Hi Deltalima, yes I have forgotten that last month I had problems after several tries to uninstall Business Manager software, I tried this week too but with no success, it just freezes and I have to reboot again and again...don't really know how to get rid of it.
Concerning Gmer, it is a hell of job to do it on a normal windows run! it makes everything stuck before I shut off system.
it took twice 10h so I went on Safe Mode gmer1.txt and as it looked with 2 lines only instead of nearly 50 lines taking more than 10h on normal windows run I had to run once more on Safe mode to be sure of this process results.
When not on safe mode, then it get frozen/stuck and I have to reboot, and even the "saving your savings" before windows shutt off, it got frozen too, I had to stop it off wildly.
I made today a second Safe Mode Gmer process gmer2.txt
OTL.txt
OTL logfile created on: 27/08/2010 20:10:24 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\NOMAD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 82.42 Gb Total Space | 40.99 Gb Free Space | 49.74% Space Free | Partition Type: NTFS
Drive D: | 29.37 Gb Total Space | 18.37 Gb Free Space | 62.54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 80.08 Gb Total Space | 25.15 Gb Free Space | 31.40% Space Free | Partition Type: NTFS
Drive G: | 6.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 139.88 Gb Total Space | 20.69 Gb Free Space | 14.79% Space Free | Partition Type: NTFS
Drive I: | 78.13 Gb Total Space | 69.46 Gb Free Space | 88.91% Space Free | Partition Type: NTFS
Drive P: | 1.90 Gb Total Space | 1.79 Gb Free Space | 94.01% Space Free | Partition Type: FAT
Computer Name: ATFXEF49EFB7B13
Current User Name: NOMAD
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\NOMAD\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\Security\Current\plugins\sync\WRSyncManager.exe (Sharpcast, Inc.)
PRC - C:\Program Files\Webroot\Security\Current\plugins\cleanup\WRCleanupEngine.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe ()
PRC - C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (
www.webroot.com))
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Glary Utilities\Integrator.exe (Glarysoft Ltd)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Barclays\Business Manager\bin\updateservice.exe ( )
PRC - C:\Program Files\Barclays\Business Manager\bin\ticketservice.exe ( )
PRC - C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\XAMPPLite\mysql\bin\mysqld.exe ()
PRC - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ATK0100\HControl.exe ()
PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()
PRC - C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe ()
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS)
PRC - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.)
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe ()
PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
PRC - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.)
PRC - c:\XAMPPLite\srvany.exe ()
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\NOMAD\desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Webroot\Security\Current\plugins\antispam\Hooks32.dll (Webroot Inc.)
MOD - C:\Program Files\Webroot\Security\Current\plugins\antispam\winspamcatcher.dll (Mailshell)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\Program Files\ASUS\Asus MultiFrame\HookTitle.dll ()
========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3745.dll ()
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (
www.webroot.com))
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (BBMUpdateService) -- C:\Program Files\Barclays\Business Manager\bin\updateservice.exe ( )
SRV - (BBMTicketService) -- C:\Program Files\Barclays\Business Manager\bin\ticketservice.exe ( )
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (Adobe Version Cue CS2) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Adobe Systems Incorporated)
SRV - (LMBMySQL) -- c:\XAMPPLite\srvany.exe ()
SRV - (LMBApache) -- c:\XAMPPLite\srvany.exe ()
========== Driver Services (SafeList) ========== DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (pwipf6) -- C:\WINDOWS\system32\drivers\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (RapportCerberus_18130) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus_18130.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (
www.webroot.com))
DRV - (SSFMONM) -- C:\WINDOWS\system32\drivers\ssfmonm.sys (Webroot Software, Inc. (
www.webroot.com))
DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (
www.webroot.com))
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ipswuio) -- C:\WINDOWS\system32\drivers\ipswuio.sys (Windows (R) 2000 DDK provider)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
DRV - (ASNDIS5) -- C:\WINDOWS\ATK0100\ASNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-725345543-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: {AA052FD6-366A-4771-A591-0D8DC551585D}:1.1.17
FF - prefs.js..extensions.enabledItems:
smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems:
CompactMenuCE@Merci.chao:4.3.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems:
foxmarks@kei.com:3.5.10
FF - prefs.js..extensions.enabledItems:
fastYoutubeDownloader@yevgenyandrov.net:1.1
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:1.9.2
FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:1.6.0.1126
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.13
FF - prefs.js..keyword.URL: "http://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}: C:\Program Files\Webroot\Security\current\plugins\browserextension\ff_ptc\ [2010/08/20 15:13:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/17 08:17:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/25 09:10:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/08/17 08:17:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird2\components [2010/08/17 08:17:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird2\plugins
