Jump to content

Infected with White smoke


Korivo

Recommended Posts

Hi all,

Im stuck with White Smoke toolbar.

Got it from a Video converter progrem (Super video editor), it use to be a safe shareware.

I did uninstall the video converter and everything related to White Smoke from the add/remove program, but the god damn tool bar remains.

Im running winx XP pro.

Here isthe log gilesfor Malwarebytes' Anti-Malware.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7698

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

12/09/2011 11:37:54 AM

mbam-log-2011-09-12 (11-37-54).txt

Scan type: Quick scan

Objects scanned: 200211

Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Attached is the log file for DDS/GMER log files:

Thanks a lot for your help

gmer.log

Link to post
Share on other sites

Hi Elise025, thanks for the warm welcome :)

Here is the log file:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Mat at 8:01:54.78 on 12/09/2011

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2223 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\vVX3000.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Zecter\ZumoDrive\zumodrive.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mat\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: IGMONObj Class: {02464ddc-3187-11d8-8004-0020ed227566} - c:\program files\igetter\integration\IGMON.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [ZumoDrive] c:\program files\zecter\zumodrive\ZumoLauncher.lnk

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [ultraMon] "c:\program files\ultramon\UltraMon.exe" /auto

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [VX3000] c:\windows\vVX3000.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: ulaval.ca\vpn-externe1

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 74.208.105.171 gs.apple.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\mat\applic~1\mozilla\firefox\profiles\9icywbt9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

FF - prefs.js: browser.startup.homepage - google.ca

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=2&q=

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\mat\application data\mozilla\firefox\profiles\9icywbt9.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\documents and settings\mat\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-27 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-20 309848]

R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2011-3-31 147416]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2008-8-29 33824]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-20 19544]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-20 42184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-11 366640]

R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384]

R2 msftesql$DIXPX;SQL Server FullText Search (DIXPX);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2005-8-26 92880]

R2 MSSQL$DIXPX;SQL Server (DIXPX);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2005-10-14 28768528]

R2 SQLAgent$DIXPX;SQL Server Agent (DIXPX);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2005-10-14 318680]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-5-31 38656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-11 22712]

R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2010-6-18 28672]

S3 MA8012M;MA8012M;c:\windows\system32\drivers\MA8012M.sys [2008-8-29 25300]

S3 MA8012U;MA8012U;c:\windows\system32\drivers\MA8012U.sys [2008-8-29 48734]

S3 MA8512M;MA8512M;c:\windows\system32\drivers\MA8512M.sys [2008-8-30 25300]

S3 MA8512U;MA8512U;c:\windows\system32\drivers\MA8512U.sys [2008-8-30 49106]

S3 MSOLAP$DIXPX;SQL Server Analysis Services (DIXPX);c:\program files\microsoft sql server\mssql.2\olap\bin\msmdsrv.exe [2005-10-14 14557912]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

S3 ReportServer$DIXPX;SQL Server Reporting Services (DIXPX);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2005-10-14 14552]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

.

=============== Created Last 30 ================

.

2011-09-11 21:06:23 388096 ----a-r- c:\docume~1\mat\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-09-11 21:06:22 -------- d-----w- c:\program files\Trend Micro

2011-09-11 13:59:17 -------- d-----w- c:\program files\VS Revo Group

2011-09-11 13:57:06 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-11 13:57:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-11 13:57:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-07 03:11:24 438272 ----a-w- c:\windows\system32\vp6vfw.dll

2011-09-07 03:07:58 -------- d-----w- c:\docume~1\mat\applic~1\WhiteSmoke

2011-09-07 03:06:51 -------- d-----w- c:\program files\WhiteSmoke

2011-09-07 03:06:28 -------- d-----w- c:\docume~1\mat\locals~1\applic~1\Conduit

2011-09-07 03:05:46 -------- d-----w- c:\program files\eRightSoft

2011-09-05 23:16:55 -------- d-----w- c:\docume~1\mat\applic~1\iGetter

2011-09-05 23:16:50 -------- d-----w- c:\program files\iGetter

.

==================== Find3M ====================

.

2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr

2011-06-27 14:02:46 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-06-27 14:02:46 1 ----a-w- c:\windows\system32\nvdrssel.bin

.

============= FINISH: 8:09:04.75 ===============

Thanks.

Link to post
Share on other sites

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Here it is:

ComboFix 11-09-12.03 - Mat 12/09/2011 16:52:44.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2624 [GMT -4:00]

Running from: c:\documents and settings\Mat\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\DIXPXDEV\ASPNET\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\DIXPXDEV\ASPNET\Local Settings\Application Data\ApplicationHistory\3d1025f1.4400e6b2.ini

c:\documents and settings\DIXPXDEV\ASPNET\Local Settings\Application Data\ApplicationHistory\3d1025f1.4400e6b2.ini.inuse

c:\documents and settings\DIXPXDEV\ASPNET\Local Settings\Application Data\ApplicationHistory\8d69a834.4400e6b2.ini

c:\documents and settings\DIXPXDEV\ASPNET\Local Settings\Application Data\ApplicationHistory\aspnet_wp.exe.4400e6b2.ini

c:\documents and settings\DIXPXDEV\ASPNET\Local Settings\Application Data\ApplicationHistory\c1edeba4.4400e6b2.ini

c:\documents and settings\DIXPXDEV\ASPNET\Local Settings\Application Data\ApplicationHistory\cd0ef584.4400e6b2.ini

c:\documents and settings\Mat\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Mat\Local Settings\Application Data\ApplicationHistory\devenv.exe.6262e30a.ini

c:\documents and settings\Mat\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\windows\kb913800.exe

c:\windows\system32\Cache

.

