e:\setup\hppnet01.exe | "UDP Query User{699870C8-3BC8-492E-9675-6D2CBAF2DDEA}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{742C60A2-334B-4DF9-B25C-0691FEDE3A8B}E:\setup\hppnet01.exe" = protocol=17 | dir=in | app=e:\setup\hppnet01.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1 "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15CC668C-F37C-CE24-9047-40EC8034E29D}" = ATI Catalyst Control Center Ex "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 20 "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool "{2C091730-3788-4F16-A032-433AC9931375}" = Misc "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher "{3871DA1E-D863-4548-8465-A2F55D4BFC95}" = UGuide "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2 "{6F801026-6AF0-4520-9153-4C9B4CAAB361}" = HP LaserJet P2050 Series 2.0 "{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module "{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderP2050 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{B92B952E-4459-480F-A500-60D87F6F527F}_is1" = USB-set 1.4.1 "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8 "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module "{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs "{C9F9BEAE-3963-41D3-B970-CA60C6A71179}" = HP Officejet K7100 Series Toolbox "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 "{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver "{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AVG9Uninstall" = AVG Free 9.0 "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "FairUse Wizard 2 LE" = FairUse Wizard 2 LE "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "HP LaserJet P1000 series" = HP LaserJet P1000 series "HP Officejet K7100 Series" = HP Officejet K7100 Series "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "IrfanView" = IrfanView (remove only) "lvdrivers_12.0" = Logitech Webcam Software Driver Package "Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10) "Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4) "Picasa 3" = Picasa 3 "pycairo-py2.5" = Python 2.5 pycairo-1.4.12 "pygobject-py2.5" = Python 2.5 pygobject-2.14.1 "pygtk-py2.5" = Python 2.5 pygtk-2.12.1 "RealAlt_is1" = Real Alternative 1.46 "Shop for HP Supplies" = Shop for HP Supplies "Usbfix" = Usbfix By C_XX & El Desaparecido "VLC media player" = VLC media player 0.9.8a "WinGimp-2.0_is1" = The GIMP 2.2.13 "WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment "WinRAR archiver" = Archiveur WinRAR "Ziepod_is1" = Ziepod version 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/17/2010 10:23:08 AM | Computer Name = COOLOG-PC | Source = Application Hang | ID = 1002 Description = The program thunderbird.exe version 1.9.1.3728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 4a0 Start Time: 01cb0df4681706fb Termination Time: 47 Error - 6/18/2010 4:35:08 AM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10 Description = Error - 6/18/2010 6:41:11 AM | Computer Name = COOLOG-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1610 Start Time: 01cb0ed21bc976f1 Termination Time: 16 Error - 6/19/2010 10:27:43 AM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10 Description = Error - 6/19/2010 4:16:50 PM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10 Description = Error - 6/21/2010 3:59:39 AM | Computer Name = COOLOG-PC | Source = Application Error | ID = 1000 Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp 0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x04728a82, process id 0x7c0, application start time 0x01cb1117acedfb3d. Error - 6/21/2010 3:59:52 AM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10 Description = Error - 6/21/2010 4:10:50 AM | Computer Name = COOLOG-PC | Source = Application Error | ID = 1000 Description = Faulting application HP1006MC.EXE, version 4.0.0.47, time stamp 0x46c2fc48, faulting module HP1006MC.EXE, version 4.0.0.47, time stamp 0x46c2fc48, exception code 0xc0000005, fault offset 0x00005b15, process id 0x868, application start time 0x01cb11194246ab7a. Error - 6/21/2010 4:48:05 AM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10 Description = Error - 6/21/2010 4:49:06 AM | Computer Name = COOLOG-PC | Source = Application Error | ID = 1000 Description = Faulting application NMIndexStoreSvr.exe, version 3.3.3.0, time stamp 0x47c6bd1b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x17271727, process id 0xd58, application start time 0x01cb111e71d14378. [ Broadcom Wireless LAN Events ] Error - 1/23/2010 8:19:35 AM | Computer Name = COOLOG-PC | Source = WLAN-Tray | ID = 0 Description = 12:19:35, Sat, Jan 23, 10 Error - Unable to decrypt string [ System Events ] Error - 6/28/2010 4:29:09 AM | Computer Name = COOLOG-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/28/2010 4:29:09 AM | Computer Name = COOLOG-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/28/2010 4:29:09 AM | Computer Name = COOLOG-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/28/2010 4:29:09 AM | Computer Name = COOLOG-PC | Source = Service Control Manager | ID = 7000 Description = Error - 6/28/2010 4:29:35 AM | Computer Name = COOLOG-PC | Source = DCOM | ID = 10016 Description = Error - 6/28/2010 4:50:46 AM | Computer Name = COOLOG-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 10.2.0.129 for the Network