[2010/07/19 08:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Extensions
[2010/04/05 13:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/07/19 08:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Extensions\Lucidor@lucidor.org
[2010/08/27 10:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\07csjqha.default\extensions
[2010/08/06 08:46:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\07csjqha.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/20 15:12:52 | 000,000,000 | ---D | M] (Webroot) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\07csjqha.default\extensions\{7a2cadc6-0db8-43bb-a6e4-9d8bda6a254f}
[2010/08/06 08:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\07csjqha.default\extensions\smarterwiki@wikiatic.com
[2010/04/09 11:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\2xs42uq8.default\extensions
[2010/08/20 15:12:52 | 000,000,000 | ---D | M] (Webroot) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\2xs42uq8.default\extensions\{7a2cadc6-0db8-43bb-a6e4-9d8bda6a254f}
[2010/04/09 11:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\3pjby7yr.default\extensions
[2010/04/09 11:41:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\3pjby7yr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/09 11:41:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\3pjby7yr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/09 11:41:30 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\3pjby7yr.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/04/09 11:41:30 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\3pjby7yr.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2010/08/20 15:12:52 | 000,000,000 | ---D | M] (Webroot) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\3pjby7yr.default\extensions\{7a2cadc6-0db8-43bb-a6e4-9d8bda6a254f}
[2010/04/09 11:41:28 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\3pjby7yr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/09 11:41:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\3pjby7yr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/09 11:41:25 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\3pjby7yr.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/09 11:41:21 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\3pjby7yr.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2010/04/09 11:41:21 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\3pjby7yr.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/04/09 11:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\3pjby7yr.default\extensions\piclens@cooliris.com
[2010/04/09 11:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\80kzhizf.default\extensions
[2010/04/09 11:42:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\80kzhizf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/09 11:42:23 | 000,000,000 | ---D | M] (Weave Sync) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\80kzhizf.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/08/20 15:12:52 | 000,000,000 | ---D | M] (Webroot) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\80kzhizf.default\extensions\{7a2cadc6-0db8-43bb-a6e4-9d8bda6a254f}
[2010/04/09 11:42:18 | 000,000,000 | R--D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\extensions
[2010/04/09 11:42:04 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/04/09 11:42:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/09 11:42:04 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2010/08/20 15:12:53 | 000,000,000 | ---D | M] (Webroot) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\extensions\{7a2cadc6-0db8-43bb-a6e4-9d8bda6a254f}
[2010/04/09 11:42:03 | 000,000,000 | ---D | M] (Calculator) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}
[2010/04/09 11:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/09 11:42:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/04/09 11:42:00 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/04/09 11:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\extensions\CompactMenuCE@Merci.chao
[2010/04/09 11:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2010/04/09 11:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\extensions\foxmarks@kei.com
[2010/04/09 11:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\extensions\smarterwiki@wikiatic.com
[2010/06/13 10:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Sunbird\Profiles\jgwyf08e.default\extensions
[2009/04/11 12:26:56 | 000,002,369 | ---- | M] () -- C:\Documents and Settings\NOMAD\Application Data\Mozilla\Firefox\Profiles\9z6hlcrl.default\searchplugins\kiwee-live-search.xml
[2010/08/27 10:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/26 08:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/16 10:34:50 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/16 10:34:50 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010/07/16 10:34:50 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/07/16 10:34:50 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/16 10:34:50 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2010/08/25 11:46:36 | 000,000,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (T4PCBHO Class) - {AB720781-0670-4e46-B82E-376AEF228F25} - C:\Program Files\Tuto4pc\Tuto4pcBHO.dll (Tuto4PC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (WebrootBHO Class) - {D93EC24D-8741-4D41-B83D-A5793B998416} - C:\Program Files\Webroot\Security\Current\plugins\browserextension\WebrootBHO.dll (Webroot Software, Inc.)