.

((((((((((((((((((((((((( Files Created from 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))))

.

.

2011-09-12 20:50 . 2011-09-12 20:51 -------- d-----w- C:\32788R22FWJFW

2011-09-11 21:06 . 2011-09-11 21:06 388096 ----a-r- c:\documents and settings\Mat\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-11 21:06 . 2011-09-11 21:06 -------- d-----w- c:\program files\Trend Micro

2011-09-11 13:59 . 2011-09-11 13:59 -------- d-----w- c:\program files\VS Revo Group

2011-09-11 13:57 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-11 13:57 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-11 13:57 . 2011-09-11 13:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-07 03:11 . 2011-09-07 03:11 438272 ----a-w- c:\windows\system32\vp6vfw.dll

2011-09-07 03:07 . 2011-09-07 03:08 -------- d-----w- c:\documents and settings\Mat\Application Data\WhiteSmoke

2011-09-07 03:06 . 2011-09-07 03:29 -------- d-----w- c:\program files\WhiteSmoke

2011-09-07 03:06 . 2011-09-11 13:38 -------- d-----w- c:\documents and settings\Mat\Local Settings\Application Data\Conduit

2011-09-07 03:05 . 2011-09-11 18:47 -------- d-----w- c:\program files\eRightSoft

2011-09-05 23:16 . 2011-09-05 23:17 -------- d-----w- c:\documents and settings\Mat\Application Data\iGetter

2011-09-05 23:16 . 2011-09-11 13:35 -------- d-----w- c:\program files\iGetter

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-04 11:43 . 2010-11-20 15:41 40112 ----a-w- c:\windows\avastSS.scr

2011-07-04 11:43 . 2010-11-20 15:41 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-04 11:36 . 2011-07-27 15:27 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-04 11:36 . 2010-11-20 15:42 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-04 11:35 . 2010-11-20 15:42 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-04 11:35 . 2010-11-20 15:41 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-07-04 11:35 . 2010-11-20 15:41 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-07-04 11:32 . 2010-11-20 15:42 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-04 11:32 . 2010-11-20 15:41 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-07-04 11:32 . 2010-11-20 15:42 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-09 23:18 . 2011-05-12 00:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-12-18 01:40 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-12-18 01:40 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-12-18 01:40 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-12-18 01:40 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-12-18 01:40 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2011-03-31 1640]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 18082304]

"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-13 304640]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762208]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2008-06-22 20:48 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]

2009-06-11 15:17 3618104 ------w- c:\program files\Brownie\BrStsWnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-09-06 00:39 133104 ----atw- c:\documents and settings\Mat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2009-07-24 20:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2007-10-25 21:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-10-25 21:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-07-29 16:31 17361032 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]

2009-07-24 20:05 762208 ----a-w- c:\windows\vVX3000.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Left 4 Dead\\left4dead.exe"=

"c:\\Program Files\\Microsoft SQL Server\\90\\Tools\\binn\\VSShell\\Common7\\IDE\\SqlWb.exe"=

"c:\\Program Files\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe"=

"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Zecter\\ZumoDrive\\zumodrive.exe"=

"c:\\Program Files\\Realtek\\Transcode Server\\TranscodeServer.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1433:TCP"= 1433:TCP:Sql Server

"4500:UDP"= 4500:UDP:IPsec (IKE NAT-T)

"500:UDP"= 500:UDP:IPsec (IKE)

"135:TCP"= 135:TCP:RPC Endpoint Mapper and DCOM infrastructure

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/07/2011 11:27 AM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/11/2010 11:42 AM 309848]

R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [31/03/2011 7:12 PM 147416]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [29/08/2008 6:31 PM 33824]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/11/2010 11:42 AM 19544]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/09/2011 9:57 AM 366640]

R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [14/10/2005 3:45 AM 199384]

R2 msftesql$DIXPX;SQL Server FullText Search (DIXPX);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [26/08/2005 4:00 PM 92880]

R2 MSSQL$DIXPX;SQL Server (DIXPX);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [14/10/2005 3:51 AM 28768528]

R2 SQLAgent$DIXPX;SQL Server Agent (DIXPX);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [14/10/2005 3:51 AM 318680]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [24/09/2006 9:22 PM 11776]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [31/05/2008 4:36 PM 38656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/09/2011 9:57 AM 22712]

R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [24/09/2006 9:23 PM 3584]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [18/06/2010 12:27 AM 28672]

S3 MA8012M;MA8012M;c:\windows\system32\drivers\MA8012M.sys [29/08/2008 6:17 PM 25300]

S3 MA8012U;MA8012U;c:\windows\system32\drivers\MA8012U.sys [29/08/2008 6:17 PM 48734]

S3 MA8512M;MA8512M;c:\windows\system32\drivers\MA8512M.sys [30/08/2008 1:32 PM 25300]

S3 MA8512U;MA8512U;c:\windows\system32\drivers\MA8512U.sys [30/08/2008 1:32 PM 49106]

S3 MSOLAP$DIXPX;SQL Server Analysis Services (DIXPX);c:\program files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [14/10/2005 3:46 AM 14557912]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 4:22 PM 34064]

S3 ReportServer$DIXPX;SQL Server Reporting Services (DIXPX);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [14/10/2005 3:44 AM 14552]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 7:01 AM 2799808]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1958367476-725345543-1003Core.job

- c:\documents and settings\Mat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 00:39]

.

2011-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1958367476-725345543-1003UA.job

- c:\documents and settings\Mat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 00:39]

.