Card with network address 002269941550 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). Error - 6/28/2010 4:51:36 AM | Computer Name = COOLOG-PC | Source = bowser | ID = 8003 Description = Error - 6/28/2010 7:10:19 AM | Computer Name = COOLOG-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.12 for the Network Card with network address 002269941550 has been denied by the DHCP server 10.0.0.2 (The DHCP Server sent a DHCPNACK message). Error - 6/28/2010 9:50:54 AM | Computer Name = COOLOG-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 10.2.0.129 for the Network Card with network address 002269941550 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). Error - 6/28/2010 9:51:56 AM | Computer Name = COOLOG-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.10 for the Network Card with network address 002269941550 has been denied by the DHCP server 10.0.0.2 (The DHCP Server sent a DHCPNACK message). < End of report >

OTL logfile created on: 6/28/2010 8:44:01 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\COOLOG\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.96 Gb Total Space | 16.21 Gb Free Space | 11.67% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 1.42 Gb Free Space | 14.15% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 968.07 Mb Total Space | 860.00 Mb Free Space | 88.84% Space Free | Partition Type: FAT32 Drive G: | 999.69 Mb Total Space | 928.22 Mb Free Space | 92.85% Space Free | Partition Type: FAT Drive H: | 465.65 Gb Total Space | 65.07 Gb Free Space | 13.98% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: COOLOG-PC Current User Name: COOLOG Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/28 20:42:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\COOLOG\Desktop\OTL.exe PRC - [2010/06/24 12:20:11 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/06/03 09:40:00 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010/06/03 09:39:53 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/06/03 09:39:53 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/06/03 09:39:15 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/06/03 09:39:14 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/06/01 18:07:02 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010/06/01 18:06:51 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/04/16 12:25:49 | 011,957,424 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe PRC - [2009/09/10 15:21:05 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe PRC - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008/01/21 02:33:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2007/09/10 23:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2007/04/24 12:31:10 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe ========== Modules (SafeList) ========== MOD - [2010/06/28 20:42:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\COOLOG\Desktop\OTL.exe MOD - [2010/06/01 18:09:19 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll MOD - [2008/01/21 02:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008/01/21 02:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/06/01 18:07:02 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/06/01 18:06:51 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/04/24 12:31:10 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) ========== Driver Services (SafeList) ========== DRV - [2010/06/03 09:39:53 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/06/03 09:39:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010/06/01 18:09:31 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009/04/30 23:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC) DRV - [2009/04/30 23:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009/04/30 23:00:00 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009/02/05 21:06:59 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2008/06/24 05:42:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2008/06/24 05:42:16 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2008/06/24 05:42:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2008/06/24 05:42:16 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2008/01/21 02:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/21 02:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/21 02:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/21 02:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/21 02:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/21 02:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/21 02:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/21 02:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel® DRV - [2008/01/21 02:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/21 02:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/21 02:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/21 02:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/21 02:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/21 02:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/21 02:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/21 02:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/21 02:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/21 02:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/21 02:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/21 02:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/21 02:32:47 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/01/21 02:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/21 02:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008/01/21 02:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/21 02:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/21 02:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/21 02:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/21 02:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007/12/07 05:52:48 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX) DRV - [2007/10/17 09:33:56 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2007/07/12 10:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2007/04/24 12:31:16 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007/04/24 12:29:38 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2007/04/24 12:00:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/04/24 12:00:18 | 000,043,520 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007/04/24 12:00:16 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/10/30 15:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825 FF - prefs.js..extensions.enabledItems: [email protected]:1.19 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/03 10:59:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 12:20:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/25 07:58:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/06/24 14:13:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/07/16 17:22:32 | 000,000,000 | ---D | M] [2010/03/31 10:38:05 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Mozilla\Extensions [2010/03/31 10:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\COOLOG\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/06/28 12:10:21 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Mozilla\Firefox\Profiles\dyivht73.default\extensions [2010/03/29 10:28:35 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Mozilla\Firefox\Profiles\dyivht73.default\extensions\[email protected] [2010/06/28 12:10:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/06/24 17:22:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/04/03 12:04:42 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/04/03 12:04:42 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/04/03 12:04:42 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2009/03/31 22:15:30 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml [2010/04/03 12:04:42 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/04/03 12:04:42 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Ziepod One-Click Helper) - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\Windows\System32\ZiepodOneClicker.dll (Ziepod) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [uSB-Set] File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2208296302-755442354-946692294-1000..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKLM..\RunOnce: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2208296302-755442354-946692294-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2 10.0.0.3 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/06/17 11:08:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/06/17 11:08:43 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010/06/28 12:55:10 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010/06/24 14:41:46 | 000,000,257 | RHS- | M] () - F:\autorun.inf.Désactivé par USB-set -- [ FAT32 ] O32 - AutoRun File - [2010/06/28 14:41:50 | 000,000,000 | ---D | M] - G:\autorun.inf -- [ FAT ] O32 - AutoRun File - [2009/08/24 16:56:52 | 000,000,000 | RHSD | M] - H:\AUTOPLAY -- [ FAT32 ] O32 - AutoRun File - [2010/06/17 11:08:44 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/28 20:41:46 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\COOLOG\Desktop\OTL.exe [2010/06/28 16:04:40 | 001,224,471 | ---- | C] (C_XX & El Desaparecido) -- C:\Users\COOLOG\Desktop\UsbFix.exe [2010/06/28 15:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010/06/28 15:24:17 | 000,000,000 | ---D | C] -- C:\rsit [2010/06/24 17:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/06/24 17:22:40 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010/06/24 17:22:40 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010/06/24 17:22:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010/06/24 17:22:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010/06/22 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\COOLOG\Documents\Back up Email Thunderbird Mozbackup [2010/06/17 15:58:26 | 000,000,000 | ---D | C] -- C:\UsbFix [2010/06/17 12:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\usb-set [2010/06/17 12:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\USB-set [2010/06/17 11:08:43 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2010/06/04 21:09:50 | 000,000,000 | ---D | C] -- C:\Users\COOLOG\AppData\Roaming\HP [2010/06/04 09:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2010/06/04 09:16:26 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010/06/04 09:16:25 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010/06/04 09:10:46 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010/06/04 