O2 - BHO: (Webroot Browser Helper Object) - {e08861fe-8847-4b2a-8ec2-08edb20e4020} - C:\Program Files\Webroot\Security\Current\products\WISE\toolbar\LPBar.dll (Webroot Software, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files\Webroot\Security\Current\products\WISE\toolbar\LPBar.dll (Webroot Software, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2000478354-725345543-1801674531-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\S-1-5-21-2000478354-725345543-1801674531-1003..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lancement rapide d'Adobe Acrobat.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiFrame.lnk = C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-725345543-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-725345543-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2000478354-725345543-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-725345543-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-725345543-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir en un fichier PDF existant - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\NOMAD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\NOMAD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/05 03:38:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/05 10:56:43 | 000,295,954 | ---- | M] () - F:\autoapril9.pdf -- [ NTFS ]
O32 - AutoRun File - [2007/10/23 08:22:58 | 000,000,285 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2000478354-725345543-1801674531-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 60 Days ========== [2010/08/27 20:03:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\NOMAD\Desktop\OTL.exe
[2010/08/27 19:39:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/27 17:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/08/27 17:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/08/27 16:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\LastPass
[2010/08/27 12:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\My Documents\Téléchargements
[2010/08/27 10:55:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NOMAD\My Documents\My Pictures
[2010/08/26 12:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\Uniblue
[2010/08/24 09:30:59 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/08/24 09:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Subliminal Mind
[2010/08/24 09:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Lauyan
[2010/08/23 19:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/08/23 19:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\Temp
[2010/08/23 19:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/08/23 19:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\Google
[2010/08/23 19:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/08/23 19:21:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~3
[2010/08/23 18:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bmc
[2010/08/23 17:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/21 09:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2010/08/20 16:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\Webroot
[2010/08/20 16:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\Webroot
[2010/08/20 15:13:19 | 000,182,056 | ---- | C] (Webroot Software, Inc. (
www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssidrv.sys
[2010/08/20 15:13:19 | 000,045,072 | ---- | C] (Webroot Software, Inc. (
www.webroot.com)) -- C:\WINDOWS\System32\drivers\ssfmonm.sys
[2010/08/20 15:13:19 | 000,024,496 | ---- | C] (Webroot Software, Inc. (
www.webroot.com)) -- C:\WINDOWS\System32\drivers\sshrmd.sys
[2010/08/20 15:13:11 | 000,111,952 | ---- | C] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2010/08/20 15:13:10 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Capicom.dll
[2010/08/20 15:12:48 | 007,089,544 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe
[2010/08/20 15:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/20 15:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/08/20 15:06:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{966933BB-610A-4824-8F02-D3D944597816}
[2010/08/20 15:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/08/18 16:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\Malwarebytes
[2010/08/18 16:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/18 12:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/17 16:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/17 15:56:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/17 13:43:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/17 13:39:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/17 13:39:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/17 13:39:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/17 13:39:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/17 08:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/16 09:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\MT4- Alpari UK
[2010/08/14 12:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\Tuto4pc
[2010/08/14 12:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Tuto4pc
[2010/08/12 12:12:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2010/08/10 11:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\Registry Mechanic
[2010/08/10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/08/09 11:25:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/08 19:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird2
[2010/08/08 18:52:47 | 000,000,000 | ---D | C] -- C:\Glary Utilities
[2010/08/08 07:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\OpenCandy
[2010/08/08 07:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\OpenCandy
[2010/08/08 07:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\CBS Interactive
[2010/08/07 20:14:03 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2010/08/07 20:14:03 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2010/08/07 20:14:03 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2010/08/07 20:14:03 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2010/08/07 20:14:03 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010/08/07 10:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/08/05 19:19:28 | 000,058,984 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/08/01 17:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\Sony Corporation
