cedrill Posted November 2, 2012 ID:609048 Share Posted November 2, 2012 Hello,When I connect to my hotmail account, malwarebytes indicates it blocked a redirection to a Russian IP 46.17.97.109.I read some similar post in your forum but I couldn't solve it by myself.In attached, Malwarebytes, Combofix report. Some part are in french, sorry Also, you will find the DDS and Attach report.Malwarebytes didn't find anything but send a message each time I connect to one of hotmail account. (to the other one, no).Could you help me?Thanks a lot,CédricDDS.txtAttach.txtComboFix.txtMalwarebytes.txt Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 2, 2012 ID:609060 Share Posted November 2, 2012 I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. In attached, Malwarebytes, Combofix report. Some part are in french, sorry Please note that ComboFix is a very powerful and using it without the supervision of a helper such as myself can be quite dangerous for your computer. As for your logs in French, I know a bit of French myself so all good. Babylon is one of those annoying toolbars that often won't go away. Please run the two tools below.Please download AdwCleaner by Xplode onto your Desktop. Double click on AdwCleaner.exe to run the tool.Click on Search.A logfile will automatically open after the scan has finished.Please post the content of that logfile in your reply.You can find the logfile at C:\AdwCleaner[R1].txt as well.=====Then, please download OTL.exe by OldTimer to your Desktop. Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:netsvcsdrivers32%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINTHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsClick Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all.=====In your reply please provide the contents of the following logs (please do not attach):AdwCleaner[R1].txt.OTL.txt.Extras.txt. Link to post Share on other sites More sharing options...
cedrill Posted November 3, 2012 Author ID:609078 Share Posted November 3, 2012 Bonjour,Thanks for your help.Here there are the first 2 logs:Cédric,AdwCleaner[R1].txt.# AdwCleaner v2.006 - Logfile created 11/03/2012 at 00:40:17# Updated 30/10/2012 by Xplode# Operating system : Windows 7 Professional Service Pack 1 (64 bits)# User : Cedric - CEDRIC-THINK# Boot Mode : Normal# Running from : C:\Users\Cedric\Downloads\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****Folder Found : C:\Program Files (x86)\Ask.comFolder Found : C:\ProgramData\BabylonFolder Found : C:\Users\Cedric\AppData\Local\AskToolbarFolder Found : C:\Users\Cedric\AppData\Local\BabylonFolder Found : C:\Users\Cedric\AppData\LocalLow\AskToolbarFolder Found : C:\Users\Cedric\AppData\Roaming\BabylonFolder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}***** [Registry] *****Key Found : HKCU\Software\APNKey Found : HKCU\Software\AppDataLow\AskToolbarInfoKey Found : HKCU\Software\AppDataLow\SoftwareKey Found : HKCU\Software\AppDataLow\Software\AskToolbarKey Found : HKCU\Software\Ask.comKey Found : HKCU\Software\AskToolbarKey Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Key Found : HKCU\Software\SoftonicKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Found : HKLM\Software\APNKey Found : HKLM\Software\AskToolbarKey Found : HKLM\Software\BabylonKey Found : HKLM\Software\BabylonToolbarKey Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLLKey Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWndKey Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEFKey Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEFKey Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFKey Found : HKU\S-1-5-21-3945560438-835355012-1364033068-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]***** [internet Browsers] *****-\\ Internet Explorer v8.0.7601.17514[OK] Registry is clean.-\\ Google Chrome v [unable to get version]File : C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.-\\ Chromium v22.0.1216.0File : C:\Users\Cedric\AppData\Local\Chromium\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [4499 octets] - [03/11/2012 00:40:17]########## EOF - C:\AdwCleaner[R1].txt - [4559 octets] ##########Extras.TxtOTL Extras logfile created on: 03/11/2012 00:43:29 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cedric\Downloads64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy3,89 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 50,24% Memory free7,78 Gb Paging File | 5,78 Gb Available in Paging File | 74,34% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 454,82 Gb Total Space | 84,82 Gb Free Space | 18,65% Space Free | Partition Type: NTFSDrive Q: | 9,77 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFSComputer Name: CEDRIC-THINK | User Name: Cedric | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1".url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = ChromiumHTML.WN5V6WUYVWEMANRDOFD242GULA] -- C:\Users\Cedric\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{00F536E8-9E04-443A-B7F1-14906CD98826}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{162DC1F9-5CB4-4E0D-B0C2-C43D59CA6824}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1634276F-1395-48B5-8085-3018B7F2325D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{168E14C8-02EA-4F62-924B-B7C8C0CFFB23}" = lport=137 | protocol=17 | dir=in | app=system | "{1870E630-5B55-42C6-832D-FA7756A653D6}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{216274A5-07AD-4765-AECE-C12114898D2F}" = lport=139 | protocol=6 | dir=in | app=system | "{2D0924F6-F330-4A7A-A909-CF3BC3E19D11}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3D0A5C0F-3065-45EB-9A71-F8E416EDCFF0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5D3FC0F0-DA85-4959-8903-6C0706E46D76}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{6515E93C-7B2B-4797-BA55-2DE7D9A03A09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6709DEC3-78E9-4F2F-B48B-079B7313AD3F}" = lport=10243 | protocol=6 | dir=in | app=system | "{7E067D83-F6E4-4808-867C-9AB3743B3F16}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{7E224E02-9ECC-4667-9BFC-8FFB1916E5D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{81B0E38E-B0A2-49EB-B041-26E9CB9F5803}" = rport=139 | protocol=6 | dir=out | app=system | "{846E6800-7A41-404B-8234-270C5B252F60}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{866A1FB7-93FA-4C55-AB93-98662AB530CC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{87D872B1-3EFE-40F4-B963-7B47F738770F}" = lport=445 | protocol=6 | dir=in | app=system | "{94E3DAA0-0964-409A-AEBA-27262B05C6A1}" = rport=10243 | protocol=6 | dir=out | app=system | "{B04EEEFD-8DB5-4A0E-84C1-8CB62F95C812}" = lport=138 | protocol=17 | dir=in | app=system | "{B0D4E3D6-7056-4914-ABF2-27CCF32DEDBB}" = rport=445 | protocol=6 | dir=out | app=system | "{BBFD9B4B-BDA2-4A7F-857A-E2FA4D1FFEB8}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{BC116B38-3C69-412C-83C7-219DF61963B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CE469A05-CA76-4498-AB5B-313ED7BF489A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{CF49962B-6CAF-4D64-8F66-6AC350A87D57}" = lport=2869 | protocol=6 | dir=in | app=system | "{D85A660F-CA98-4F98-80DB-301D89AD9C37}" = rport=138 | protocol=17 | dir=out | app=system | "{E045EA36-F60F-4BFD-8A45-89540448563C}" = rport=137 | protocol=17 | dir=out | app=system | "{EE4B5034-4234-420E-AAEE-D6960E4F4BD3}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{07A1157C-87E4-4B5A-BBC4-1FDE142EA341}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "{10CB080D-80EC-4EE2-A5CE-F4A36D9F3F14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{184EA067-4FD7-4209-A052-610BA18DED45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{19DCAF61-0FB0-4F03-96B9-BCF22A058158}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2AA1B182-06A6-4FF0-B61C-BE4E73889B5C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2EFFA88D-6752-4A53-A5B0-6BBAE65E3974}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3E676A7A-370D-47F7-AA5B-67AA3FA9B371}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{42315113-72D0-4FFA-8927-EAAC7BF01502}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{43A1CAAD-82D2-4DC4-B390-2976D22D47CA}" = protocol=17 | dir=in | app=e:\fscommand\cksocketserver.exe | "{45446F33-E6CC-4A4B-A665-6E8B30E14706}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4FEA7436-AA8C-4398-87FA-C43952801C41}" = protocol=6 | dir=out | app=system | "{51ABA579-29D7-4A39-ACB2-3FB070712B9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5AD16DF9-D0A8-4179-B970-3C47EE490DDB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5B694C26-CDBF-4A70-99B2-9E5895A2DC17}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6EA27CB2-C054-4636-AF3D-BD1B5D3C0677}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{6F619AF1-95D6-4E27-AE71-1FD8DA4F83F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{748BE49B-AB55-4F16-9B8D-71F15FE5A7D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7B2F5942-B12A-4D0F-B5E6-D0046A7275C9}" = dir=in | app=c:\users\cedric\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{7C1F2196-28EF-4D94-BE08-4AED82FF0209}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{7D7DDB8C-DA92-4CEC-A061-DD57E3C44BC2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{8886969F-625A-4B51-9619-2C726F1F197C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{923FFEA8-B97F-49BB-8BDF-6E857BC65855}" = protocol=6 | dir=in | app=e:\fscommand\cksocketserver.exe | "{94B48834-7AD1-4123-A497-8755E550FB05}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{9AD9071F-41D6-4856-AA7B-14DD98B2D6FF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ACA3127C-B1FB-4582-9CDB-12C2B5A434BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AF960A30-5A2C-42F0-8105-DDAB65471DA7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B4A7CCB0-D132-404D-ADFB-0472BCA7D783}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{B5EDDCF1-5E3C-4BB6-948A-666752942501}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B6F3070B-65EA-4585-9F4A-06796CE1D582}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C1EFDE79-B06A-413F-8F2C-B5EFB05A982D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C2E36F79-EF0F-4A91-99ED-B3679119904B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C7F79EDF-D5E2-4481-A36E-21F2D5041174}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{CEACAF07-C1A9-466D-9098-27F287EA68DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EA391BD6-E55A-46DE-8110-BFEFF1687517}" = dir=in | app=c:\program files (x86)\rapidsolution\audials 9\audials.exe | "{EA586D64-EF05-4474-90F8-D3607B44AFD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EC6BD773-11EF-472A-AD39-B2D86626FB0F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{EF55B88A-3A34-46B0-9FDF-9CBDD5F77420}" = protocol=17 | dir=in | app=e:\fscommand\cksocketserver.exe | "{EF59DC80-7A22-42B8-B3B6-58D5840AC2EA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{F34518B4-1F5D-4ACB-927A-C4D1DE165234}" = protocol=6 | dir=in | app=e:\fscommand\cksocketserver.exe | "{F5F3C78F-A41F-48AA-8597-28C7727CAA1A}" = protocol=58 | dir=in | app=system | "{F6001D73-8D35-4AD1-8655-C65034EB9B02}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F6F89103-82BB-414A-92EF-3D6D3C6F64C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FDFC41BD-67F5-4C6A-9FA7-3042C51DA211}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | "TCP Query User{1A9D9BBD-B613-4A57-8567-79FCD5B91FD9}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{27C0ED3C-015D-4835-9CAD-20B309389662}C:\users\cedric\appdata\local\temp\pylab61.