2011-07-30 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job

- c:\windows\vVX3000.exe [2010-02-13 20:05]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: ulaval.ca\vpn-externe1

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

FF - prefs.js: browser.startup.homepage - google.ca

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-36538398.sys

MSConfigStartUp-FileZilla Server Interface - c:\program files\FileZilla Server\FileZilla Server Interface.exe

MSConfigStartUp-fiqlqrulycuybl - c:\documents and settings\mat\local settings\application data\ufyasxnij\ymabrsq.exe

MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

MSConfigStartUp-Steam - c:\program files\steam\steam.exe

MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe

AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Mat\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-12 17:04

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msftesql$DIXPX]

"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:DIXPX"

.

Completion time: 2011-09-12 17:10:17

ComboFix-quarantined-files.txt 2011-09-12 21:09

.

Pre-Run: 18,666,483,712 bytes free

Post-Run: 18,632,323,072 bytes free

.

- - End Of File - - 38361F2326EEA30791F2769C56F8D0CD

Link to post
Share on other sites

Hi again, please let me know how things are after the following steps.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


Firefox::
FF - ProfilePath - c:\documents and settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hi, thanks for following up on this Elise.

Here is the log file:

ComboFix 11-09-12.05 - Mat 13/09/2011 7:09.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2636 [GMT -4:00]

Running from: c:\documents and settings\Mat\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mat\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))

.

.

2011-09-11 21:06 . 2011-09-11 21:06 388096 ----a-r- c:\documents and settings\Mat\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-11 21:06 . 2011-09-11 21:06 -------- d-----w- c:\program files\Trend Micro

2011-09-11 13:59 . 2011-09-11 13:59 -------- d-----w- c:\program files\VS Revo Group

2011-09-11 13:57 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-11 13:57 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-11 13:57 . 2011-09-11 13:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-07 03:11 . 2011-09-07 03:11 438272 ----a-w- c:\windows\system32\vp6vfw.dll

2011-09-07 03:07 . 2011-09-07 03:08 -------- d-----w- c:\documents and settings\Mat\Application Data\WhiteSmoke

2011-09-07 03:06 . 2011-09-07 03:29 -------- d-----w- c:\program files\WhiteSmoke

2011-09-07 03:06 . 2011-09-11 13:38 -------- d-----w- c:\documents and settings\Mat\Local Settings\Application Data\Conduit

2011-09-07 03:05 . 2011-09-11 18:47 -------- d-----w- c:\program files\eRightSoft

2011-09-05 23:16 . 2011-09-05 23:17 -------- d-----w- c:\documents and settings\Mat\Application Data\iGetter

2011-09-05 23:16 . 2011-09-11 13:35 -------- d-----w- c:\program files\iGetter

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-04 11:43 . 2010-11-20 15:41 40112 ----a-w- c:\windows\avastSS.scr

2011-07-04 11:43 . 2010-11-20 15:41 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-07-04 11:36 . 2011-07-27 15:27 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-07-04 11:36 . 2010-11-20 15:42 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-07-04 11:35 . 2010-11-20 15:42 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-07-04 11:35 . 2010-11-20 15:41 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-07-04 11:35 . 2010-11-20 15:41 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-07-04 11:32 . 2010-11-20 15:42 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-07-04 11:32 . 2010-11-20 15:41 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-07-04 11:32 . 2010-11-20 15:42 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-09-09 23:18 . 2011-05-12 00:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-12_21.04.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-13 11:04 . 2011-09-13 11:04 16384 c:\windows\Temp\Perflib_Perfdata_c6c.dat

+ 2011-09-13 11:04 . 2011-09-13 11:04 16384 c:\windows\Temp\Perflib_Perfdata_92c.dat

+ 2011-09-13 11:03 . 2011-09-13 11:03 16384 c:\windows\Temp\Perflib_Perfdata_33c.dat

+ 2009-05-17 19:38 . 2011-09-12 21:22 8128 c:\windows\system32\d3d9caps.dat

- 2009-05-17 19:38 . 2011-09-12 19:37 8128 c:\windows\system32\d3d9caps.dat

+ 2008-12-23 03:19 . 2011-09-13 11:07 241734 c:\windows\system32\inetsrv\MetaBase.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-12-18 01:40 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-12-18 01:40 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-12-18 01:40 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-12-18 01:40 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-12-18 01:40 754176 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZumoDrive"="c:\program files\Zecter\ZumoDrive\ZumoLauncher.lnk" [2011-03-31 1640]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 18082304]

"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-13 304640]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]

"VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762208]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2008-06-22 20:48 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]

2009-06-11 15:17 3618104 ------w- c:\program files\Brownie\BrStsWnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-09-06 00:39 133104 ----atw- c:\documents and settings\Mat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2009-07-24 20:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2007-10-25 21:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-10-25 21:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-07-29 16:31 17361032 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]

2009-07-24 20:05 762208 ----a-w- c:\windows\vVX3000.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Left 4 Dead\\left4dead.exe"=

"c:\\Program Files\\Microsoft SQL Server\\90\\Tools\\binn\\VSShell\\Common7\\IDE\\SqlWb.exe"=

"c:\\Program Files\\Microsoft Visual Studio 9.0\\Common7\\IDE\\devenv.exe"=

"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Zecter\\ZumoDrive\\zumodrive.exe"=

"c:\\Program Files\\Realtek\\Transcode Server\\TranscodeServer.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1433:TCP"= 1433:TCP:Sql Server

"4500:UDP"= 4500:UDP:IPsec (IKE NAT-T)

"500:UDP"= 500:UDP:IPsec (IKE)