09:10:32 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2010/06/04 09:10:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2010/06/04 09:10:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2010/06/04 09:10:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2010/06/04 09:10:29 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010/06/04 09:09:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010/06/04 09:06:47 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2010/06/04 08:32:34 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2010/06/04 08:32:34 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2010/06/04 08:32:17 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2010/06/04 08:32:17 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2010/06/04 08:32:17 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2010/06/04 08:31:55 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2010/06/04 08:31:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2010/06/01 18:09:36 | 000,000,000 | -H-D | C] -- C:\$AVG [2010/06/01 18:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9 [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/28 20:47:27 | 003,145,728 | -HS- | M] () -- C:\Users\COOLOG\NTUSER.DAT [2010/06/28 20:42:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\COOLOG\Desktop\OTL.exe [2010/06/28 20:28:39 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/28 20:28:39 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/28 20:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/06/28 16:19:46 | 000,708,438 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/06/28 16:19:46 | 000,607,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/06/28 16:19:46 | 000,106,220 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/06/28 16:14:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/06/28 16:11:05 | 001,224,471 | ---- | M] (C_XX & El Desaparecido) -- C:\Users\COOLOG\Desktop\UsbFix.exe [2010/06/28 13:49:12 | 061,458,679 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/06/28 13:27:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/06/28 08:29:05 | 000,000,940 | ---- | M] () -- C:\Users\COOLOG\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2010/06/28 08:28:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/28 08:28:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/28 08:28:23 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys [2010/06/28 08:09:13 | 000,524,288 | -HS- | M] () -- C:\Users\COOLOG\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms [2010/06/28 08:09:13 | 000,065,536 | -HS- | M] () -- C:\Users\COOLOG\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2010/06/27 14:47:36 | 002,960,056 | -H-- | M] () -- C:\Users\COOLOG\AppData\Local\IconCache.db [2010/06/25 18:13:18 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010/06/24 14:44:39 | 000,050,176 | ---- | M] () -- C:\Users\COOLOG\Desktop\TENDER FOR THE SALE.doc [2010/06/23 09:59:34 | 000,000,862 | ---- | M] () -- C:\Users\COOLOG\Desktop\092010_072010 Noham Gaudin - Shortcut.lnk [2010/06/23 09:49:14 | 000,048,640 | ---- | M] () -- C:\Users\COOLOG\Desktop\6 MDM Order to Superior Level.xls [2010/06/19 23:26:16 | 000,239,104 | ---- | M] () -- C:\Users\COOLOG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/18 12:17:02 | 000,102,592 | ---- | M] () -- C:\Users\COOLOG\AppData\Roaming\GDIPFONTCACHEV1.DAT [2010/06/04 21:04:17 | 000,102,592 | ---- | M] () -- C:\Users\COOLOG\AppData\Local\GDIPFONTCACHEV1.DAT [2010/06/04 21:01:55 | 000,157,369 | ---- | M] () -- C:\Windows\hpoins27.dat [2010/06/04 12:28:01 | 000,156,886 | ---- | M] () -- C:\Windows\hpoins27.dat.temp [2010/06/04 09:47:16 | 000,383,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/06/03 09:39:53 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010/06/03 09:39:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010/06/02 16:23:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/06/02 16:23:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/06/01 18:16:37 | 000,140,800 | ---- | M] () -- C:\Users\COOLOG\Desktop\Bookfile Label2.xls [2010/06/01 18:09:31 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2010/06/01 18:09:19 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010/06/01 18:09:17 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm [2010/06/01 09:27:08 | 000,308,736 | ---- | M] () -- C:\Users\COOLOG\Desktop\Folders labels.xls [2010/05/31 17:08:48 | 000,351,744 | ---- | M] () -- C:\Users\COOLOG\Desktop\Folders labels 2006.xls [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/23 09:59:34 | 000,000,862 | ---- | C] () -- C:\Users\COOLOG\Desktop\092010_072010 Noham Gaudin - Shortcut.lnk [2010/06/23 09:49:14 | 000,048,640 | ---- | C] () -- C:\Users\COOLOG\Desktop\6 MDM Order to Superior Level.xls [2010/06/15 10:34:27 | 000,061,440 | ---- | C] () -- C:\Users\COOLOG\Desktop\Inccident report for MDM vehicles.doc [2010/06/02 16:23:20 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2010/06/02 16:23:20 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2010/05/31 17:08:26 | 000,351,744 | ---- | C] () -- C:\Users\COOLOG\Desktop\Folders labels 2006.xls [2010/05/31 17:08:01 | 000,308,736 | ---- | C] () -- C:\Users\COOLOG\Desktop\Folders labels.xls [2010/01/22 09:39:09 | 000,000,729 