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\cedric\appdata\local\temp\pylab61.tmp\pyrun.exe | "TCP Query User{2CAEFFA8-83B6-49FF-B3CC-CC16627F3235}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | "TCP Query User{497692E0-1C6A-45B1-B950-06CE5B0572A9}C:\users\cedric\appdata\local\temp\pyl8b34.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\cedric\appdata\local\temp\pyl8b34.tmp\pyrun.exe | "TCP Query User{7B650792-14ED-4A4E-8EC8-6E668769B3AB}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{AA8B3413-D3E5-4579-A172-FC84B6DC8477}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{ECE93DC2-67E5-4EE0-AF1D-36146B8FF61B}C:\users\cedric\appdata\local\chromium\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\cedric\appdata\local\chromium\application\chrome.exe | "UDP Query User{30BAA907-0FAD-4156-BBDF-A5CF04F0546D}C:\users\cedric\appdata\local\temp\pyl8b34.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\cedric\appdata\local\temp\pyl8b34.tmp\pyrun.exe | "UDP Query User{41C87CE7-F811-42C8-B865-310FB90283F4}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{440F2273-6BAF-43D0-B4CA-4FF185776AFE}C:\users\cedric\appdata\local\temp\pylab61.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\cedric\appdata\local\temp\pylab61.tmp\pyrun.exe | "UDP Query User{9C96FD35-08A4-4767-AFD0-6224016BF22D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{BC73C366-FB49-41AC-80DC-385D8A0371E4}C:\users\cedric\appdata\local\chromium\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\cedric\appdata\local\chromium\application\chrome.exe | "UDP Query User{EB2D5A53-2C02-4B47-BD52-A9E848E5CFD6}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{F36F0168-6CF1-41AD-9C1D-1D28DCAFA60E}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software"{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}" = Microsoft Antimalware Service FR-FR Language Pack"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client FR-FR Language Pack"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)"598E94DC2EBC0E4D1F6240F3E25E1AC6D2D1A0FA" = Windows Driver Package - Ricoh Company SD Host Controller (12/14/2010 6.10.10.25)"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0)"8DAEF707B6B749388AD4ADA30B486276CDDD9282" = Windows Driver Package - Synaptics (SynTP) Mouse (12/15/2010 15.2.5.2)"90FD26A77B849AE03FF5F07A1CDA7F950406A8D8" = Windows Driver Package - Intel (MEIx64) System (10/19/2010 7.0.0.1144)"A513FC5E5A08D4EF27F234E91E0E942A0234210B" = Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD"D97688B8E3830BF9820E15EB8D9552DCBF988CFD" = Windows Driver Package - Intel USB (09/16/2010 9.2.0.1013)"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7"FE1BEBFD475BB832AAF104F5C63348E98A9286DF" = Windows Driver Package - Intel System (10/04/2010 9.2.0.1015)"LENOVO.SMIIF" = Lenovo System Interface Driver"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft Security Client" = Microsoft Security Essentials"OnScreenDisplay" = On Screen Display"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox"Power Management Driver" = ThinkPad Power Management Driver"ProInst" = Intel PROSet Wireless"SynTPDeinstKey" = ThinkPad UltraNav Driver"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide"{155E102A-A022-48F7-92D8-5B38D260BBD5}" = ELECOM MouseAssistant2"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.10"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 37"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel® Identity Protection Technology 1.0.71.0"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD"{6068A42A-C1CF-45F2-9859-5DB16287FE5D}" = msvcrt_installer"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{77F955CC-E8AC-489F-9AF0-2BF48935CF9C}" = ELECOM MouseAssistant2"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7DA1C06F-C913-46C7-8A0F-DA2CBA17EA1D}" = OpenOffice.org 3.4.1"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8EB278E8-7FDA-4ED9-A429-C87A76F95087}_is1" = 1AVCapture version 1.9.3.10"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1134"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B39629-8BB3-4AE2-8AAC-FDDD7E80901E}" = Audials"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"BitTorrent" = BitTorrent"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1"CobBackup10" = Cobian Backup 10"CobBackup11" = Cobian Backup 11 Gravity"DominateGame" = DominateGame 20050929 (dominate)"eMule" = eMule"FastStone Image Viewer" = FastStone Image Viewer 4.6"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder"Jaangle music management" = Jaangle music management"kit bouygtel" = kit bouygtel"Lenovo Welcome_is1" = Lenovo Welcome"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000"Rapport_msi" = Rapport"VLC media player" = VLC media player 2.0.2"Winamp" = Winamp"WinLiveSuite" = Windows Live Essentials"Wubi" = Ubuntu========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{79A765E1-C399-405B-85AF-466F52E918B0}" = système de mise à jour de Nero Toolbar Updater"Chromium" = Chromium========== Last 20 Event Log Errors ==========[ Application Events ]Error - 18/10/2012 23:10:25 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 1139Error - 18/10/2012 23:10:26 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 18/10/2012 23:10:26 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 2340Error - 18/10/2012 23:10:26 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 2340Error - 18/10/2012 23:10:27 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 18/10/2012 23:10:27 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 3479Error - 18/10/2012 23:10:27 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 3479Error - 18/10/2012 23:10:28 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 18/10/2012 23:10:28 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 4618Error - 18/10/2012 23:10:28 | Computer Name = Cedric-THINK | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 4618[ Lenovo-Message Center Plus/Admin Events ]Error - 11/03/2012 14:41:19 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4Description = The file size of the downloaded file /TOC.cab is not the same as the file size of the file on the serverError - 11/03/2012 14:41:19 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\indexEncryptingChilli.php does not have a Lenovo Digital Signature. The file will be deletedError - 14/03/2012 16:47:03 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4Description = The file size of the downloaded file /TOC.cab is not the same as the file size of the file on the serverError - 14/03/2012 16:47:03 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\indexEncryptingChilli.php does not have a Lenovo Digital Signature. The file will be deletedError - 14/03/2012 20:48:29 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4Description = The file size of the downloaded file /TOC.cab is not the same as the file size of the file on the serverError - 14/03/2012 20:48:29 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\indexEncryptingChilli.php does not have a Lenovo Digital Signature. The file will be deletedError - 18/03/2012 14:01:40 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4Description = The file size of the downloaded file /TOC.cab is not the same as the file size of the file on the serverError - 18/03/2012 14:01:40 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\indexEncryptingChilli.php does not have a Lenovo Digital Signature. The file will be deletedError - 21/03/2012 17:41:24 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4Description = The file size of the downloaded file /TOC.cab is not the same as the file size of the file on the serverError - 21/03/2012 17:41:24 | Computer Name = Cedric-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\indexEncryptingChilli.php does not have a Lenovo Digital Signature. The file will be deleted[ Media Center Events ]Error - 14/03/2012 15:08:26 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0Description = 20:08:26 - Error connecting to the internet. 20:08:26 - Unable to contact server.. Error - 21/03/2012 15:10:32 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0Description = 20:10:31 - Error connecting to the internet. 20:10:31 - Unable to contact server.. Error - 26/03/2012 16:45:20 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0Description = 22:45:20 - Error connecting to the internet. 22:45:20 - Unable to contact server.. Error - 05/04/2012 02:02:13 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0Description = 8:02:12 - Error connecting to the internet. 8:02:12 - Unable to contact server.. Error - 05/04/2012 14:03:32 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0Description = 20:03:32 - Error connecting to the internet. 20:03:32 - Unable to contact server.. Error - 29/04/2012 17:12:44 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0Description = 23:12:43 - Error connecting to the internet. 23:12:44 - Unable to contact server.. Error - 29/04/2012 17:12:50 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0Description = 23:12:49 - Error connecting to the internet. 23:12:49 - Unable to contact server.. Error - 11/07/2012 09:53:52 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0Description = 15:53:52 - Error connecting to the internet. 15:53:52 - Unable to contact server.. Error - 16/07/2012 08:45:34 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0Description = 14:45:34 - Error connecting to the internet. 14:45:34 - Unable to contact server.. Error - 30/07/2012 05:16:21 | Computer Name = Cedric-THINK | Source = MCUpdate | ID = 0Description = 11:16:19 - Error connecting to the internet. 11:16:19 - Unable to contact server.. [ System Events ]Error - 29/10/2012 18:07:22 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7001Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068Error - 29/10/2012 21:04:02 | Computer Name = Cedric-THINK | Source = DCOM | ID = 10005Description = Error - 29/10/2012 21:04:03 | Computer Name = Cedric-THINK | Source = Microsoft Antimalware | ID = 2001Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.863.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Error - 31/10/2012 04:46:06 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.Error - 31/10/2012 04:46:52 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Biometric Service service to connect.Error - 31/10/2012 04:46:54 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7000Description = The Windows Biometric Service service failed to start due to the following error: %%1053Error - 02/11/2012 06:33:44 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7034Description = The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).Error - 02/11/2012 06:49:50 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error - 02/11/2012 06:52:57 | Computer Name = Cedric-THINK | Source = Application Popup | ID = 1060Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error - 02/11/2012 06:57:02 | Computer Name = Cedric-THINK | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.< End of report > Link to post Share on other sites More sharing options...