"135:TCP"= 135:TCP:RPC Endpoint Mapper and DCOM infrastructure

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27/07/2011 11:27 AM 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/11/2010 11:42 AM 309848]

R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [31/03/2011 7:12 PM 147416]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [29/08/2008 6:31 PM 33824]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/11/2010 11:42 AM 19544]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/09/2011 9:57 AM 366640]

R2 msftesql$DIXPX;SQL Server FullText Search (DIXPX);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [26/08/2005 4:00 PM 92880]

R2 MSSQL$DIXPX;SQL Server (DIXPX);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [14/10/2005 3:51 AM 28768528]

R2 SQLAgent$DIXPX;SQL Server Agent (DIXPX);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [14/10/2005 3:51 AM 318680]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [24/09/2006 9:22 PM 11776]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [31/05/2008 4:36 PM 38656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/09/2011 9:57 AM 22712]

R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [24/09/2006 9:23 PM 3584]

S2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [14/10/2005 3:45 AM 199384]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [18/06/2010 12:27 AM 28672]

S3 MA8012M;MA8012M;c:\windows\system32\drivers\MA8012M.sys [29/08/2008 6:17 PM 25300]

S3 MA8012U;MA8012U;c:\windows\system32\drivers\MA8012U.sys [29/08/2008 6:17 PM 48734]

S3 MA8512M;MA8512M;c:\windows\system32\drivers\MA8512M.sys [30/08/2008 1:32 PM 25300]

S3 MA8512U;MA8512U;c:\windows\system32\drivers\MA8512U.sys [30/08/2008 1:32 PM 49106]

S3 MSOLAP$DIXPX;SQL Server Analysis Services (DIXPX);c:\program files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [14/10/2005 3:46 AM 14557912]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 4:22 PM 34064]

S3 ReportServer$DIXPX;SQL Server Reporting Services (DIXPX);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [14/10/2005 3:44 AM 14552]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 7:01 AM 2799808]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1958367476-725345543-1003Core.job

- c:\documents and settings\Mat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 00:39]

.

2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1958367476-725345543-1003UA.job

- c:\documents and settings\Mat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 00:39]

.

2011-07-30 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job

- c:\windows\vVX3000.exe [2010-02-13 20:05]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: ulaval.ca\vpn-externe1

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\

FF - prefs.js: browser.startup.homepage - google.ca

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-13 07:31

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msftesql$DIXPX]

"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:DIXPX"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1636)

c:\program files\UltraMon\RTSUltraMonHook.dll

c:\windows\system32\msi.dll

c:\program files\Zecter\ZumoDrive\ShellExt.dll

c:\program files\Windows Media Player\wmpband.dll

c:\program files\UltraMon\Resources\en\RTSUltraMonHookRes.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\browselc.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

Completion time: 2011-09-13 07:36:57

ComboFix-quarantined-files.txt 2011-09-13 11:36

ComboFix2.txt 2011-09-12 21:10

.

Pre-Run: 18,564,550,656 bytes free

Post-Run: 18,552,532,992 bytes free

.

- - End Of File - - E54EEE2B5215F56CBD1B35A6C3564548

Link to post
Share on other sites

Hi again,

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7.
  • Look for "JDK 7 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste OTL.txt in a reply here:

  • OTL.txt <-- Will be opened

Link to post
Share on other sites

Elise,

Thanks for your recommendation, i will follow them closely.

Here is the log file:

OTL logfile created on: 13/09/2011 10:37:35 AM - Run 1

OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Mat\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 71.67% Memory free

5.09 Gb Paging File | 4.32 Gb Available in Paging File | 84.98% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 78.13 Gb Total Space | 17.38 Gb Free Space | 22.24% Space Free | Partition Type: NTFS

Drive D: | 97.65 Gb Total Space | 28.41 Gb Free Space | 29.10% Space Free | Partition Type: NTFS

Drive E: | 289.97 Gb Total Space | 200.81 Gb Free Space | 69.25% Space Free | Partition Type: NTFS

Drive G: | 117.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive Z: | 2.00 Gb Total Space | 1.88 Gb Free Space | 94.08% Space Free | Partition Type: FAT32

Computer Name: DIXPX-PC | User Name: Mat | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/13 10:37:14 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.exe

PRC - [2011/09/09 19:18:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/12/17 21:40:30 | 000,154,312 | ---- | M] (Zecter Inc.) -- C:\Program Files\Zecter\ZumoDrive\zumodrive.exe

PRC - [2009/07/24 16:05:26 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe

PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe

PRC - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

PRC - [2006/12/18 15:33:48 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/12 21:27:40 | 000,257,536 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe

PRC - [2006/10/12 21:27:20 | 000,304,640 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMon.exe

PRC - [2004/08/03 19:56:56 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe

PRC - [2004/08/03 19:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/13 08:33:34 | 000,295,424 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\temp\WindowsFolderWatcher.dll7142940073425151925.lib

MOD - [2011/09/13 08:33:27 | 000,389,632 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\temp\WindowsZFSJNI.dll1050580891518096318.lib

MOD - [2011/09/13 08:33:26 | 000,379,904 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\temp\libsqlitejdbc-6362118980633195610.lib

MOD - [2011/09/13 08:33:00 | 000,199,168 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\temp\WindowsAPI.dll8971690496808349329.lib

MOD - [2011/09/13 04:18:19 | 001,561,088 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091300\algo.dll

MOD - [2011/09/12 14:16:30 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091300\aswRep.dll

MOD - [2011/09/09 19:18:19 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/09/06 13:51:38 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components\RadioWMPCoreGecko6.dll