[2010/08/01 16:06:49 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010/08/01 16:06:45 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/08/01 16:06:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/08/01 14:13:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2010/08/01 13:37:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/07/30 23:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/07/30 23:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\Canon
[2010/07/30 18:03:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/07/30 18:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/07/30 17:59:59 | 000,274,432 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC320L.DLL
[2010/07/30 17:59:59 | 000,192,512 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC320O.DLL
[2010/07/30 17:59:59 | 000,015,872 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNHMCA.dll
[2010/07/30 17:59:58 | 001,331,200 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC320C.DLL
[2010/07/30 17:59:58 | 000,098,304 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC320I.DLL
[2010/07/30 17:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup004
[2010/07/30 17:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup003
[2010/07/30 17:53:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/30 17:52:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010/07/30 17:52:01 | 000,178,176 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIU9O.DLL
[2010/07/30 17:51:45 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/07/30 10:35:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/07/30 09:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2010/07/30 09:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup001
[2010/07/30 09:51:26 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhTH.DLL
[2010/07/30 09:51:25 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhKR.DLL
[2010/07/30 09:51:21 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhTW.DLL
[2010/07/30 09:51:18 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhCN.DLL
[2010/07/30 09:51:16 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhID.DLL
[2010/07/30 09:51:16 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhAR.DLL
[2010/07/30 09:51:15 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhGR.DLL
[2010/07/30 09:51:15 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhTR.DLL
[2010/07/30 09:51:14 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhFI.DLL
[2010/07/30 09:51:13 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhSE.DLL
[2010/07/30 09:51:12 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhNO.DLL
[2010/07/30 09:51:12 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhDK.DLL
[2010/07/30 09:51:11 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhHU.DLL
[2010/07/30 09:51:11 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhCZ.DLL
[2010/07/30 09:51:10 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhRU.DLL
[2010/07/30 09:51:09 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhPL.DLL
[2010/07/30 09:51:08 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhPT.DLL
[2010/07/30 09:51:08 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhNL.DLL
[2010/07/30 09:51:07 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhIT.DLL
[2010/07/30 09:51:07 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhES.DLL
[2010/07/30 09:51:06 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhFR.DLL
[2010/07/30 09:51:06 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhDE.DLL
[2010/07/30 09:51:05 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhJP.DLL
[2010/07/30 09:51:04 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFLhUS.DLL
[2010/07/30 09:50:48 | 000,167,936 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCFMSh.EXE
[2010/07/30 09:50:44 | 000,225,792 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNCF2Lh.DLL
[2010/07/30 09:49:17 | 000,236,032 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM9O.DLL
[2010/07/30 09:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/07/25 13:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\Thunderbird
[2010/07/19 07:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\Ordbrand
[2010/07/19 07:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\Ordbrand
[2010/07/16 08:42:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/07/16 08:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/07/16 08:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/07/16 08:40:52 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/07/16 08:40:52 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/07/16 08:40:52 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/07/16 08:40:51 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/07/16 08:40:51 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/07/16 08:40:51 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/07/15 17:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\Award
[2010/07/15 17:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\WINDOWS
[2010/07/14 23:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/07/14 23:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/07/14 23:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/14 22:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe CS5
[2010/07/14 18:12:36 | 000,022,856 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmn7.dll
[2010/07/14 18:12:36 | 000,019,784 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmi7.dll
[2010/07/14 18:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2010/07/14 18:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\XWebDesignor
[2010/07/14 17:48:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{A0AD6529-0BEC-492F-BA8F-CC175B36CC72}
[2010/07/14 17:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet Protect
[2010/07/14 17:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lucidor
[2010/07/14 17:34:16 | 000,000,000 | ---D | C] -- C:\XAMPPLite
[2010/07/14 17:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Blender
[2010/07/14 17:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\Sunbelt Software
[2010/07/14 17:23:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~2
[2010/07/14 08:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/14 08:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\Trend Micro
[2010/07/13 16:25:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2010/07/13 16:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\PackageAware