cedrill Posted November 3, 2012 Author ID:609079 Share Posted November 3, 2012 and the last oneOTL.TxtOTL logfile created on: 03/11/2012 00:43:29 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cedric\Downloads64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy3,89 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 50,24% Memory free7,78 Gb Paging File | 5,78 Gb Available in Paging File | 74,34% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 454,82 Gb Total Space | 84,82 Gb Free Space | 18,65% Space Free | Partition Type: NTFSDrive Q: | 9,77 Gb Total Space | 9,69 Gb Free Space | 99,22% Space Free | Partition Type: NTFSComputer Name: CEDRIC-THINK | User Name: Cedric | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/11/03 00:41:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cedric\Downloads\OTL.exePRC - [2012/11/03 00:40:08 | 000,540,977 | ---- | M] () -- C:\Users\Cedric\Downloads\adwcleaner.exePRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exePRC - [2012/09/29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/09/22 16:34:24 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exePRC - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exePRC - [2012/08/13 11:22:48 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exePRC - [2012/08/13 11:22:48 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.binPRC - [2012/08/13 11:22:48 | 000,103,936 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exePRC - [2012/06/28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exePRC - [2012/04/09 16:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exePRC - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXEPRC - [2011/02/03 19:45:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXEPRC - [2011/01/17 02:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2011/01/17 02:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2011/01/14 01:54:12 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exePRC - [2011/01/14 01:54:10 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exePRC - [2011/01/14 01:53:52 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exePRC - [2010/12/29 07:18:32 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exePRC - [2010/12/29 07:18:14 | 000,259,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exePRC - [2010/12/17 03:36:18 | 000,281,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exePRC - [2010/12/14 22:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exePRC - [2010/12/11 18:39:28 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exePRC - [2010/12/02 04:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exePRC - [2010/11/29 20:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exePRC - [2010/11/24 08:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exePRC - [2010/11/18 12:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exePRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exePRC - [2010/04/07 06:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exePRC - [2010/04/01 06:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exePRC - [2010/03/11 22:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exePRC - [2009/05/28 06:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exePRC - [2008/01/10 20:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe========== Modules (No Company Name) ==========MOD - [2012/11/03 00:40:08 | 000,540,977 | ---- | M] () -- C:\Users\Cedric\Downloads\adwcleaner.exeMOD - [2012/10/31 11:07:15 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dllMOD - [2012/08/21 18:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dllMOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dllMOD - [2012/08/10 16:50:56 | 000,303,616 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxmlsec.dllMOD - [2012/08/10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dllMOD - [2012/08/10 16:50:56 | 000,136,192 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxmlsec-mscrypto.dllMOD - [2010/04/06 17:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dllMOD - [2010/04/06 17:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dllMOD - [2009/05/28 06:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe========== Services (SafeList) ==========SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2011/01/14 01:54:12 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)SRV:64bit: - [2011/01/14 01:53:52 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)SRV:64bit: - [2010/12/18 23:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)SRV:64bit: - [2010/12/17 22:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)SRV:64bit: - [2010/12/17 22:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)SRV:64bit: - [2010/12/17 04:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)SRV:64bit: - [2010/12/16 00:46:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)SRV:64bit: - [2010/12/03 21:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)SRV:64bit: - [2010/12/03 03:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)SRV:64bit: - [2010/12/02 04:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)SRV:64bit: - [2010/11/24 08:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)SRV:64bit: - [2010/11/12 10:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010/04/07 06:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)SRV - [2012/07/31 11:12:32 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)SRV - [2011/02/03 19:45:00 | 000,155,496 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)SRV - [2011/02/03 19:45:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)SRV - [2011/01/17 02:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2011/01/17 02:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010/12/14 22:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)SRV - [2010/12/11 18:39:28 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)SRV - [2010/11/29 20:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)SRV - [2010/11/18 12:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/03/11 22:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2008/01/10 20:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2012/09/22 16:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2012/06/05 17:40:42 | 001,580,704 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/03/01 02:32:39 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)DRV:64bit: - [2012/03/01 02:32:32 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP)DRV:64bit: - [2012/03/01 02:32:32 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap)DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2011/07/25 16:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)DRV:64bit: - [2011/07/20 12:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)DRV:64bit: - [2011/03/15 21:25:29 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/03 19:45:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)DRV:64bit: - [2011/02/03 19:45:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)DRV:64bit: - [2010/12/21 17:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)DRV:64bit: - [2010/12/20 17:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)DRV:64bit: - [2010/12/19 01:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)DRV:64bit: - [2010/12/19 01:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)DRV:64bit: - [2010/12/19 01:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)DRV:64bit: - [2010/12/19 01:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)DRV:64bit: - [2010/12/19 01:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)DRV:64bit: - [2010/12/16 09:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2010/12/16 04:56:06 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2010/12/16 00:45:16 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)DRV:64bit: - [2010/12/16 00:43:00 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)DRV:64bit: - [2010/12/15 04:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)DRV:64bit: - [2010/12/03 21:56:26 | 000,167,680 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)DRV:64bit: - [2010/12/03 21:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)DRV:64bit: - [2010/11/30 13:42:48 | 000,017,408 | ---- | M] (ELECOM) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElcMouUFlt.sys -- (ElcMouUFlt)DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2010/11/12 10:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)DRV:64bit: - [2010/11/05 15:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2010/10/19 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2010/10/14 16:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2010/10/05 07:30:58 | 000,018,432 | ---- | M] (ELECOM) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElcMouLFlt.sys -- (ElcMouLFlt)DRV:64bit: - [2010/09/07 06:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)DRV:64bit: - [2009/12/02 08:33:30 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)DRV:64bit: - [2009/09/24 12:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2009/03/13 21:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)DRV:64bit: - [2008/03/17 11:06:14 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)DRV - [2012/10/31 11:07:53 | 000,505,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys -- (RapportCerberus_43926)DRV - [2012/09/22 16:34:44 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)DRV - [2012/09/22 16:34:42 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {BE87916A-9E77-4755-B92F-8737989D649A}IE:64bit: - HKLM\..\SearchScopes\{BE87916A-9E77-4755-B92F-8737989D649A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {D8E4E56F-78F8-444E-A253-ED854D6E4592}IE - HKLM\..\SearchScopes\{D8E4E56F-78F8-444E-A253-ED854D6E4592}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBoxIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.comIE - HKCU\..\SearchScopes,DefaultScope = {D8E4E56F-78F8-444E-A253-ED854D6E4592}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Cedric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Cedric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Cedric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cedric\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cedric\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)========== Chrome ==========CHR - homepage: http://www.google.fr/CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}CHR - homepage: http://www.google.fr/CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Cedric\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cedric\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cedric\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dllCHR - plugin: Shockwave Flash (Disabled) = C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dllCHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Cedric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllCHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Cedric\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLLCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Cedric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dllCHR - Extension: YouTube = C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Recherche Google = C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: AdBlock = C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\CHR - Extension: Skype Click to Call = C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\CHR - Extension: Gmail = C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2012/11/02 11:56:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)O4:64bit: - HKLM..\Run: [ElcMouse] C:\Program Files\ELECOM_Mouse_Driver\ElcMouseApl.exe ()O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)O4 - Startup: C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not foundO8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not foundO8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not foundO8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not foundO8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E09DE6D-DB27-415C-AD6B-C61FF7EDA61B}: DhcpNameServer = 192.168.1.1O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.mpegacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)Drivers32: VIDC.MP42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)CREATERESTOREPOINTRestore point Set: OTL Restore Point========== Files/Folders - Created Within 30 Days ==========[2012/11/02 21:07:20 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1[2012/11/02 21:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3[2012/11/02 20:42:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2012/11/02 15:54:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/11/02 15:43:20 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{ABAC34ED-E40C-48A6-94DF-B5855AD3F1A6}[2012/11/02 12:14:04 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/11/02 11:44:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/11/02 11:44:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/11/02 11:44:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/11/02 11:34:07 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/11/02 11:33:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2012/11/02 11:14:09 | 000,000,000 | ---D | C] -- C:\Users\Cedric\Desktop\RK_Quarantine[2012/11/02 07:00:04 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Roaming\Mozilla[2012/11/01 23:45:24 | 000,000,000 | ---D | C] -- C:\Windows\pss[2012/11/01 21:49:09 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{61CAB3AE-3C6C-41FC-B55E-B24BBEE37D88}[2012/11/01 09:48:34 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{63AFCA17-9F9D-4158-927C-8E6820352DC5}[2012/10/31 21:48:11 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{88C8C98F-B31A-4117-BB3F-EC079DCCB006}[2012/10/31 11:06:58 | 000,101,688 | ---- | C] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys[2012/10/31 11:06:12 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\Trusteer[2012/10/31 11:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport[2012/10/31 11:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer[2012/10/31 11:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer[2012/10/31 09:47:49 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{4B891243-F853-4894-BE2E-7B75689DB74C}[2012/10/30 18:36:39 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{A318BF90-51FB-44F3-AE2B-707475A64273}[2012/10/30 06:36:28 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{2C9CED35-C577-4AB7-909A-9D34B22200B3}[2012/10/29 22:03:53 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{BAFD767F-50B8-42AD-B060-F12470463F47}[2012/10/26 16:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java[2012/10/26 16:18:30 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe[2012/10/26 16:18:30 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe[2012/10/26 16:18:30 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe[2012/10/26 16:11:56 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{ABAF88BB-E989-4AC9-8F92-DDD3F43CC304}[2012/10/25 21:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11[2012/10/25 21:37:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 11[2012/10/25 17:10:54 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Roaming\Malwarebytes[2012/10/25 17:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/10/25 17:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2012/10/25 17:10:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2012/10/25 17:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2012/10/25 12:08:59 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{E170CB48-303E-47F5-8253-6A3E9CF9DEE6}[2012/10/24 23:59:37 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{1B5AE5DF-4F4A-49C4-A909-899708BAC085}[2012/10/24 11:59:02 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{E2429550-B3AC-4263-A882-95769D96E4AE}[2012/10/23 11:11:03 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{47F3FDAC-5607-4756-B204-B051A54F2768}[2012/10/22 22:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip[2012/10/22 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip[2012/10/22 11:29:23 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{276D49AE-335F-4A33-BE79-487E6B08AFEA}[2012/10/19 13:23:36 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{2257F5FE-0139-433C-B755-1332399B5C0C}[2012/10/19 01:23:12 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{CF86EF16-719F-4484-B59D-4E2D78806B71}[2012/10/18 12:25:40 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{5F023312-0B84-4E9E-8FD2-C5E936982D56}[2012/10/18 00:25:06 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{D5B86DE3-65FC-48B4-B4AB-5FE686B09FFA}[2012/10/17 21:39:46 | 000,000,000 | ---D | C] -- C:\Users\Cedric\Documents\back up ANGELICA II[2012/10/17 12:24:44 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{589C2DED-6173-4FB7-8E34-E2482AC962DB}[2012/10/17 00:24:22 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{D0F8C3C3-049F-41D0-964B-946D919ED3D0}[2012/10/16 12:24:06 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{D4400836-0A0C-49C4-848A-774C4EF75D55}[2012/10/15 11:17:22 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{6CCC5358-993D-4EDA-9493-8B62450B2DEB}[2012/10/13 21:42:05 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{21085959-FA22-4F57-905B-2619953F20FA}[2012/10/13 09:41:40 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{20FD0026-71E7-4D86-B4E8-6A19424A8649}[2012/10/12 12:17:41 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{E7D30600-45B3-4DDA-849C-63FF04B50D49}[2012/10/11 11:32:11 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{D6FC5F46-C182-4D57-B6DC-7625E8F9EBA4}[2012/10/10 23:40:09 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{37C1315A-8FBF-4542-9F39-5F3544A00076}[2012/10/10 11:02:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe[2012/10/10 