MOD - [2009/07/24 16:05:26 | 000,524,144 | ---- | M] () -- C:\WINDOWS\system32\LcProxy.ax

MOD - [2008/12/22 23:19:55 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll

MOD - [2007/10/19 14:17:40 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll

MOD - [2007/05/11 00:50:00 | 000,017,024 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll

MOD - [2004/08/03 19:56:44 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2004/08/03 19:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

SRV - [2008/08/08 19:36:15 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)

SRV - [2007/11/06 16:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2007/10/19 14:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

SRV - [2004/08/03 19:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2004/08/03 19:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2004/08/03 19:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/12/17 21:40:30 | 000,147,416 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs.sys -- (CbFs)

DRV - [2010/02/03 16:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009/07/24 16:05:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)

DRV - [2009/01/06 20:00:08 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/08/29 18:31:18 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)

DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2007/10/19 14:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007/10/11 22:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/10/11 21:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV - [2007/10/11 21:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)

DRV - [2007/10/11 19:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2007/10/11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007/03/20 11:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)

DRV - [2007/03/15 10:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)

DRV - [2006/09/24 21:23:14 | 000,003,584 | ---- | M] (Realtime Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys -- (UltraMonMirror)

DRV - [2006/09/24 21:22:52 | 000,011,776 | ---- | M] (Realtime Soft) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)

DRV - [2004/11/15 10:09:18 | 000,048,734 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8012U.sys -- (MA8012U)

DRV - [2004/11/11 13:55:44 | 000,025,300 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8012M.sys -- (MA8012M)

DRV - [2004/09/16 17:11:02 | 000,025,300 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8512M.sys -- (MA8512M)

DRV - [2004/09/16 17:11:00 | 000,049,106 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8512U.sys -- (MA8512U)

DRV - [2004/09/13 11:11:30 | 000,049,611 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MaRdP2K.sys -- (MaRdPnp)

DRV - [2004/08/23 15:40:04 | 000,011,089 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)

DRV - [2004/08/13 14:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/08/03 17:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-746137067-1958367476-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-746137067-1958367476-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-746137067-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"

FF - prefs.js..browser.startup.homepage: "google.ca"

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/09 19:18:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/11 09:35:07 | 000,000,000 | ---D | M]

[2009/08/31 19:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Extensions

[2009/08/31 19:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Extensions\home2@tomtom.com

[2011/09/11 09:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions

[2011/09/06 23:06:47 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}

[2010/05/07 19:13:17 | 000,000,000 | ---D | M] (View Cookies) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}

[2011/08/18 07:01:42 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\piclens@cooliris.com

[2008/12/01 08:03:12 | 000,000,000 | ---D | M] (Player ActiveX) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\playeractivex@radiopirate.com

[2011/09/06 13:51:38 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\searchplugins\conduit.xml

[2011/05/17 19:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/08/17 18:56:00 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/05/17 19:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9ICYWBT9.DEFAULT\EXTENSIONS\{4093C4DE-454A-4329-8AFF-C6B0B123C386}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9ICYWBT9.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9ICYWBT9.DEFAULT\EXTENSIONS\SROUSSEY@ILLUMINATION-FOR-DEVELOPERS.COM.XPI

[2008/12/30 14:19:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/09/09 19:18:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/12 17:04:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (IGMONObj Class) - {02464DDC-3187-11D8-8004-0020ED227566} - C:\Program Files\iGetter\Integration\IGMON.dll (Presenta Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [ultraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)

O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-746137067-1958367476-725345543-1003..\Run: [ZumoDrive] C:\Program Files\Zecter\ZumoDrive\ZumoLauncher.lnk ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-746137067-1958367476-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-746137067-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-746137067-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-746137067-1958367476-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKU\S-1-5-21-746137067-1958367476-725345543-1003\..Trusted Domains: ulaval.ca ([vpn-externe1] https in Trusted sites)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E276E4-1DF9-404E-87A1-742999E5A951}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Mat\My Documents\My Wallpapers\Default.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mat\My Documents\My Wallpapers\Default.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/05/31 12:53:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011/04/22 09:12:54 | 000,000,000 | ---D | M] - Z:\Linked Folders -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-746137067-1958367476-725345543-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/13 10:38:27 | 000,739,296 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Mat\Desktop\install_reader10_en_chra_aih.exe

[2011/09/13 10:37:15 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.exe

[2011/09/13 07:51:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/09/12 16:23:58 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/09/12 16:20:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/09/12 16:20:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/09/12 16:20:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/09/12 16:20:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/09/12 16:20:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/09/12 16:20:25 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/09/12 16:12:49 | 004,204,602 | R--- | C] (Swearware) -- C:\Documents and Settings\Mat\Desktop\ComboFix.exe

[2011/09/11 17:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/09/11 17:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Start Menu\Programs\HiJackThis

[2011/09/11 14:57:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\TFC.exe

[2011/09/11 10:22:31 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Mat\Desktop\spybotsd162.exe

[2011/09/11 10:09:42 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mat\Desktop\TDSSKiller.exe

[2011/09/11 09:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2011/09/11 09:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Start Menu\Programs\Revo Uninstaller

[2011/09/11 09:59:07 | 002,617,176 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Mat\Desktop\revosetup.exe

[2011/09/11 09:57:06 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/09/11 09:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/09/11 09:57:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/09/11 09:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/09/11 09:56:28 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mat\Desktop\mbam-setup-1.51.1.1800(1).exe

[2011/09/06 23:11:24 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll

[2011/09/06 23:08:14 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2011/09/06 23:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\WhiteSmoke

[2011/09/06 23:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke

[2011/09/06 23:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Local Settings\Application Data\Conduit