[2010/07/11 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/11 14:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/10 18:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\Serif
[2010/07/09 21:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Desktop\Adobe CS5
[2010/07/09 21:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\WinZip
[2010/07/09 21:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/07/09 21:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/07/09 21:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\RiseFly
[2010/07/09 21:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RiseFly
[2010/07/09 21:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\Softland
[2010/07/09 21:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2010/07/09 21:22:28 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2010/07/06 15:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\U3
[2010/07/06 11:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NOMAD\Application Data\Trusteer
[2010/07/06 10:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 60 Days ========== [2010/08/27 20:07:20 | 000,013,692 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/27 20:07:03 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lancement rapide d'Adobe Acrobat.lnk
[2010/08/27 20:06:49 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/27 20:06:46 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/08/27 20:06:42 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/27 20:06:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/27 20:06:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/27 20:05:16 | 013,107,200 | -H-- | M] () -- C:\Documents and Settings\NOMAD\NTUSER.DAT
[2010/08/27 20:05:14 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\NOMAD\ntuser.ini
[2010/08/27 20:03:44 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\NOMAD\Desktop\w9ypvb05.exe
[2010/08/27 20:03:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\NOMAD\Desktop\OTL.exe
[2010/08/27 19:47:29 | 000,509,860 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/27 19:47:29 | 000,093,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/27 19:47:28 | 000,615,336 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/27 19:44:16 | 003,654,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/27 19:27:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/27 18:18:53 | 000,101,728 | ---- | M] () -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/27 17:54:29 | 000,013,135 | ---- | M] () -- C:\Documents and Settings\NOMAD\My Documents\Resultats compte AK sur 1 semaine.xls
[2010/08/27 17:42:08 | 000,020,084 | ---- | M] () -- C:\Documents and Settings\NOMAD\My Documents\sparen2.png
[2010/08/27 17:21:56 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\NOMAD\Desktop\HiJackThis.lnk
[2010/08/27 17:04:56 | 001,066,093 | ---- | M] () -- C:\Documents and Settings\NOMAD\My Documents\Salah_Address_UK.pdf
[2010/08/27 16:08:37 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/27 12:36:42 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2010/08/27 11:09:43 | 000,551,500 | ---- | M] () -- C:\Documents and Settings\NOMAD\My Documents\SALAH_Address.pdf
[2010/08/27 09:58:58 | 000,005,666 | ---- | M] () -- C:\Documents and Settings\NOMAD\My Documents\DetailedStatement Graph.gif
[2010/08/27 09:58:53 | 000,012,882 | ---- | M] () -- C:\Resultats compte AK sur 1 semaine.xlsx
[2010/08/27 09:58:53 | 000,012,882 | ---- | M] () -- C:\Documents and Settings\NOMAD\My Documents\Resultats compte AK sur 1 semaine.xlsx
[2010/08/27 09:58:28 | 000,056,618 | ---- | M] () -- C:\Documents and Settings\NOMAD\My Documents\Patrice CHAINET client-agent disclosure statement.pdf
[2010/08/27 09:58:23 | 000,501,634 | ---- | M] () -- C:\Documents and Settings\NOMAD\My Documents\Indivi ACM ContractFR.pdf
[2010/08/27 09:58:17 | 000,065,315 | ---- | M] () -- C:\Documents and Settings\NOMAD\My Documents\LPOA Patrice CHAINET35.pdf
[2010/08/27 09:45:40 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\NOMAD\My Documents\Plus values réalisées 2009 2010.xls
[2010/08/26 19:25:30 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 11:46:36 | 000,000,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/25 09:10:06 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/24 09:31:02 | 000,001,625 | ---- | M] () -- C:\Documents and Settings\NOMAD\Desktop\Subliminal Mind.lnk
[2010/08/24 09:30:30 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010/08/24 09:29:17 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\NOMAD\Desktop\Lauyan TOWeb V3.lnk
[2010/08/23 19:23:30 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/08/23 19:23:30 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\NOMAD\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/23 17:33:20 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\NOMAD\Desktop\HiJackThis.msi
[2010/08/22 23:15:27 | 000,000,575 | ---- | M] () -- C:\Documents and Settings\NOMAD\Desktop\Shortcut to heracles_S999.doc.lnk
[2010/08/20 15:29:47 | 000,000,280 | -HS- | M] () -- C:\boot.ini
[2010/08/20 15:28:24 | 000,000,281 | ---- | M] () -- C:\boot2.ini
[2010/08/20 15:12:59 | 007,089,544 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe
[2010/08/20 15:06:12 | 000,001,968 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot Internet Security Essentials.lnk
[2010/08/20 15:04:54 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/08/20 14:42:14 | 000,001,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/18 16:07:07 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\TechGuys Scheduled Defrag.job
[2010/08/17 14:10:31 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2010/08/17 13:53:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/17 13:31:08 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/17 08:17:11 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 12:21:48 | 000,511,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Capicom.dll
[2010/08/16 12:21:30 | 000,111,952 | ---- | M] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2010/08/16 09:32:40 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MetaTrader 4 Alpari UK.lnk
[2010/08/13 13:54:52 | 000,030,424 | ---- | M] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/08/13 13:54:42 | 000,017,472 | ---- | M] () -- C:\WINDOWS\System32\SsiEfr.exe