11:02:14 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe[2012/10/10 11:02:13 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe[2012/10/10 11:02:02 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll[2012/10/10 11:02:02 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll[2012/10/10 11:02:01 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe[2012/10/10 11:02:01 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll[2012/10/10 11:01:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll[2012/10/10 11:01:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe[2012/10/10 11:01:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll[2012/10/10 11:01:56 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll[2012/10/10 11:01:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll[2012/10/10 11:01:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll[2012/10/10 11:01:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe[2012/10/10 11:01:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll[2012/10/10 11:01:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll[2012/10/10 11:01:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll[2012/10/10 11:01:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll[2012/10/10 11:01:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll[2012/10/10 11:01:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll[2012/10/10 11:01:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll[2012/10/10 11:01:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll[2012/10/10 11:01:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll[2012/10/10 11:01:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll[2012/10/10 11:01:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll[2012/10/10 11:01:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll[2012/10/10 11:01:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll[2012/10/10 11:01:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll[2012/10/10 11:01:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll[2012/10/10 11:01:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll[2012/10/10 11:01:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll[2012/10/10 11:01:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll[2012/10/10 11:01:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll[2012/10/10 11:01:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll[2012/10/10 11:01:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll[2012/10/10 11:01:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll[2012/10/10 11:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll[2012/10/10 11:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll[2012/10/10 11:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll[2012/10/10 11:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll[2012/10/10 11:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll[2012/10/10 11:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll[2012/10/10 11:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll[2012/10/10 11:01:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll[2012/10/10 11:01:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll[2012/10/10 11:01:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll[2012/10/10 11:01:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll[2012/10/10 11:01:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll[2012/10/10 11:01:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe[2012/10/10 11:01:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll[2012/10/10 11:01:07 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2012/10/10 11:01:05 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll[2012/10/10 10:53:52 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{05B98F24-7E25-40D9-AC3D-66C3BA6DED00}[2012/10/09 22:53:00 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{931F23F1-24FE-4C70-ADD7-FAE663A153AD}[2012/10/09 10:24:47 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{76FBDF50-125E-48E8-B2B3-F15A633B6709}[2012/10/08 21:13:17 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{403F8422-CFE6-4641-9477-0B3B65970E8A}[2012/10/08 09:12:54 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{80C7D969-439B-4863-B06D-42289BD2D848}[2012/10/07 22:26:38 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Roaming\OpenOffice.org[2012/10/07 22:24:00 | 000,000,000 | ---D | C] -- C:\Users\Cedric\Desktop\OpenOffice.org 3.4.1 (fr) Installation Files[2012/10/06 18:09:52 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{67F853FD-68E2-4996-B53F-AB680C7310A7}[2012/10/06 06:09:19 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{7F00D982-F60A-44F9-98C2-11B56F517E7A}[2012/10/05 15:23:58 | 000,000,000 | ---D | C] -- C:\Users\Cedric\AppData\Local\{2D8904B3-4CEC-42A0-8927-D8885D26CFCB}========== Files - Modified Within 30 Days ==========[2012/11/03 00:45:00 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/11/03 00:31:32 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job[2012/11/02 23:59:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000UA.job[2012/11/02 21:08:07 | 000,001,246 | ---- | M] () -- C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk[2012/11/02 20:07:25 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/11/02 20:07:25 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/11/02 20:06:22 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/11/02 20:06:22 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/11/02 20:06:22 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/11/02 20:00:25 | 000,001,004 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/11/02 20:00:06 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job[2012/11/02 19:59:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/11/02 19:59:07 | 3132,542,976 | -HS- | M] () -- C:\hiberfil.sys[2012/11/02 16:23:20 | 000,011,770 | ---- | M] () -- C:\Users\Cedric\Documents\list eemploi belgique.ods[2012/11/02 15:31:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job[2012/11/02 11:59:02 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3945560438-835355012-1364033068-1000Core.job[2012/11/02 11:56:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/10/30 06:35:30 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job[2012/10/26 16:34:26 | 000,013,538 | ---- | M] () -- C:\Users\Cedric\Documents\relevé edf magenta.odt[2012/10/26 11:41:52 | 000,110,888 | ---- | M] () -- C:\Users\Cedric\Documents\etat-des-lieux sortie magenta 2012 10 26.pdf[2012/10/25 17:10:09 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/10/17 10:31:05 | 000,151,207 | ---- | M] () -- C:\Users\Cedric\Documents\ETicket_radiohead.pdf[2012/10/12 03:53:26 | 000,027,494 | ---- | M] () -- C:\Users\Cedric\Documents\saphie.odt[2012/10/11 12:06:14 | 000,020,047 | ---- | M] () -- C:\Users\Cedric\Documents\sumo sophie.odt[2012/10/09 22:55:23 | 000,021,429 | ---- | M] () -- C:\Users\Cedric\Documents\convocation pole emploi.pdf[2012/10/09 10:25:43 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2012/10/09 10:25:42 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2012/10/08 09:12:01 | 000,397,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT========== Files Created - No Company Name ==========[2012/11/02 21:08:07 | 000,001,246 | ---- | C] () -- C:\Users\Cedric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk[2012/11/02 11:44:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/11/02 11:44:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/11/02 11:44:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/11/02 11:44:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/11/02 11:44:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/10/26 16:34:23 | 000,013,538 | ---- | C] () -- C:\Users\Cedric\Documents\relevé edf magenta.odt[2012/10/26 11:41:49 | 000,110,888 | ---- | C] () -- C:\Users\Cedric\Documents\etat-des-lieux sortie magenta 2012 10 26.pdf[2012/10/25 17:10:09 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/10/17 10:31:05 | 000,151,207 | ---- | C] () -- C:\Users\Cedric\Documents\ETicket_radiohead.pdf[2012/10/17 02:11:16 | 000,011,770 | ---- | C] () -- C:\Users\Cedric\Documents\list eemploi belgique.ods[2012/10/12 01:55:37 | 000,027,494 | ---- | C] () -- C:\Users\Cedric\Documents\saphie.odt[2012/10/11 00:42:31 | 000,020,047 | ---- | C] () -- C:\Users\Cedric\Documents\sumo sophie.odt[2012/10/09 22:55:23 | 000,021,429 | ---- | C] () -- C:\Users\Cedric\Documents\convocation pole emploi.pdf[2012/09/20 19:56:45 | 000,002,374 | ---- | C] () -- C:\Windows\ElcMouse.ini[2011/11/04 07:40:25 | 000,007,656 | ---- | C] () -- C:\Users\Cedric\AppData\Local\Resmon.ResmonCfg[2011/07/18 22:14:10 | 000,736,616 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2011/03/15 22:00:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll[2011/03/15 21:30:22 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2011/03/15 21:30:22 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2011/03/15 21:30:21 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin========== ZeroAccess Check ==========[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2012/08/23 00:23:21 | 000,253,952 | ---- | M] () -- C:\1036.MST[2012/11/03 00:40:22 | 000,004,618 | ---- | M] () -- C:\AdwCleaner[R1].txt[2009/07/14 02:38:58 | 000,383,562 | R-S- | M] () -- C:\bootmgr[2009/07/24 18:28:58 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK[2012/11/02 12:13:53 | 000,024,191 | ---- | M] () -- C:\ComboFix.txt[2007/12/13 07:12:32 | 000,057,344 | ---- | M] () -- C:\F405FIX.EXE[2012/11/02 19:59:07 | 3132,542,976 | -HS- | M] () -- C:\hiberfil.sys[2006/12/02 07:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll[2012/11/02 19:59:12 | 4176,723,968 | -HS- | M] () -- C:\pagefile.sys[2012/11/02 14:23:03 | 000,009,194 | ---- | M] () -- C:\protection-log-2012-11-02.txt[2012/08/23 00:23:41 | 089,387,520 | ---- | M] () -- C:\Rescue and Recovery.msi[2011/03/15 21:25:23 | 000,000,211 | ---- | M] () -- C:\setup.log< %systemroot%\*. /mp /s >< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >========== Alternate Data Streams ==========@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EEDA5B17< End of report > Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 3, 2012 ID:609084 Share Posted November 3, 2012 Hello cedrill,You have the Ask Toolbar (AskBarDis)/Nero Toolbar installed. I strongly recommend you remove the Ask Toolbar from your computer because:It promotes its toolbars on sites targeted at kids.It promotes its toolbars through ads that appear to be part of other companies' sites.It promotes its toolbars through other companies' spyware.It is installed without any disclosure whatsoever and without any consent from the user whatsoever.It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.Please go to Start>Control Panel>Add or Remove Programs and remove the following programs (if present): Ask.comAskBarDisNero ToolbarPlease restart your computer after these program removal.===== Next, please close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with OK.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile in your reply.You can find the logfile at C:\AdwCleaner[s1].txt.=====Then, please run OTL.exe.Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)::OTLO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: [] File not foundO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present:Commands[EmptyTemp][EmptyFlash][Reboot]Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.Click the red Run Fix button.A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.Close OTL.exeIf a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.=====In your reply please provide the contents of the following logs:AdwCleaner[s1].txt.OTL fix log.Is Babylon still present? Are you still experiencing the redirect? Link to post Share on other sites More sharing options...
cedrill Posted November 3, 2012 Author ID:609180 Share Posted November 3, 2012 Hello,I think I ran all the steps, but I still have the same message from malewarebytesBlocage réussis a un site potentiellement malveillant: 46.17.97.109Type sortant, port 49456, process chromiumDid I do something wrong?.From add/remove program I found only Ask.com and Nero Toolbar (not AskBarDis)OTL had to rebootBellow the logs.is it more serious than you thought?Thanks again,Cédric+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++All processes killed========== OTL ==========Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.========== COMMANDS ==========[EMPTYTEMP]User: All UsersUser: Cedric->Temp folder emptied: 1234688 bytes->Temporary Internet Files folder emptied: 104942300 bytes->Java cache emptied: 6868 bytes->Google Chrome cache emptied: 382040327 bytes->Flash cache emptied: 43908 bytesUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Public->Temp folder emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 89667 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 466,00 mb[EMPTYFLASH]User: All UsersUser: Cedric->Flash cache emptied: 0 bytesUser: DefaultUser: Default UserUser: PublicTotal Flash Files Cleaned = 0,00 mbOTL by OldTimer - Version 3.2.69.0 log created on 11032012_122835Files\Folders moved on Reboot...C:\Users\Cedric\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.PendingFileRenameOperations files...Registry entries deleted on Reboot...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++# AdwCleaner v2.006 - Logfile created 11/03/2012 at 12:22:01# Updated 30/10/2012 by Xplode# Operating system : Windows 7 Professional Service Pack 1 (64 bits)# User : Cedric - CEDRIC-THINK# Boot Mode : Normal# Running from : C:\Users\Cedric\Downloads\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Folder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\Users\Cedric\AppData\Local\BabylonFolder Deleted : C:\Users\Cedric\AppData\Roaming\Babylon***** [Registry] *****Key Deleted : HKCU\Software\AppDataLow\SoftwareKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Deleted : HKLM\Software\BabylonKey Deleted : HKLM\Software\BabylonToolbarKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFValue Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]***** [internet Browsers] *****-\\ Internet Explorer v8.0.7601.17514[OK] Registry is clean.-\\ Google Chrome v [unable to get version]File : C:\Users\Cedric\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.-\\ Chromium v22.0.1216.0File : C:\Users\Cedric\AppData\Local\Chromium\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [4618 octets] - [03/11/2012 00:40:17]AdwCleaner[s1].txt - [1712 octets] - [03/11/2012 12:22:01]########## EOF - C:\AdwCleaner[s1].txt - [1772 octets] ########## Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 3, 2012 ID:609185 Share Posted November 3, 2012 Hello cedrill,You did fine. Please go to the below link to view a set of instructions on how to block a port in Windows 7:http://maximumpcguid...ws-7s-firewall/Please follow all instructions. When you are prompted what port you would like to block, please enter 49456. Let me know how that goes please. Link to post Share on other sites More sharing options...
cedrill Posted November 3, 2012 Author ID:609195 Share Posted November 3, 2012 I blocked it, but it uses a other port. (with TCP)I blocked the new one, and still the same malwarebytes messages... Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 3, 2012 ID:609386 Share Posted November 3, 2012 Hey cedrill,Let's check that your computer is clean.Please download the Kaspersky Virus Removal Tool from here to your Desktop.Double-click the Removal Tool.Click the cog in the upper right corner:Select down to and including your main drive.Once done please select the Automatic Scan tab and press Start Scan.Allow AVP to delete all infections found.Once it has finished select the Report tab.Select the Detected threats report from the left and press the Save button.Save it to your Desktop and post the contents in your next reply. Link to post Share on other sites More sharing options...
cedrill Posted November 5, 2012 Author ID:609847 Share Posted November 5, 2012 Hello,After more than 24 hours scanning, kaspersky didn't found anything and then, there is no detected threats report.During the scan I had some message: files protected by password.It seems to be complicated!Thanks againCédric Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 5, 2012 ID:609891 Share Posted November 5, 2012 Hey cedrill,OK all good.Please download Junkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply. Link to post Share on other sites More sharing options...
cedrill Posted November 6, 2012 Author ID:610017 Share Posted November 6, 2012 Hello,Here it is.Still nothing Junkware Removal Tool (JRT) by Thisisu Version: 2.7.1 (11.05.2012) OS: Windows 7 Professional x64 Ran by Cedric on 06/11/2012 at 0:22:16,24 Blog: http://thisisudax.blogspot.com ************************************************************** *** Services: 0 Detections *** Registry Values: 0 Detections *** Registry Keys: 0 Detections *** Files: 0 Detections *** Folders: 0 Detections *** Event Viewer Logs - Cleared ************************************************************** Scan was completed on 06/11/2012 at 0:26:51,38 End of Report Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 6, 2012 ID:610033 Share Posted November 6, 2012 Hey cedrill,Please download GMER from one of the following locations and save it to your Desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your Desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress).If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, firewall and any other security programs you had disabled.-- If you encounter any problems, try running GMER in Safe Mode.-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning. Link to post Share on other sites More sharing options...