[2011/09/06 23:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft

[2011/09/05 19:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\iGetter

[2011/09/05 19:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\iGetter

[2011/08/17 18:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

========== Files - Modified Within 30 Days ==========

[2011/09/13 10:38:26 | 000,739,296 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Mat\Desktop\install_reader10_en_chra_aih.exe

[2011/09/13 10:37:14 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.exe

[2011/09/13 10:36:46 | 000,008,128 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/09/13 10:22:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1958367476-725345543-1003UA.job

[2011/09/13 08:31:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/09/13 07:52:04 | 000,271,360 | ---- | M] () -- C:\Personal Folders(1).pst

[2011/09/13 07:50:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/09/13 07:07:31 | 004,204,602 | R--- | M] (Swearware) -- C:\Documents and Settings\Mat\Desktop\ComboFix.exe

[2011/09/12 17:04:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/09/12 16:24:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/09/12 08:02:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\0y3hzzj2.exe

[2011/09/12 08:01:42 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\dds.scr

[2011/09/12 08:00:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mat\defogger_reenable

[2011/09/12 08:00:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Defogger.exe

[2011/09/11 17:06:22 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\HiJackThis.lnk

[2011/09/11 17:06:06 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\HijackThis.msi

[2011/09/11 15:16:08 | 000,001,734 | -H-- | M] () -- C:\Documents and Settings\Mat\My Documents\Default.rdp

[2011/09/11 14:57:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\TFC.exe

[2011/09/11 10:23:00 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Mat\Desktop\spybotsd162.exe

[2011/09/11 09:59:18 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Revo Uninstaller.lnk

[2011/09/11 09:59:10 | 002,617,176 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Mat\Desktop\revosetup.exe

[2011/09/11 09:56:42 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mat\Desktop\mbam-setup-1.51.1.1800(1).exe

[2011/09/11 09:45:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/09/11 07:22:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1958367476-725345543-1003Core.job

[2011/09/10 21:08:10 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mat\Desktop\TDSSKiller.exe

[2011/09/06 23:11:24 | 000,438,272 | ---- | M] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll

[2011/09/06 17:15:06 | 000,007,675 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Web.config

[2011/09/06 15:41:32 | 000,231,424 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/05 18:52:34 | 000,000,390 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Shortcut to download.lnk

[2011/08/24 13:07:06 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk

========== Files Created - No Company Name ==========

[2011/09/13 07:50:37 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/09/12 16:24:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/09/12 16:24:04 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/09/12 16:20:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/09/12 16:20:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/09/12 16:20:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/09/12 16:20:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/09/12 16:20:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/09/12 08:02:28 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\0y3hzzj2.exe

[2011/09/12 08:01:38 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\dds.scr

[2011/09/12 08:00:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mat\defogger_reenable

[2011/09/12 08:00:23 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Defogger.exe

[2011/09/11 17:06:22 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\HiJackThis.lnk

[2011/09/11 17:06:04 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\HijackThis.msi

[2011/09/11 09:59:18 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Revo Uninstaller.lnk

[2011/09/06 23:11:25 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini

[2011/09/06 23:11:25 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini

[2011/09/06 17:13:30 | 000,007,675 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Web.config

[2011/09/05 18:52:34 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Shortcut to download.lnk

[2011/02/16 20:05:06 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2011/02/16 20:05:06 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini

[2011/02/16 20:05:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2011/02/16 20:05:05 | 000,009,868 | ---- | C] () -- C:\WINDOWS\HL-2140.INI

[2011/02/16 20:05:02 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2011/02/16 20:05:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT

[2011/02/16 20:04:29 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2010/08/22 16:48:15 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/08/22 16:48:12 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/08/22 16:48:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/08/22 16:47:36 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2010/04/18 16:39:56 | 000,291,928 | ---- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\debuggee.mdmp

[2010/04/11 10:00:03 | 000,014,490 | -HS- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\1744532929

[2010/04/11 10:00:03 | 000,014,490 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1744532929

[2010/04/11 09:48:14 | 000,014,482 | -HS- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\nmA24FsrylC7

[2010/04/11 09:48:14 | 000,014,482 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\nmA24FsrylC7

[2010/03/07 16:31:58 | 000,193,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/02/13 10:36:12 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Mat\Application Data\setup_ldm.iss

[2010/02/13 10:27:56 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

[2010/01/14 21:08:29 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/12/03 10:08:17 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/05/17 15:38:52 | 000,008,128 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/03/01 11:55:40 | 000,000,573 | ---- | C] () -- C:\WINDOWS\label.ini

[2008/12/20 13:16:02 | 000,000,211 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/12/07 18:17:57 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe

[2008/12/07 18:17:57 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2008/12/07 18:17:56 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe

[2008/12/07 18:17:56 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe

[2008/12/07 18:17:56 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe

[2008/11/30 10:08:08 | 000,000,306 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/09/08 20:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI

[2008/09/08 20:11:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI

[2008/09/08 19:19:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI

[2008/09/08 19:12:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MelodyExe.INI

[2008/09/08 19:09:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI

[2008/09/08 08:06:45 | 000,000,200 | ---- | C] () -- C:\WINDOWS\QCPC60UI.dat

[2008/08/29 18:31:18 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys

[2008/06/14 11:02:30 | 000,057,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2008/06/07 07:35:39 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\fusioncache.dat