[2010/08/12 22:28:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 22:27:42 | 000,000,736 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/10 22:47:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/08/08 19:13:41 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\NOMAD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/08/08 19:13:41 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2010/08/08 18:53:02 | 000,000,543 | ---- | M] () -- C:\Documents and Settings\NOMAD\Desktop\Glary Utilities.lnk
[2010/08/05 19:19:28 | 000,058,984 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/07/30 17:58:52 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2010/07/30 17:56:47 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ALL1 EX 2.1.lnk
[2010/07/30 17:55:38 | 000,001,967 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon MX320 series On-screen Manual.lnk
[2010/07/27 07:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/14 22:04:40 | 000,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
[2010/07/14 18:07:03 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\NOMAD\Desktop\XWebDesignor.lnk
[2010/07/14 17:41:19 | 004,310,524 | -H-- | M] () -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\IconCache.db
[2010/07/14 17:25:28 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\NOMAD\Desktop\PDF Blender.lnk
[2010/07/11 23:28:00 | 000,411,890 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100817-121152.backup
[2010/07/09 21:33:21 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/07/09 21:33:20 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/07/06 20:12:25 | 000,000,020 | ---- | M] () -- C:\WINDOWS\hppsapp.INI
[2010/07/05 09:37:38 | 000,022,856 | ---- | M] (Softland) -- C:\WINDOWS\System32\dopdfmn7.dll
[2010/07/05 09:37:38 | 000,019,784 | ---- | M] (Softland) -- C:\WINDOWS\System32\dopdfmi7.dll
[2010/06/30 13:31:35 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/08/27 20:03:44 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\NOMAD\Desktop\w9ypvb05.exe
[2010/08/27 17:54:27 | 000,013,135 | ---- | C] () -- C:\Documents and Settings\NOMAD\My Documents\Resultats compte AK sur 1 semaine.xls
[2010/08/27 17:42:07 | 000,020,084 | ---- | C] () -- C:\Documents and Settings\NOMAD\My Documents\sparen2.png
[2010/08/27 17:04:56 | 001,066,093 | ---- | C] () -- C:\Documents and Settings\NOMAD\My Documents\Salah_Address_UK.pdf
[2010/08/27 16:54:27 | 002,368,494 | ---- | C] () -- C:\Documents and Settings\NOMAD\My Documents\SALAH_IDpss.jpg
[2010/08/27 11:09:42 | 000,551,500 | ---- | C] () -- C:\Documents and Settings\NOMAD\My Documents\SALAH_Address.pdf
[2010/08/27 10:05:27 | 000,012,882 | ---- | C] () -- C:\Resultats compte AK sur 1 semaine.xlsx
[2010/08/27 09:58:58 | 000,005,666 | ---- | C] () -- C:\Documents and Settings\NOMAD\My Documents\DetailedStatement Graph.gif
[2010/08/27 09:58:53 | 000,012,882 | ---- | C] () -- C:\Documents and Settings\NOMAD\My Documents\Resultats compte AK sur 1 semaine.xlsx
[2010/08/27 09:58:28 | 000,056,618 | ---- | C] () -- C:\Documents and Settings\NOMAD\My Documents\Patrice CHAINET client-agent disclosure statement.pdf
[2010/08/27 09:58:23 | 000,501,634 | ---- | C] () -- C:\Documents and Settings\NOMAD\My Documents\Indivi ACM ContractFR.pdf
[2010/08/27 09:58:16 | 000,065,315 | ---- | C] () -- C:\Documents and Settings\NOMAD\My Documents\LPOA Patrice CHAINET35.pdf
[2010/08/27 09:45:40 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\NOMAD\My Documents\Plus values réalisées 2009 2010.xls
[2010/08/24 09:31:02 | 000,001,625 | ---- | C] () -- C:\Documents and Settings\NOMAD\Desktop\Subliminal Mind.lnk
[2010/08/24 09:29:17 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\NOMAD\Desktop\Lauyan TOWeb V3.lnk
[2010/08/23 19:31:51 | 000,000,492 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/23 19:23:30 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/08/23 19:23:30 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\NOMAD\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/23 19:22:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/23 19:22:00 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/23 19:12:43 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/23 17:34:23 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\NOMAD\Desktop\HiJackThis.lnk
[2010/08/23 17:33:19 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\NOMAD\Desktop\HiJackThis.msi
[2010/08/22 23:15:30 | 000,000,575 | ---- | C] () -- C:\Documents and Settings\NOMAD\Desktop\Shortcut to heracles_S999.doc.lnk
[2010/08/20 15:27:45 | 000,000,281 | ---- | C] () -- C:\boot2.ini
[2010/08/20 15:13:19 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/08/20 15:13:19 | 000,017,472 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2010/08/20 15:06:12 | 000,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot Internet Security Essentials.lnk
[2010/08/20 15:04:54 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/08/20 14:40:18 | 000,001,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/18 16:07:07 | 000,000,310 | ---- | C] () -- C:\WINDOWS\tasks\TechGuys Scheduled Defrag.job
[2010/08/17 14:10:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2010/08/17 13:43:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/17 13:43:41 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/17 13:39:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/17 13:39:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/17 13:39:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/17 08:17:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 09:32:40 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MetaTrader 4 Alpari UK.lnk
[2010/08/08 18:53:06 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/08/08 18:53:02 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\NOMAD\Desktop\Glary Utilities.lnk
[2010/07/30 17:59:58 | 000,013,568 | ---- | C] () -- C:\WINDOWS\System32\CNC1736D.TBL
[2010/07/30 17:58:52 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon Easy-PhotoPrint EX.lnk
[2010/07/30 17:56:47 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ALL1 EX 2.1.lnk
[2010/07/30 09:53:30 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Canon MX320 series On-screen Manual.lnk
[2010/07/15 17:13:36 | 000,003,538 | ---- | C] () -- C:\WINDOWS\System32\drivers\WinFlash.sys
[2010/07/14 22:36:18 | 000,076,351 | ---- | C] () -- C:\Program Files\Photoshop CS5 Read Me.pdf
[2010/07/14 18:07:03 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\NOMAD\Desktop\XWebDesignor.lnk
[2010/07/14 17:25:28 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\NOMAD\Desktop\PDF Blender.lnk