cedrill Posted November 6, 2012 Author ID:610049 Share Posted November 6, 2012 Hi again,Here it is.GMER 1.0.15.15641 - http://www.gmer.netRootkit scan 2012-11-06 14:11:46Windows 6.1.7601 Service Pack 1 Running: dogjq064.exe---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a82f24c57 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a82f24c57@68ed436f99ac 0xF7 0x14 0x7A 0x32 ...Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a82f24c57 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a82f24c57@68ed436f99ac 0xF7 0x14 0x7A 0x32 ...---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 6, 2012 ID:610187 Share Posted November 6, 2012 Howdy cedrill,Do these blocks in MBAM occur when you aren't using an internet browser or application accessing the internet?Please take a look at FAQ Section G for more information about the IP blocking module in MBAM.Please answer my question and let me know if the FAQ was any help. Link to post Share on other sites More sharing options...
cedrill Posted November 7, 2012 Author ID:610300 Share Posted November 7, 2012 Hello,These block occurs when I use Chromium or IE and connect to my hotmail account.It's an malicious IP (in russian: 46.17.97.109).I installed TCPview but I couldn't find this IP in the list.I don't know what to do now. :-( Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 7, 2012 ID:610306 Share Posted November 7, 2012 So the blocks do not occur if you aren't using your browsers or Outlook? Link to post Share on other sites More sharing options...
cedrill Posted November 7, 2012 Author ID:610307 Share Posted November 7, 2012 Block occurs only with a browser (I tried with chromium and IE only)I don't have outlook, I don't know Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 7, 2012 ID:610309 Share Posted November 7, 2012 Hey cedrill,OK. Please run these scans to ensure there are rootkits.Please download aswMBR by gmer to your Desktop.Please visit this site for instructions on how to run the tool.Once familiar with this tool, double click aswMBR.exe to run it.Click the Scan button to start the scan. If it finds something, do NOT fix it.Once the scan has completed, please save the aswMBR.txt log to the Desktop and post it in your next reply.=====Also, please download to your Desktop:TDSSKiller.zip from here and extract it (right click on it => "Extract here").>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.Click Change parameters.Make sure you check the box Loaded modules.A window will popup and say Reboot is required. Please click Reboot now.Then click Change parameters again. Check the box Detect TDLFS file system.Click on the Start Scan button.If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. If you are asked to reboot the computer to complete the process, click on the Reboot Now button.Once the tool has finished, please click Report. Please copy and paste the contents of that log in your reply.Note: A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). =====Please post the contents of both logs. Link to post Share on other sites More sharing options...
cedrill Posted November 7, 2012 Author ID:610435 Share Posted November 7, 2012 Hello,Here is the aswMBR reports,Thanks a lot,CédricaswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-11-07 17:53:25-----------------------------17:53:25.299 OS Version: Windows x64 6.1.7601 Service Pack 117:53:25.299 Number of processors: 4 586 0x2A0717:53:25.299 ComputerName: CEDRIC-THINK UserName: Cedric17:53:27.579 Initialize success17:53:53.217 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-117:53:53.217 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 317:53:53.227 Disk 0 MBR read successfully17:53:53.227 Disk 0 MBR scan17:53:53.227 Disk 0 unknown MBR code17:53:53.232 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 204817:53:53.247 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 245964817:53:53.432 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 95629107217:53:53.497 Disk 0 scanning C:\Windows\system32\drivers17:54:14.700 Service scanning17:54:36.502 Modules scanning17:54:36.512 Disk 0 trace - called modules:17:54:36.537 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 17:54:36.542 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065ea060]17:54:36.867 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80053898c0]17:54:36.867 5 ACPI.sys[fffff88000ee07a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800538e050]17:54:36.872 Scan finished successfully17:55:00.070 Disk 0 MBR has been saved successfully to "C:\Users\Cedric\Documents\MBR.dat"17:55:00.075 The log file has been saved successfully to "C:\Users\Cedric\Documents\aswMBR.txt" Link to post Share on other sites More sharing options...
cedrill Posted November 7, 2012 Author ID:610436 Share Posted November 7, 2012 TDSS report is too long to be posted, but no threats was found.Do you want to see the report any way? Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 7, 2012 ID:610492 Share Posted November 7, 2012 Howdy cedrill,I would like to confirm something.Please download MBRCheck by a_d_13 to your Desktop from one of these locations:http://ad13.geekstogo.com/MBRCheck.exehttp://download.bleepingcomputer.com/rootrepeal/MBRCheck.exehttp://www.kernelmode.info/MBRCheck.exeClose all opened programs/ windows and double-click on MBRCheck.exe.It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".Press the "Enter" key to close the MBRCheck window and post the contents of the log file. Link to post Share on other sites More sharing options...
cedrill Posted November 7, 2012 Author ID:610521 Share Posted November 7, 2012 BonjourVoila!Merci,MBRCheck, version 1.2.3© 2010, ADCommand-line: Windows Version: Windows 7 ProfessionalWindows Information: Service Pack 1 (build 7601), 64-bitBase Board Manufacturer: LENOVOBIOS Manufacturer: LENOVOSystem Manufacturer: LENOVOSystem Product Name: 41786UULogical Drives Mask: 0x00010004Kernel Drivers (total 217): 0x02E4C000 \SystemRoot\system32\ntoskrnl.exe 0x02E03000 \SystemRoot\system32\hal.dll 0x00BD3000 \SystemRoot\system32\kdcom.dll 0x00C41000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00C90000 \SystemRoot\system32\PSHED.dll 0x00CA4000 \SystemRoot\system32\CLFS.SYS 0x00D02000 \SystemRoot\system32\CI.dll 0x00EA8000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F4C000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F5B000 \SystemRoot\system32\drivers\ACPI.sys 0x00FB2000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00FBB000 \SystemRoot\system32\drivers\msisadrv.sys 0x00FC5000 \SystemRoot\system32\drivers\pci.sys 0x00E00000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys 0x00E22000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00E2B000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00E37000 \SystemRoot\system32\drivers\volmgr.sys 0x00E4C000 \SystemRoot\System32\drivers\volmgrx.sys 0x00DC2000 \SystemRoot\System32\drivers\mountmgr.sys 0x00C00000 \SystemRoot\system32\drivers\vmbus.sys 0x00DDC000 \SystemRoot\system32\drivers\winhv.sys 0x0106A000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x011BE000 \SystemRoot\system32\drivers\amdxata.sys 0x01000000 \SystemRoot\system32\drivers\fltmgr.sys 0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys 0x012A7000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0x01436000 \SystemRoot\System32\Drivers\Ntfs.sys 0x012DF000 \SystemRoot\System32\Drivers\msrpc.sys 0x015D9000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0133D000 \SystemRoot\System32\Drivers\cng.sys 0x01400000 \SystemRoot\System32\drivers\pcw.sys 0x01411000 \SystemRoot\System32\DRIVERS\DzHDD64.sys 0x0141C000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01661000 \SystemRoot\system32\drivers\ndis.sys 0x01753000 \SystemRoot\system32\drivers\NETIO.SYS 0x017B3000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01800000 \SystemRoot\System32\drivers\tcpip.sys 0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0164A000 \SystemRoot\system32\drivers\vmstorfl.sys 0x013AF000 \SystemRoot\system32\drivers\volsnap.sys 0x017DD000 \SystemRoot\System32\DRIVERS\ApsHM64.sys 0x017E7000 \SystemRoot\System32\Drivers\spldr.sys 0x01200000 \SystemRoot\System32\drivers\rdyboost.sys 0x0123A000 \SystemRoot\System32\DRIVERS\Apsx64.sys 0x01260000 \SystemRoot\System32\Drivers\RapportKE64.sys 0x01277000 \SystemRoot\System32\Drivers\mup.sys 0x017EF000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01AB3000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01AED000 \SystemRoot\system32\DRIVERS\disk.sys 0x01B03000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01B41000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys 0x0402A000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 0x04071000 \SystemRoot\System32\Drivers\Null.SYS 0x0407A000 \SystemRoot\System32\Drivers\Beep.SYS 0x0F20D000 \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS 0x103B2000 \SystemRoot\System32\drivers\vga.sys 0x103C0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x103E5000 \SystemRoot\System32\drivers\watchdog.sys 0x103F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x0F200000 \SystemRoot\system32\drivers\rdpencdd.sys 0x041EB000 \SystemRoot\system32\drivers\rdprefmp.sys 0x041F4000 \SystemRoot\System32\Drivers\Msfs.SYS 0x01BBB000 \SystemRoot\System32\Drivers\Npfs.SYS 0x01BCC000 \SystemRoot\system32\DRIVERS\tdx.sys 0x01BEE000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x01A00000 \SystemRoot\system32\drivers\afd.sys 0x044B9000 \SystemRoot\System32\DRIVERS\netbt.sys 0x044FE000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x04509000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x04512000 \SystemRoot\system32\DRIVERS\pacer.sys 0x04538000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x0454E000 \SystemRoot\system32\DRIVERS\netbios.sys 0x0455D000 \SystemRoot\system32\DRIVERS\serial.sys 0x0457A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x04595000 \SystemRoot\System32\drivers\Tppwr64v.sys 0x0459C000 \SystemRoot\system32\drivers\termdd.sys 0x04400000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x04451000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 0x04464000 \SystemRoot\system32\drivers\nsiproxy.sys 0x04470000 \SystemRoot\system32\drivers\mssmbios.sys 0x0447B000 \SystemRoot\system32\DRIVERS\smiifx64.sys 0x04482000 \SystemRoot\System32\drivers\discache.sys 0x02E04000 \SystemRoot\system32\drivers\csc.sys 0x02E87000 \SystemRoot\System32\Drivers\dfsc.sys 0x02EA5000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x02EB6000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02EDC000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x04A4D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys 0x02EF2000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x04A00000 \SystemRoot\System32\drivers\dxgmms1.sys 0x02FE6000 \SystemRoot\system32\DRIVERS\HECIx64.sys 0x04491000 \SystemRoot\system32\DRIVERS\serenum.sys 0x045B0000 \SystemRoot\system32\DRIVERS\e1c62x64.sys 0x0449D000 \SystemRoot\system32\drivers\usbehci.sys 0x058AC000 \SystemRoot\system32\drivers\USBPORT.SYS 0x05902000 \SystemRoot\system32\drivers\HDAudBus.sys 0x05A9B000 \SystemRoot\system32\DRIVERS\NETwNs64.sys 0x06306000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x06313000 \SystemRoot\system32\DRIVERS\risdxc64.sys 0x0636F000 \SystemRoot\system32\drivers\i8042prt.sys 0x0638D000 \SystemRoot\system32\drivers\kbdclass.sys 