[2008/06/07 07:29:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini

[2008/06/04 10:47:01 | 000,231,424 | ---- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/05/31 19:55:53 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008/05/31 19:53:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/05/31 16:34:09 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2008/05/31 16:33:03 | 000,014,139 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008/05/31 16:17:17 | 000,014,383 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2008/05/31 16:16:38 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008/05/31 16:16:17 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008/05/31 16:14:33 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2008/05/31 16:10:51 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2008/05/31 16:10:51 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2008/05/31 16:10:41 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2008/05/31 16:10:40 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2008/05/31 16:10:38 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2008/05/31 12:56:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/05/31 12:50:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/05/31 07:57:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/05/31 07:56:22 | 001,560,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/05/02 22:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/11/26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2007/10/11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2004/08/03 20:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2004/08/03 19:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2003/01/21 01:20:21 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\AJ820503.bin

[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 08:00:00 | 000,688,790 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/08/23 08:00:00 | 000,164,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FEBE414

< End of report >

Link to post
Share on other sites

Hi again,

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlicon.png on your desktop.
  2. Copy and Paste the following code into the customscanfix.png textbox.
    :otl
    FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=2&q="
    d) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions
    [2011/09/06 23:06:47 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
    [2011/09/06 13:51:38 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\searchplugins\conduit.xml
    O37 - HKU\S-1-5-21-746137067-1958367476-725345543-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [2011/09/06 23:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke

    :commands
    [reboot]


  3. Push runfix.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click the OK button.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

Hi,

My computer did reboot but no log pop up after the reboot.

I opened up FireFox and IE, holly crap, white smoke toolbar is gone!

But its still there in google chrome.

So, since i didnt get a popup from OTL, i opened it up and run the "Run Scan".

Here is the log:

OTL logfile created on: 13/09/2011 12:34:45 PM - Run 2

OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Mat\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 77.00% Memory free

5.09 Gb Paging File | 4.50 Gb Available in Paging File | 88.43% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 78.13 Gb Total Space | 17.38 Gb Free Space | 22.24% Space Free | Partition Type: NTFS

Drive D: | 97.65 Gb Total Space | 28.41 Gb Free Space | 29.10% Space Free | Partition Type: NTFS

Drive E: | 289.97 Gb Total Space | 200.81 Gb Free Space | 69.25% Space Free | Partition Type: NTFS

Drive G: | 117.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive Z: | 2.00 Gb Total Space | 1.88 Gb Free Space | 94.08% Space Free | Partition Type: FAT32

Computer Name: DIXPX-PC | User Name: Mat | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/13 10:37:14 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.exe

PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/12/17 21:40:30 | 000,154,312 | ---- | M] (Zecter Inc.) -- C:\Program Files\Zecter\ZumoDrive\zumodrive.exe

PRC - [2009/07/24 16:05:26 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe

PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe

PRC - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

PRC - [2006/12/18 15:33:48 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/12 21:27:40 | 000,257,536 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe

PRC - [2006/10/12 21:27:20 | 000,304,640 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMon.exe

PRC - [2004/08/03 19:56:58 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr

PRC - [2004/08/03 19:56:56 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe

PRC - [2004/08/03 19:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/13 12:32:21 | 000,295,424 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\temp\WindowsFolderWatcher.dll6353207708672657732.lib

MOD - [2011/09/13 12:32:19 | 000,389,632 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\temp\WindowsZFSJNI.dll3718252300153616119.lib

MOD - [2011/09/13 12:32:19 | 000,379,904 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\temp\libsqlitejdbc-8679685966024201909.lib

MOD - [2011/09/13 12:32:07 | 000,199,168 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\temp\WindowsAPI.dll8167948943798656014.lib

MOD - [2011/09/13 08:31:20 | 001,561,088 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091301\algo.dll

MOD - [2011/09/13 08:07:24 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091301\aswRep.dll

MOD - [2009/07/24 16:05:26 | 000,524,144 | ---- | M] () -- C:\WINDOWS\system32\LcProxy.ax

MOD - [2009/04/27 17:49:26 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2008/12/22 23:19:55 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll

MOD - [2004/08/03 19:56:44 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2004/08/03 19:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

SRV - [2008/08/08 19:36:15 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)

SRV - [2007/11/06 16:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2007/10/19 14:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

SRV - [2004/08/03 19:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2004/08/03 19:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2004/08/03 19:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/12/17 21:40:30 | 000,147,416 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs.sys -- (CbFs)

DRV - [2010/02/03 16:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009/07/24 16:05:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)

DRV - [2009/01/06 20:00:08 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/08/29 18:31:18 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)

DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2007/10/19 14:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007/10/11 22:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/10/11 21:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV - [2007/10/11 21:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)

DRV - [2007/10/11 19:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2007/10/11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007/03/20 11:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)

DRV - [2007/03/15 10:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)

DRV - [2006/09/24 21:23:14 | 000,003,584 | ---- | M] (Realtime Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys -- (UltraMonMirror)

DRV - [2006/09/24 21:22:52 | 000,011,776 | ---- | M] (Realtime Soft) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)

DRV - [2004/11/15 10:09:18 | 000,048,734 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8012U.sys -- (MA8012U)

DRV - [2004/11/11 13:55:44 | 000,025,300 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8012M.sys -- (MA8012M)

DRV - [2004/09/16 17:11:02 | 000,025,300 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8512M.sys -- (MA8512M)

DRV - [2004/09/16 17:11:00 | 000,049,106 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8512U.sys -- (MA8512U)

DRV - [2004/09/13 11:11:30 | 000,049,611 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MaRdP2K.sys -- (MaRdPnp)

DRV - [2004/08/23 15:40:04 | 000,011,089 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)

DRV - [2004/08/13 14:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/08/03 17:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.startup.homepage: "google.ca"