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2010/01/15 08:37:08 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009/06/12 22:13:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009/03/21 10:23:34 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009/03/13 12:31:13 | 000,000,493 | ---- | C] () -- C:\Windows\ODBC.INI [2008/09/09 04:24:17 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/09/09 04:24:16 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008/09/09 01:51:45 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2008/09/09 01:42:34 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll [2007/08/23 10:34:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll [2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll [2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2009/05/05 19:02:09 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Azureus [2009/03/30 04:53:33 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\gtk-2.0 [2009/05/05 14:27:28 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\IrfanView [2010/01/15 08:38:04 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Leadertech [2009/07/24 23:32:15 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\OpenOffice.org [2009/10/15 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\PeerNetworking [2010/03/31 10:38:02 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Thunderbird [2009/03/31 22:13:39 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\uTorrent [2010/06/27 14:47:43 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >

Salut, Merci pour le coup de main ... j'ai depuis des nouveaux visiteur fraichement arrives : troyan horse agent2.atxc / generic13.POPQ / dropper generic2.LEH... Je n'ai pas toutes les clef USB de la mission sous la main mais je vais en faire petit a petit. Quelle est la prochaine etape ? Merci ############################## | UsbFix 7.014 | [Research] User: COOLOG (Administrator) # COOLOG-PC [Dell Inc. Vostro 1000] Updated 24/06/10 by El Desaparecido / C_XX Started at 16:55:53 | 28/06/2010 Website: Bienvenue dans nos Pages Persos Contact: [email protected] CPU: AMD Athlon 64 X2 Dual-Core Processor TK-57 CPU 2: AMD Athlon 64 X2 Dual-Core Processor TK-57 Microsoft® Windows Vista™ Home Basic (6.0.6001 32-Bit) # Service Pack 1 Internet Explorer 7.0.6001.18000 Windows Firewall: Enabled Antivirus: AVG Anti-Virus Free 8.0 [Enabled | Updated] RAM -> 1917 Mb C:\ (%systemdrive%) -> Fixed drive # 139 Gb (16 Mb free - 12%) [OS] # NTFS D:\ -> Fixed drive # 10 Gb (1 Mb free - 14%) [RECOVERY] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 968 Mb (860 Mb free - 89%) [THOMAS KEY] # FAT32 G:\ -> Removable drive # 1000 Mb (928 Mb free - 93%) [ GONWHIDRUM] # FAT H:\ -> Fixed drive # 466 Gb (65 Mb free - 14%) [LaCie] # FAT32 ################## | Files # Infected Folders | Found ! F:\autorun.inf.Désactivé par USB-set Found ! F:\Recycled.exe Found ! F:\svchost.exe Found ! G:\New Folder.exe Found ! G:\New Folder (2).exe Found ! G:\New Folder (3).exe Found ! G:\RECYCLER.exe Found ! G:\system.exe Found ! G:\DATA\SYSTEM Found ! F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe Found ! G:\workshop report.exe Found ! G:\Protocol.exe Found ! G:\Nurse meeting report.exe Found ! G:\MH INSERVICE TRAINING MDM.exe Found ! G:\Mental Health.exe Found ! G:\SOPHIE.exe Found ! G:\unused.exe Found ! G:\MHD Activitity.exe Found ! G:\Monthly report of five(5) mental health clinics.exe Found ! G:\MDM survey&workshop 2009-2010.exe Found ! G:\OIC Workshop.exe Found ! G:\reproductive health presentation.exe Found ! G:\Monthly reports 2009.exe Found ! G:\WORKSHOP LETTER.exe Found ! G:\SURVEY REPORT.exe ################## | Registry | ################## | Mountpoints2 | ################## | Vaccin | C:\autorun.inf -> Folder created by Flash_Disinfector (sUBs) D:\autorun.inf -> Folder created by Flash_Disinfector (sUBs) F:\autorun.inf -> Folder created by USB-set (Loup Blanc) G:\autorun.inf -> Folder created by USB-set (Loup Blanc) H:\autorun.inf -> Folder created by Flash_Disinfector (sUBs) ################## | E.O.F |

Bonjour, Merci tout d'abord aux membres et createurs de ce forum ou j'ai pu trouver de precieuses informations. Je suis responsable, entre un millier d'autre choses, d'un parc informatique d'environ une vingtaine d'ordinateurs (modele et systeme different). La plus part des clef USB et DD ont ete contaminer par un trojan qui s'installe sur les dossier des périphérique de stockage. L'antivirus (chaque machine en a presque un different .... antivir, avg, avast, macafe, norton, f-secure) donc detecte le virus et tout les dossier deviennent dossier cache (j'avoue ne pas m'y connaitre plus que ca dans le domaine). J'ai suivit les instructions données sur et j'ai sur quelles que machines USB-set. Et j'ai vacciner toutes les clefs et DD que j'ai pu avoir sous la main. Mon soucis en plus d'essayer d'harmoniser l'ensemble des machines et de faire en sorte que tout le monde puisse utiliser sa machine correctement. C'est de rendre les dossiers sur les cles USB devenus cache. La case pour decocher "hiden" n'est pas valide (grise intouchable). Alors comment puis je rendre tout ces dossiers de nouveau visible pour l'ensemble de mes collegues (je ne souhaite pas l'ouverture des fichier cache sur toutes les machines ...) Merci d'avance.