[2010/07/09 21:33:21 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/07/09 21:33:20 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/07/09 21:22:46 | 000,007,549 | ---- | C] () -- C:\WINDOWS\System32\dopdf7.ctm
[2010/06/06 22:04:06 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\fusioncache.dat
[2010/05/28 23:37:53 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/04/30 09:45:47 | 000,000,020 | ---- | C] () -- C:\WINDOWS\hppsapp.INI
[2010/04/16 10:06:33 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\NOMAD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/15 09:21:59 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2010/04/15 09:21:56 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2010/04/15 09:21:55 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2010/04/15 09:21:46 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2010/04/15 09:21:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2010/04/15 09:17:23 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2010/04/15 09:17:23 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2010/04/08 17:33:36 | 000,000,834 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/04/08 15:13:18 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/04/08 15:13:18 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010/04/08 15:13:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/04/08 15:13:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2010/04/08 15:13:16 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2010/04/08 15:13:15 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2010/04/08 15:13:12 | 000,009,030 | ---- | C] () -- C:\WINDOWS\HL-2030.INI
[2010/04/08 15:12:11 | 000,000,352 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/04/07 19:20:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/05 11:26:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2010/04/05 11:25:44 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/04/05 11:25:44 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/04/05 11:25:31 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2010/04/05 11:25:29 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/04/05 11:25:29 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/04/05 11:25:27 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/04/05 11:25:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/04/05 04:28:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2010/04/05 04:28:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2010/04/05 04:28:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2010/04/05 04:28:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2010/04/05 04:28:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2010/04/05 04:28:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2010/04/05 04:28:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2010/04/05 04:28:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2010/04/05 04:28:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2010/04/05 04:28:38 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2010/04/05 04:23:11 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/04/05 03:57:18 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2006/04/27 10:48:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/04/27 10:48:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/04/27 10:48:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/04/27 10:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/04/27 10:48:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >
EXTRAS.txt
OTL Extras logfile created on: 27/08/2010 20:10:24 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\NOMAD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 82.42 Gb Total Space | 40.99 Gb Free Space | 49.74% Space Free | Partition Type: NTFS
Drive D: | 29.37 Gb Total Space | 18.37 Gb Free Space | 62.54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 80.08 Gb Total Space | 25.15 Gb Free Space | 31.40% Space Free | Partition Type: NTFS
Drive G: | 6.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 139.88 Gb Total Space | 20.69 Gb Free Space | 14.79% Space Free | Partition Type: NTFS
Drive I: | 78.13 Gb Total Space | 69.46 Gb Free Space | 88.91% Space Free | Partition Type: NTFS
Drive P: | 1.90 Gb Total Space | 1.79 Gb Free Space | 94.01% Space Free | Partition Type: FAT
Computer Name: ATFXEF49EFB7B13
Current User Name: NOMAD
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-2000478354-725345543-1801674531-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Office 2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1039:TCP" = 1039:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\XAMPPLite\mysql\bin\mysqld.exe" = C:\XAMPPLite\mysql\bin\mysqld.exe:*:Enabled:Lundi Matin (MySQL) -- ()
"C:\XAMPPLite\apache\bin\apache.exe" = C:\XAMPPLite\apache\bin\apache.exe:*:Enabled:Lundi Matin (Apache) -- (Apache Software Foundation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-040C-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = ASUS Client Installation Program
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{343C731F-1C08-4F90-8268-B4F3F4F9E857}_is1" = Audio Comparer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46548E80-040C-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{60D4AD79-F502-40E4-849D-AC1BB23B9174}" = Brother HL-2030
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{861BBE6C-C6EC-40A1-AB55-F4A1A6D6E6C8}" = Business Manager
"{89DDBCD4-B326-4545-9A05-26C7B16C1DEB}" = PowerForPhone
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{90D00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Developer Extensions
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A54DFB1B-213A-4FBC-92C0-0AAED9856E04}" = Lucidor
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professionel
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.4 - Français
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe ActiveShare" = Adobe ActiveShare 1.3.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Akamai" = Akamai NetSession Interface
"Canon MX320 series User Registration" = Canon MX320 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"doPDF 7 printer_is1" = doPDF 7.1 printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Glary Utilities_is1" = Glary Utilities 2.27.0.982
"Google Chrome" = Google Chrome
"HControl" = ATK0100 ACPI UTILITY
"HP PrecisionScan LTX" = HP PrecisionScan LTX
"ie8" = Windows Internet Explorer 8
"M3" = Asus MiVo Messenger
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.