0x068A3000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x06800000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x06802000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x06811000 \SystemRoot\system32\drivers\tpm.sys 0x06820000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x06825000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys 0x06832000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x0683F000 \SystemRoot\system32\drivers\wmiacpi.sys 0x06848000 \SystemRoot\system32\drivers\CompositeBus.sys 0x06858000 \SystemRoot\system32\drivers\tbhsd.sys 0x0639C000 \SystemRoot\system32\drivers\portcls.sys 0x06868000 \SystemRoot\system32\drivers\drmk.sys 0x05A00000 \SystemRoot\system32\drivers\ks.sys 0x0688A000 \SystemRoot\system32\drivers\ksthunk.sys 0x06890000 \SystemRoot\System32\Drivers\RootMdm.sys 0x05A43000 \SystemRoot\system32\drivers\modem.sys 0x05A52000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x05A68000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x05A8C000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x05926000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x063D9000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x05955000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x05976000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x05990000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys 0x06898000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x063F4000 \SystemRoot\system32\DRIVERS\rrnetcap.sys 0x059A2000 \SystemRoot\system32\DRIVERS\psadd.sys 0x059B0000 \SystemRoot\system32\DRIVERS\Tvti2c.sys 0x05A98000 \SystemRoot\system32\drivers\swenum.sys 0x059BE000 \SystemRoot\system32\DRIVERS\umbus.sys 0x05800000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x0585A000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x0823E000 \SystemRoot\system32\drivers\CHDRT64.sys 0x08400000 \SystemRoot\system32\DRIVERS\IntcDAud.sys 0x000E0000 \SystemRoot\System32\win32k.sys 0x08453000 \SystemRoot\System32\drivers\Dxapi.sys 0x0845F000 \SystemRoot\System32\Drivers\crashdmp.sys 0x0846D000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x085C1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x085D4000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x085F1000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x08200000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x08219000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x083CE000 \SystemRoot\system32\DRIVERS\5U877.sys 0x08222000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x08233000 \SystemRoot\system32\DRIVERS\ElcMouLFlt.sys 0x0586F000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0587C000 \SystemRoot\system32\DRIVERS\ElcMouUFlt.sys 0x05887000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00540000 \SystemRoot\System32\TSDDD.dll 0x00680000 \SystemRoot\System32\cdd.dll 0x059D0000 \SystemRoot\system32\drivers\luafv.sys 0x059F3000 \??\C:\Windows\system32\drivers\mbam.sys 0x083F7000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys 0x04081000 \SystemRoot\system32\drivers\WudfPf.sys 0x06331000 \SystemRoot\system32\DRIVERS\WinUSB.sys 0x040A2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x06342000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x040D3000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x06357000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x04126000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x03CAF000 \SystemRoot\system32\drivers\HTTP.sys 0x03D78000 \SystemRoot\system32\DRIVERS\bowser.sys 0x03D96000 \SystemRoot\System32\drivers\mpsdrv.sys 0x03DAE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x03C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x03C4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x03C72000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys 0x0413E000 \SystemRoot\system32\drivers\peauth.sys 0x03C93000 \SystemRoot\System32\Drivers\secdrv.SYS 0x011C9000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x03DDB000 \SystemRoot\System32\drivers\tcpipreg.sys 0x08020000 \SystemRoot\System32\DRIVERS\srv2.sys 0x08089000 \SystemRoot\System32\DRIVERS\srv.sys 0x08121000 \SystemRoot\system32\drivers\spsys.sys 0x779C0000 \Windows\System32\ntdll.dll 0x47720000 \Windows\System32\smss.exe 0xFFCE0000 \Windows\System32\apisetschema.dll 0xFF7F0000 \Windows\System32\autochk.exe 0xFFC30000 \Windows\System32\comdlg32.dll 0xFFA50000 \Windows\System32\setupapi.dll 0xFFA30000 \Windows\System32\sechost.dll 0x77B90000 \Windows\System32\psapi.dll 0xFF900000 \Windows\System32\wininet.dll 0xFF6F0000 \Windows\System32\ole32.dll 0xFF6E0000 \Windows\System32\nsi.dll 0x778A0000 \Windows\System32\kernel32.dll 0xFF670000 \Windows\System32\gdi32.dll 0xFF4F0000 \Windows\System32\urlmon.dll 0xFF450000 \Windows\System32\clbcatq.dll 0xFF340000 \Windows\System32\msctf.dll 0xFF0E0000 \Windows\System32\iertutil.dll 0x77B80000 \Windows\System32\normaliz.dll 0xFF0D0000 \Windows\System32\lpk.dll 0xFF0A0000 \Windows\System32\imm32.dll 0xFF080000 \Windows\System32\imagehlp.dll 0xFEFE0000 \Windows\System32\msvcrt.dll 0xFEF60000 \Windows\System32\shlwapi.dll 0xFEE80000 \Windows\System32\oleaut32.dll 0xFE0F0000 \Windows\System32\shell32.dll 0xFE070000 \Windows\System32\difxapi.dll 0xFDF40000 \Windows\System32\rpcrt4.dll 0xFDE60000 \Windows\System32\advapi32.dll 0x777A0000 \Windows\System32\user32.dll 0xFDE00000 \Windows\System32\Wldap32.dll 0xFDD30000 \Windows\System32\usp10.dll 0xFDCE0000 \Windows\System32\ws2_32.dll 0xFDCA0000 \Windows\System32\cfgmgr32.dll 0xFDC00000 \Windows\System32\comctl32.dll 0xFDB90000 \Windows\System32\KernelBase.dll 0xFDA20000 \Windows\System32\crypt32.dll 0xFD9E0000 \Windows\System32\wintrust.dll 0xFD9C0000 \Windows\System32\devobj.dll 0xFD9B0000 \Windows\System32\msasn1.dll 0x770F0000 \Windows\SysWOW64\normaliz.dllProcesses (total 118): 0 System Idle Process 4 System 404 C:\Windows\System32\smss.exe 532 csrss.exe 588 C:\Windows\System32\wininit.exe 608 csrss.exe 644 C:\Windows\System32\services.exe 664 C:\Windows\System32\lsass.exe 672 C:\Windows\System32\lsm.exe 776 C:\Windows\System32\svchost.exe 864 C:\Windows\System32\ibmpmsvc.exe 924 C:\Windows\System32\svchost.exe 996 C:\Program Files\Microsoft Security Client\MsMpEng.exe 372 C:\Windows\System32\winlogon.exe 544 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe 1228 C:\Windows\System32\svchost.exe 1268 C:\Windows\System32\svchost.exe 1300 C:\Windows\System32\svchost.exe 1372 C:\Windows\System32\audiodg.exe 1428 C:\Windows\System32\svchost.exe 1656 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe 1924 WUDFHost.exe 2000 C:\Windows\System32\svchost.exe 492 C:\Windows\System32\wlanext.exe 1364 C:\Windows\System32\conhost.exe 1736 C:\Windows\System32\spoolsv.exe 1880 C:\Windows\System32\svchost.exe 2088 C:\Program Files\Lenovo\HOTKEY\tphkload.exe 2108 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe 2144 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2184 C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE 2224 C:\Program Files\Bonjour\mDNSResponder.exe 2252 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 2300 C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe 2396 C:\Windows\System32\CxAudMsg64.exe 2428 C:\Program Files\Intel\WiFi\bin\EvtEng.exe 2476 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 2592 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 2624 C:\Program Files\Lenovo\Communications Utility\CamMute.exe 2652 C:\Program Files\Lenovo\HOTKEY\micmute.exe 2680 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 2716 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe 2768 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 2792 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 2852 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 2880 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 2912 C:\Windows\SysWOW64\SASrv.exe 2980 C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 3044 C:\Windows\System32\svchost.exe 2344 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 1616 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3076 C:\Windows\System32\taskhost.exe 3152 C:\Windows\System32\dwm.exe 3176 C:\Windows\explorer.exe 3484 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3496 C:\Windows\System32\TpShocks.exe 3540 C:\Windows\System32\hkcmd.exe 3552 C:\Windows\System32\igfxpers.exe 3564 C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe 3652 C:\Program Files\Microsoft Security Client\NisSrv.exe 3716 C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe 3744 C:\Program Files\Microsoft Security Client\msseces.exe 3808 C:\Windows\System32\svchost.exe 3948 C:\Windows\System32\svchost.exe 3976 C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 4080 C:\Program Files\ELECOM_Mouse_Driver\ElcMouseApl.exe 4092 C:\Program Files\Windows Sidebar\sidebar.exe 1680 C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe 728 C:\Windows\SysWOW64\rundll32.exe 1564 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe 4000 C:\Program Files (x86)\Winamp\winampa.exe 3844 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 2940 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe 3884 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe 4168 C:\Windows\System32\svchost.exe 4364 WmiPrvSE.exe 4420 unsecapp.exe 4512 C:\Windows\System32\rundll32.exe 4524 C:\PROGRA~1\Lenovo\ZOOM\TpScrex.exe 4532 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe 4632 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe 4688 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 4788 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 4988 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 4980 dllhost.exe 4184 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 2260 C:\Windows\System32\taskeng.exe 2988 C:\Windows\System32\rundll32.exe 2036 C:\PROGRA~1\Lenovo\ZOOM\TpScrex.exe 4912 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe 5076 C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe 5992 C:\Windows\System32\rundll32.exe 5700 WmiPrvSE.exe 5460 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin 5480 C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE 6108 C:\Program Files\Windows Media Player\wmpnetwk.exe 6516 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe 6760 C:\Windows\System32\SearchIndexer.exe 6316 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 6752 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 6780 C:\Program Files (x86)\Internet Explorer\ielowutil.exe 6948 WmiPrvSE.exe 6472 C:\Windows\System32\SearchProtocolHost.exe 6464 C:\Program Files (x86)\Nero\Update\NASvc.exe 3924 C:\Windows\System32\sppsvc.exe 5756 C:\Program Files (x86)\Lenovo\System Update\SUService.exe 3196 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe 3476 C:\Windows\servicing\TrustedInstaller.exe 4032 C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE 1852 taskhost.exe 5148 C:\Windows\System32\wbem\WmiApSrv.exe 3696 <unknown> 3364 dllhost.exe 4804 dllhost.exe 5440 C:\Users\Cedric\Downloads\MBRCheck (1).exe 5436 C:\Windows\System32\conhost.exe 5740 C:\Windows\System32\dllhost.exe 3236 C:\Windows\System32\SearchFilterHost.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS)PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003LVM1 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: DBE738B53FBD2A1F00767FD6E2D4095DE99B03EBFound non-standard or infected MBR.Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! Link to post Share on other sites More sharing options...
TheDarkKnight Posted November 7, 2012 ID:610527 Share Posted November 7, 2012 Hey cedrill,Thanks for the log. Your MBR seems to either be unrecognised or faked.Please download MBRScan and save it to your Desktop.Doubleclick on MBRScan.exe and click the Report button. (Vista and Windows 7 Users, right click on MBRScan and then click on Run as administrator).Please don't use the computer while the scan is running. The computer may not respond until the scan is done. Please be patient and don't force a restart of the computer.When the scan is finished, a log file will appear.Save that log file to your Desktop and post its content in your next reply. Link to post Share on other sites More sharing options...
cedrill Posted November 7, 2012 Author ID:610531 Share Posted November 7, 2012 Hello,Here is the report, but it was very fast (less than one second) is it normal?MBRScan v1.1.1OS : Windows 7 Service Pack 1 (64 bit)PROCESSOR : Intel64 Family 6 Model 42 Stepping 7, GenuineIntelBOOT : Normal BootDATE : 2012/11/08 (ISO 8601) at 00:10:49________________________________________________________________________________DISK : Device\Harddisk0\DR0 __ST950042 0AS (0003)BUS_TYPE : (0x03) P-ATAUSE_PIO : NOMAX_TRANSFER : 128 KbALIGNMENT_MASK : word aligned________________________________________________________________________________Device\Harddisk0\DR0 465.8 Go [Fixed] ==> Lenovo boot sector .MBR_MD5 : 6DFA341D7918DD07785E7847F1A410D7MBR_SHA1 : 1D58D65248CA19FBE5DB9FDA2D9979CB29C3CAD0Device\Harddisk0\Partition1 1.17 Go 0x07 NTFS / HPFS __ BOOTABLE __Device\Harddisk0\Partition2 454.8 Go 0x07 NTFS / HPFSDevice\Harddisk0\Partition3 9.77 Go 0x07 NTFS / HPFS________________________________________________________________________________############################### Additional scan ################################DRIVER : C:\Windows\system32\hal.dll => Invisible on the diskADDRESS : 0x02E03000SIZE : 292.0 KoDRIVER : C:\Windows\system32\kdcom.dll => Invisible on the diskADDRESS : 0x00BD3000SIZE : 40.0 KoDRIVER : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the diskADDRESS : 0x00C41000SIZE : 316.0 KoDRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the diskADDRESS : 0x00CA4000SIZE : 376.0 KoDRIVER : C:\Windows\system32\CI.dll => Invisible on the diskADDRESS : 0x00D02000SIZE : 768.0 KoDRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the diskADDRESS : 0x00EA8000SIZE : 656.0 KoDRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the diskADDRESS : 0x00F4C000SIZE : 60.0 KoDRIVER : C:\Windows\system32\drivers\ACPI.sys => Invisible on the diskADDRESS : 0x00F5B000SIZE : 348.0 KoDRIVER : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the diskADDRESS : 0x00FB2000SIZE : 36.0 KoDRIVER : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the diskADDRESS : 0x00FBB000SIZE : 40.0 KoDRIVER : C:\Windows\system32\drivers\pci.sys => Invisible on the diskADDRESS : 0x00FC5000SIZE : 204.0 KoDRIVER : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the diskADDRESS : 0x00E00000SIZE : 52.0 KoDRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the diskADDRESS : 0x00E0D000SIZE : 84.0 KoDRIVER : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the diskADDRESS : 0x00E22000SIZE : 36.0 KoDRIVER : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the diskADDRESS : 0x00E2B000SIZE : 48.0 KoDRIVER : C:\Windows\system32\drivers\volmgr.sys => Invisible on the diskADDRESS : 0x00E37000SIZE : 84.0 KoDRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the diskADDRESS : 0x00E4C000SIZE : 368.0 KoDRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the diskADDRESS : 0x00DC2000SIZE : 104.0 KoDRIVER : C:\Windows\system32\drivers\vmbus.sys => Invisible on the diskADDRESS : 0x00C00000SIZE : 240.0 KoDRIVER : C:\Windows\system32\drivers\winhv.sys => Invisible on the diskADDRESS : 0x00DDC000SIZE : 80.0 KoDRIVER : C:\Windows\system32\DRIVERS\iaStor.sys => Invisible on the diskADDRESS : 0x0106A000SIZE : 1.33 MoDRIVER : C:\Windows\system32\drivers\amdxata.sys => Invisible on the diskADDRESS : 0x011BE000SIZE : 44.0 KoDRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the diskADDRESS : 0x01000000SIZE : 304.0 KoDRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the diskADDRESS : 0x0104C000SIZE : 80.0 KoDRIVER : C:\Windows\system32\DRIVERS\MpFilter.sys => Invisible on the diskADDRESS : 0x012A7000SIZE : 224.0 KoDRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the diskADDRESS : 0x01436000SIZE : 1.64 MoDRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the diskADDRESS : 0x012DF000SIZE : 376.0 KoDRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the diskADDRESS : 0x015D9000SIZE : 108.0 KoDRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the diskADDRESS : 0x0133D000SIZE : 456.0 KoDRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the diskADDRESS : 0x01400000SIZE : 68.0 KoDRIVER : C:\Windows\System32\DRIVERS\DzHDD64.sys => Invisible on the diskADDRESS : 0x01411000SIZE : 44.0 KoDRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the diskADDRESS : 0x0141C000SIZE : 40.0 KoDRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the diskADDRESS : 0x01661000SIZE : 968.0 KoDRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the diskADDRESS : 0x01753000SIZE : 384.0 KoDRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the diskADDRESS : 0x017B3000SIZE : 168.0 KoDRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the diskADDRESS : 0x01800000SIZE : 2.00 MoDRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the diskADDRESS : 0x01600000SIZE : 296.0 KoDRIVER : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the diskADDRESS : 0x0164A000SIZE : 64.0 KoDRIVER : C:\Windows\system32\drivers\volsnap.sys => Invisible on the diskADDRESS : 0x013AF000SIZE : 304.0 KoDRIVER : C:\Windows\System32\DRIVERS\ApsHM64.sys => Invisible on the diskADDRESS : 0x017DD000SIZE : 40.0 KoDRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the diskADDRESS : 0x017E7000SIZE : 32.0 KoDRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the diskADDRESS : 0x01200000SIZE : 232.0 KoDRIVER : C:\Windows\System32\DRIVERS\Apsx64.sys => Invisible on the diskADDRESS : 0x0123A000SIZE : 152.0 KoDRIVER : C:\Windows\System32\Drivers\RapportKE64.sys => Invisible on the diskADDRESS : 0x01260000SIZE : 92.0 KoDRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the diskADDRESS : 0x01277000SIZE : 72.0 KoDRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the diskADDRESS : 0x017EF000SIZE : 36.0 KoDRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the diskADDRESS : 0x01AB3000SIZE : 232.0 KoDRIVER : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the diskADDRESS : 0x01AED000SIZE : 88.0 KoDRIVER : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the diskADDRESS : 0x01B03000SIZE : 192.0 KoDRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the diskADDRESS : 0x04071000SIZE : 36.0 KoDRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the diskADDRESS : 0x0407A000SIZE : 28.0 KoDRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the diskADDRESS : 0x103B2000SIZE : 56.0 KoDRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the diskADDRESS : 0x103C0000SIZE : 148.0 KoDRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the diskADDRESS : 0x103E5000SIZE : 64.0 KoDRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the diskADDRESS : 0x103F5000SIZE : 36.0 KoDRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the diskADDRESS : 0x0F200000SIZE : 36.0 KoDRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the diskADDRESS : 0x041EB000SIZE : 36.0 KoDRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the diskADDRESS : 0x041F4000SIZE : 44.0 KoDRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the diskADDRESS : 0x01BBB000SIZE : 68.0 KoDRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the diskADDRESS : 0x01BCC000SIZE : 136.0 KoDRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the diskADDRESS : 0x01BEE000SIZE : 52.0 KoDRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the diskADDRESS : 0x01A00000SIZE : 548.0 KoDRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the diskADDRESS : 0x044B9000SIZE : 276.0 KoDRIVER : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the diskADDRESS : 0x044FE000SIZE : 44.0 KoDRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the diskADDRESS : 0x04509000SIZE : 36.0 KoDRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the diskADDRESS : 0x04512000SIZE : 152.0 KoDRIVER : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the diskADDRESS : 0x04538000SIZE : 88.0 KoDRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the diskADDRESS : 0x0454E000SIZE : 60.0 KoDRIVER : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the diskADDRESS : 0x0455D000SIZE : 116.0 KoDRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the diskADDRESS : 0x0457A000SIZE : 108.0 KoDRIVER : C:\Windows\System32\drivers\Tppwr64v.sys => Invisible on the diskADDRESS : 0x04595000SIZE : 28.0 KoDRIVER : C:\Windows\system32\drivers\termdd.sys => Invisible on the diskADDRESS : 0x0459C000SIZE : 80.0 KoDRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the diskADDRESS : 0x04400000SIZE : 324.0 KoDRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the diskADDRESS : 0x04464000SIZE : 48.0 KoDRIVER : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the diskADDRESS : 0x04470000SIZE : 44.0 KoDRIVER : C:\Windows\system32\DRIVERS\smiifx64.sys => Invisible on the diskADDRESS : 0x0447B000SIZE : 28.0 KoDRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the diskADDRESS : 0x04482000SIZE : 60.0 KoDRIVER : C:\Windows\system32\drivers\csc.sys => Invisible on the diskADDRESS : 0x02E04000SIZE : 524.0 KoDRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the diskADDRESS : 0x02E87000SIZE : 120.0 KoDRIVER : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the diskADDRESS : 0x02EA5000SIZE : 68.0 KoDRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the diskADDRESS : 0x02EB6000SIZE : 152.0 KoDRIVER : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the diskADDRESS : 0x02EDC000SIZE : 88.0 KoDRIVER : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the diskADDRESS : 0x04A4D000SIZE : 11.69 MoDRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the diskADDRESS : 0x02EF2000SIZE : 976.0 KoDRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the diskADDRESS : 0x04A00000SIZE : 280.0 KoDRIVER : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the diskADDRESS : 0x02FE6000SIZE : 68.0 KoDRIVER : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the diskADDRESS : 0x04491000SIZE : 48.0 KoDRIVER : C:\Windows\system32\DRIVERS\e1c62x64.sys => Invisible on the diskADDRESS : 0x045B0000SIZE : 320.0 KoDRIVER : C:\Windows\system32\drivers\usbehci.sys => Invisible on the diskADDRESS : 0x0449D000SIZE : 68.0 KoDRIVER : C:\Windows\system32\drivers\USBPORT.SYS => Invisible on the diskADDRESS : 0x058AC000SIZE : 344.0 KoDRIVER : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the diskADDRESS : 0x05902000SIZE : 144.0 KoDRIVER : C:\Windows\system32\DRIVERS\NETwNs64.sys => Invisible on the diskADDRESS : 0x05A9B000SIZE : 8.42 MoDRIVER : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the diskADDRESS : 0x06306000SIZE : 52.0 KoDRIVER : C:\Windows\system32\DRIVERS\risdxc64.sys => Invisible on the diskADDRESS : 0x06313000SIZE : 120.0 KoDRIVER : C:\Windows\system32\drivers\i8042prt.sys => Invisible on the diskADDRESS : 0x0636F000SIZE : 120.0 KoDRIVER : C:\Windows\system32\drivers\kbdclass.sys => Invisible on the diskADDRESS : 0x0638D000SIZE : 60.0 KoDRIVER : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the diskADDRESS : 0x068A3000SIZE : 1.36 MoDRIVER : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the diskADDRESS : 0x06800000SIZE : 8.0 KoDRIVER : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the diskADDRESS : 0x06802000SIZE : 60.0 KoDRIVER : C:\Windows\system32\drivers\tpm.sys => Invisible on the diskADDRESS : 0x06811000SIZE : 60.0 KoDRIVER : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the diskADDRESS : 0x06820000SIZE : 20.0 KoDRIVER : C:\Windows\system32\DRIVERS\ibmpmdrv.sys => Invisible on the diskADDRESS : 0x06825000SIZE : 52.0 KoDRIVER : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys => Invisible on the diskADDRESS : 0x06832000SIZE : 52.0 KoDRIVER : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the diskADDRESS : 0x0683F000SIZE : 36.0 KoDRIVER : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the diskADDRESS : 0x06848000SIZE : 64.0 KoDRIVER : C:\Windows\system32\drivers\tbhsd.sys => Invisible on the diskADDRESS : 0x06858000SIZE : 64.0 KoDRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the diskADDRESS : 0x0639C000SIZE : 244.0 KoDRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the diskADDRESS : 0x06868000SIZE : 136.0 KoDRIVER : C:\Windows\system32\drivers\ks.sys => Invisible on the diskADDRESS : 0x05A00000SIZE : 268.0 KoDRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the diskADDRESS : 0x0688A000SIZE : 24.0 KoDRIVER : C:\Windows\System32\Drivers\RootMdm.sys => Invisible on the diskADDRESS : 0x06890000SIZE : 32.0 KoDRIVER : C:\Windows\system32\drivers\modem.sys => Invisible on the diskADDRESS : 0x05A43000SIZE : 60.0 KoDRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the diskADDRESS : 0x05A52000SIZE : 88.0 KoDRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the diskADDRESS : 0x05A68000SIZE : 144.0 KoDRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the diskADDRESS : 0x05A8C000SIZE : 48.0 KoDRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the diskADDRESS : 0x05926000SIZE : 188.0 KoDRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the diskADDRESS : 0x063D9000SIZE : 108.0 KoDRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the diskADDRESS : 0x05955000SIZE : 132.0 KoDRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the diskADDRESS : 0x05976000SIZE : 104.0 KoDRIVER : C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys => Invisible on the diskADDRESS : 0x05990000SIZE : 72.0 KoDRIVER : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the diskADDRESS : 0x06898000SIZE : 44.0 KoDRIVER : C:\Windows\system32\DRIVERS\rrnetcap.sys => Invisible on the diskADDRESS : 0x063F4000SIZE : 48.0 KoDRIVER : C:\Windows\system32\DRIVERS\psadd.sys => Invisible on the diskADDRESS : 0x059A2000SIZE : 56.0 KoDRIVER : C:\Windows\system32\DRIVERS\Tvti2c.sys => Invisible on the diskADDRESS : 0x059B0000SIZE : 56.0 KoDRIVER : C:\Windows\system32\drivers\swenum.sys => Invisible on the diskADDRESS : 0x05A98000SIZE : 8.0 KoDRIVER : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the diskADDRESS : 0x059BE000SIZE : 72.0 KoDRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the diskADDRESS : 0x05800000SIZE : 360.0 KoDRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the diskADDRESS : 0x0585A000SIZE : 84.0 KoDRIVER : C:\Windows\system32\drivers\CHDRT64.sys => Invisible on the diskADDRESS : 0x0823E000SIZE : 1.56 MoDRIVER : C:\Windows\system32\DRIVERS\IntcDAud.sys => Invisible on the diskADDRESS : 0x08400000SIZE : 332.0 KoDRIVER : C:\Windows\System32\win32k.sys => Invisible on the diskADDRESS : 0x000E0000SIZE : 3.08 MoDRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the diskADDRESS : 0x08453000SIZE : 48.0 KoDRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the diskADDRESS : 0x0845F000SIZE : 56.0 KoDRIVER : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the diskADDRESS : 0x0846D000SIZE : 1.33 MoDRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the diskADDRESS : 0x085C1000SIZE : 76.0 KoDRIVER : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the diskADDRESS : 0x085D4000SIZE : 116.0 KoDRIVER : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the diskADDRESS : 0x085F1000SIZE : 56.0 KoDRIVER : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the diskADDRESS : 0x08200000SIZE : 100.0 KoDRIVER : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the diskADDRESS : 0x08219000SIZE : 36.0 KoDRIVER : C:\Windows\system32\DRIVERS\5U877.sys => Invisible on the diskADDRESS : 0x083CE000SIZE : 164.0 KoDRIVER : C:\Windows\system32\DRIVERS\STREAM.SYS => Invisible on the diskADDRESS : 0x08222000SIZE : 68.0 KoDRIVER : C:\Windows\system32\DRIVERS\ElcMouLFlt.sys => Invisible on the diskADDRESS : 0x08233000SIZE : 44.0 KoDRIVER : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the diskADDRESS : 0x0586F000SIZE : 52.0 KoDRIVER : C:\Windows\system32\DRIVERS\ElcMouUFlt.sys => Invisible on the diskADDRESS : 0x0587C000SIZE : 44.0 KoDRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the diskADDRESS : 0x05887000SIZE : 56.0 KoDRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the diskADDRESS : 0x00540000SIZE : 40.0 KoDRIVER : C:\Windows\System32\cdd.dll => Invisible on the diskADDRESS : 0x00680000SIZE : 156.0 KoDRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the diskADDRESS : 0x059D0000SIZE : 140.0 KoDRIVER : C:\Windows\system32\drivers\mbam.sys => Invisible on the diskADDRESS : 0x059F3000SIZE : 40.0 KoDRIVER : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the diskADDRESS : 0x04081000SIZE : 132.0 KoDRIVER : C:\Windows\system32\DRIVERS\WinUSB.sys => Invisible on the diskADDRESS : 0x06331000SIZE : 68.0 KoDRIVER : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the diskADDRESS : 0x040A2000SIZE : 196.0 KoDRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the diskADDRESS : 0x06342000SIZE : 84.0 KoDRIVER : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the diskADDRESS : 0x040D3000SIZE : 332.0 KoDRIVER : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the diskADDRESS : 0x06357000SIZE : 76.0 KoDRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the diskADDRESS : 0x04126000SIZE : 96.0 KoDRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the diskADDRESS : 0x03CAF000SIZE : 804.0 KoDRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the diskADDRESS : 0x03D78000SIZE : 120.0 KoDRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the diskADDRESS : 0x03D96000SIZE : 96.0 KoDRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the diskADDRESS : 0x03DAE000SIZE : 180.0 KoDRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the diskADDRESS : 0x03C00000SIZE : 312.0 KoDRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the diskADDRESS : 0x03C4E000SIZE : 144.0 KoDRIVER : C:\Windows\system32\DRIVERS\NisDrvWFP.sys => Invisible on the diskADDRESS : 0x03C72000SIZE : 132.0 KoDRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the diskADDRESS : 0x0413E000SIZE : 664.0 KoDRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the diskADDRESS : 0x03C93000SIZE : 44.0 KoDRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the diskADDRESS : 0x011C9000SIZE : 196.0 KoDRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the diskADDRESS : 0x03DDB000SIZE : 72.0 KoDRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the diskADDRESS : 0x08020000SIZE : 420.0 KoDRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the diskADDRESS : 0x08089000SIZE : 608.0 KoDRIVER : C:\Windows\System32\smss.exe => Invisible on the diskADDRESS : 0x47720000SIZE : 128.0 KoBCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)SystemStartOptions : NOEXECUTE=OPTIN_______________________________________________________________________________________MBR \Device\Harddisk0\DR0 0x00000000 EB 0E 0A 00 04 00 C0 09 00 00 00 00 00 00 4E 50 ë.....À.......NP0x00000010 FA 33 C0 BC 00 66 8E D0 50 07 50 1F FB FC BE 09 ú3À¼.f.ÐP.P.ûü¾.0x00000020 00 89 14 BF 00 08 BE 00 7C B9 00 01 F3 A5 50 BF ...¿..¾.|¹..ó¥P¿0x00000030 34 08 57 CB BB 00 06 BE 02 08 0F B6 0C B8 01 02 4.WË»..¾...¶.¸..0x00000040 BA 80 00 CD 13 BA 05 00 BF 00 06 B9 00 02 E8 24 º..Í.º..¿..¹..è$0x00000050 01 B9 05 00 BB 00 12 BE 00 06 03 F1 E8 FF 00 EB .¹..»..¾...ñè..ë0x00000060 0A B3 01 BE A7 12 88 1C E9 89 00 E8 2D 00 3C 01 .³.¾§...é..è-.<.0x00000070 74 EF E8 52 00 3C 01 74 E8 BA 04 00 BF 00 0A B9 tïèR.<.tèº..¿..¹0x00000080 A7 08 E8 F0 00 E8 35 05 E9 88 01 BE 05 08 0A 04 §.èð.è5.é..¾....0x00000090 88 04 B1 01 BB 00 08 E8 B9 00 C3 BE 00 06 E8 17 ..±.»..è¹.þ..è.0x000000A0 00 BE 23 06 80 3C 00 74 0C 3C 00 74 08 B0 02 E8 .¾#..<.t.<.t.°.è0x000000B0 D9 FF B0 01 C3 B0 00 C3 B9 00 02 4E 32 C0 8B D9 Ù.°.ð.ù..N2À.Ù0x000000C0 8A 10 32 C2 E2 F8 C3 B9 05 00 51 B8 00 02 F7 E1 ..2Ââøù..Q¸..÷á0x000000D0 05 00 08 8B F0 E8 E0 FF 5E 56 0F B6 8C 05 06 E3 ....ðèà.^V.¶...ã0x000000E0 04 38 C1 75 06 59 E2 E2 B0 00 C3 59 B0 01 E8 9A .8Áu.Yââ°.ÃY°.è.0x000000F0 FF B0 01 C3 BE 07 08 0F B6 0C B8 01 02 BB 00 7C .°.þ...¶.¸..».|0x00000100 BA 80 00 CD 13 BE 00 7C E8 AD FF BE 06 08 0F B6 º..Í.¾.|è.¾...¶0x00000110 0C E3 1C 38 C1 74 18 B0 04 E8 6F FF BE AF 07 E8 .ã.8Át.°.èo.¾¯.è0x00000120 8C 02 BE A7 12 80 3C 01 74 03 E8 0A 01 CD 18 BE ..¾§..<.t.è..Í.¾0x00000130 BE 09 BF BE 7D B9 20 00 F3 A5 BA 04 00 BF 00 7C ¾.¿¾}¹ .ó¥º..¿.|0x00000140 B9 BE 01 E8 2F 00 BE 09 00 8B 14 33 C0 50 BF 00 ¹¾.è/.¾....3ÀP¿.0x00000150 7C 57 CB 32 ED B8 01 03 BA 80 00 CD 13 C3 51 4E |WË2í¸..º..Í.ÃQN0x00000160 0F B6 0C E3 08 B8 01 02 BA 80 00 CD 13 81 EB 00 .¶.ã.¸..º..Í..ë.0x00000170 02 59 E2 EA C3 52 57 51 B8 00 BB CD 1A 72 2B 66 .YâêÃRWQ¸.»Í.r+f0x00000180 83 F8 00 75 25 81 F9 02 01 7C 1F 66 81 FB 54 43 .ø.u%.ù..|.f.ûTC0x00000190 50 41 75 16 33 C0 8E C0 66 33 F6 B8 07 BB 66 33 PAu.3À.Àf3ö¸.»f30x000001A0 C9 66 33 D2 59 5F 5A CD 1A C3 59 5F 5A C3 00 00 Éf3ÒY_ZÍ.ÃY_ZÃ..0x000001B0 6D 00 00 00 00 62 7A 99 50 4A 3A A1 00 00 80 20 m....bz.PJ:¡... 0x000001C0 21 00 07 1B 02 99 00 08 00 00 00 80 25 00 00 1B !...........%...0x000001D0 03 99 07 FE FF FF 00 88 25 00 F8 4F DA 38 00 FE ...þ....%.øOÚ8.þ0x000001E0 FF FF 07 FE FF FF 00 D8 FF 38 00 80 38 01 00 00 ...þ...Ø.8..8...0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª Link to post Share on other sites More sharing options...
Recommended Posts