" = Mozilla Firefox (3.6.
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"NVIDIA Drivers" = NVIDIA Drivers
"PDF Blender" = PDF Blender
"Rapport_msi" = Rapport
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Subliminal_Mind_1.0" = Subliminal Mind 1.1
"SuperCopier2" = SuperCopier2
"TOWeb-SetupID-0003_is1" = Lauyan TOWeb V3
"Tuto4pc_is1" = Tuto Ccleaner1.0.0.0
"Webroot Software" = Webroot Software
"WinFlash" = WinFlash
"XWebDesignor" = XWebDesignor
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 23/08/2010 14:24:55 | Computer Name = ATFXEF49EFB7B13 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 25/08/2010 06:35:42 | Computer Name = ATFXEF49EFB7B13 | Source = Application Hang | ID = 1002
Description = Hanging application teatimer166.tmp, version 51.49.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 26/08/2010 03:36:02 | Computer Name = ATFXEF49EFB7B13 | Source = Google Update | ID = 20
Description =
Error - 26/08/2010 04:36:03 | Computer Name = ATFXEF49EFB7B13 | Source = Google Update | ID = 20
Description =
Error - 26/08/2010 05:36:04 | Computer Name = ATFXEF49EFB7B13 | Source = Google Update | ID = 20
Description =
Error - 26/08/2010 05:57:21 | Computer Name = ATFXEF49EFB7B13 | Source = Application Hang | ID = 1002
Description = Hanging application WRFrame.exe, version 7.0.4.93, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 27/08/2010 04:59:36 | Computer Name = ATFXEF49EFB7B13 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147023843. Please open C:\Program Files\Office 2003\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.
Error - 27/08/2010 05:30:22 | Computer Name = ATFXEF49EFB7B13 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 27/08/2010 14:31:15 | Computer Name = ATFXEF49EFB7B13 | Source = BBMTicketService | ID = 0
Description = Failed to stop service.
Error - 27/08/2010 14:35:13 | Computer Name = ATFXEF49EFB7B13 | Source = MsiInstaller | ID = 11921
Description = Product: Business Manager -- Error 1921. Service 'BBM Ticket Service'
(BBMTicketService) could not be stopped. Verify that you have sufficient privileges
to stop system services.
[ System Events ]
Error - 27/08/2010 07:38:01 | Computer Name = ATFXEF49EFB7B13 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WebrootSpySweeperService service.
Error - 27/08/2010 07:38:23 | Computer Name = ATFXEF49EFB7B13 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WRConsumerService service.
Error - 27/08/2010 11:04:02 | Computer Name = ATFXEF49EFB7B13 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 27/08/2010 11:04:11 | Computer Name = ATFXEF49EFB7B13 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 27/08/2010 14:42:56 | Computer Name = ATFXEF49EFB7B13 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 27/08/2010 14:43:14 | Computer Name = ATFXEF49EFB7B13 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd
Error - 27/08/2010 14:45:03 | Computer Name = ATFXEF49EFB7B13 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WebrootSpySweeperService service.
Error - 27/08/2010 15:06:59 | Computer Name = ATFXEF49EFB7B13 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 27/08/2010 15:07:13 | Computer Name = ATFXEF49EFB7B13 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd
Error - 27/08/2010 15:07:13 | Computer Name = ATFXEF49EFB7B13 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
< End of report >
gmer1.txt
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-08-28 07:32:16
Windows 5.1.2600 Service Pack 3
Running: w9ypvb05.exe; Driver: C:\DOCUME~1\NOMAD\LOCALS~1\Temp\pwadapog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\ShellExplorer\{B0D5CBA9-7917-44fa-AD19-42F93ED98E7B}@Version 84148232
Reg HKLM\SYSTEM\ControlSet002\Control\ShellExplorer\{B0D5CBA9-7917-44fa-AD19-42F93ED98E7B}@Version 84148232
---- EOF - GMER 1.0.15 ----
gmer2.txt
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-08-29 10:36:12
Windows 5.1.2600 Service Pack 3
Running: w9ypvb05.exe; Driver: C:\DOCUME~1\NOMAD\LOCALS~1\Temp\pwadapob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\ShellExplorer\{B0D5CBA9-7917-44fa-AD19-42F93ED98E7B}@Version 84148232
Reg HKLM\SYSTEM\ControlSet002\Control\ShellExplorer\{B0D5CBA9-7917-44fa-AD19-42F93ED98E7B}@Version 84148232
---- EOF - GMER 1.0.15 ----
Deltalima, I hope you get this all fine and that you could overcome this "nasty" malware.
Thanks in advance for your time and your generosity
LePap