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/09 19:18:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/13 10:40:10 | 000,000,000 | ---D | M]

[2009/08/31 19:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Extensions

[2009/08/31 19:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Extensions\home2@tomtom.com

[2011/09/13 12:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions

[2010/05/07 19:13:17 | 000,000,000 | ---D | M] (View Cookies) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}

[2011/08/18 07:01:42 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\piclens@cooliris.com

[2008/12/01 08:03:12 | 000,000,000 | ---D | M] (Player ActiveX) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\playeractivex@radiopirate.com

[2011/05/17 19:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/08/17 18:56:00 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/05/17 19:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9ICYWBT9.DEFAULT\EXTENSIONS\{4093C4DE-454A-4329-8AFF-C6B0B123C386}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9ICYWBT9.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9ICYWBT9.DEFAULT\EXTENSIONS\SROUSSEY@ILLUMINATION-FOR-DEVELOPERS.COM.XPI

[2008/12/30 14:19:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/09/09 19:18:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/12 17:04:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (IGMONObj Class) - {02464DDC-3187-11D8-8004-0020ED227566} - C:\Program Files\iGetter\Integration\IGMON.dll (Presenta Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [ultraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)

O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ZumoDrive] C:\Program Files\Zecter\ZumoDrive\ZumoLauncher.lnk ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ulaval.ca ([vpn-externe1] https in Trusted sites)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E276E4-1DF9-404E-87A1-742999E5A951}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Mat\My Documents\My Wallpapers\Default.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mat\My Documents\My Wallpapers\Default.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/05/31 12:53:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011/04/22 09:12:54 | 000,000,000 | ---D | M] - Z:\Linked Folders -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/13 12:23:02 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/09/13 10:38:27 | 000,739,296 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Mat\Desktop\install_reader10_en_chra_aih.exe

[2011/09/13 10:37:15 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.exe

[2011/09/13 07:51:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/09/12 16:23:58 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/09/12 16:20:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/09/12 16:20:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/09/12 16:20:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/09/12 16:20:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/09/12 16:20:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/09/12 16:20:25 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/09/12 16:12:49 | 004,204,602 | R--- | C] (Swearware) -- C:\Documents and Settings\Mat\Desktop\ComboFix.exe

[2011/09/11 17:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/09/11 17:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Start Menu\Programs\HiJackThis

[2011/09/11 14:57:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\TFC.exe

[2011/09/11 10:22:31 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Mat\Desktop\spybotsd162.exe

[2011/09/11 10:09:42 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mat\Desktop\TDSSKiller.exe

[2011/09/11 09:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2011/09/11 09:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Start Menu\Programs\Revo Uninstaller

[2011/09/11 09:59:07 | 002,617,176 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Mat\Desktop\revosetup.exe

[2011/09/11 09:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/09/11 09:57:03 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/09/11 09:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/09/11 09:56:28 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mat\Desktop\mbam-setup-1.51.1.1800(1).exe

[2011/09/06 23:11:24 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll

[2011/09/06 23:08:14 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2011/09/06 23:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\WhiteSmoke

[2011/09/06 23:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Local Settings\Application Data\Conduit

[2011/09/06 23:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft

[2011/09/05 19:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\iGetter

[2011/09/05 19:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\iGetter

[2011/08/17 18:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

========== Files - Modified Within 30 Days ==========

[2011/09/13 12:34:29 | 000,008,128 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/09/13 12:24:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/09/13 12:22:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1958367476-725345543-1003UA.job

[2011/09/13 10:38:26 | 000,739,296 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Mat\Desktop\install_reader10_en_chra_aih.exe

[2011/09/13 10:37:14 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.exe

[2011/09/13 07:52:04 | 000,271,360 | ---- | M] () -- C:\Personal Folders(1).pst

[2011/09/13 07:50:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/09/13 07:07:31 | 004,204,602 | R--- | M] (Swearware) -- C:\Documents and Settings\Mat\Desktop\ComboFix.exe

[2011/09/12 17:04:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/09/12 16:24:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/09/12 08:02:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\0y3hzzj2.exe

[2011/09/12 08:01:42 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\dds.scr

[2011/09/12 08:00:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mat\defogger_reenable

[2011/09/12 08:00:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Defogger.exe

[2011/09/11 17:06:22 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\HiJackThis.lnk

[2011/09/11 17:06:06 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\HijackThis.msi

[2011/09/11 15:16:08 | 000,001,734 | -H-- | M] () -- C:\Documents and Settings\Mat\My Documents\Default.rdp

[2011/09/11 14:57:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\TFC.exe

[2011/09/11 10:23:00 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Mat\Desktop\spybotsd162.exe

[2011/09/11 09:59:18 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Revo Uninstaller.lnk

[2011/09/11 09:59:10 | 002,617,176 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Mat\Desktop\revosetup.exe

[2011/09/11 09:56:42 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mat\Desktop\mbam-setup-1.51.1.1800(1).exe

[2011/09/11 09:45:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/09/11 07:22:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1958367476-725345543-1003Core.job

[2011/09/10 21:08:10 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mat\Desktop\TDSSKiller.exe

[2011/09/09 14:29:03 | 002,111,200 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\publications-et-travaux-de-robert-pages.pdf

[2011/09/08 10:25:09 | 000,176,905 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\chap7_chauvet role du conseiller.pdf

[2011/09/08 10:24:55 | 000,240,640 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Blanchard 2003 role du conseiller et plus.pdf

[2011/09/08 10:24:28 | 000,053,458 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\BilanDeCompetenceTexteDeLemoine role du conseiller.pdf

[2011/09/08 10:24:10 | 000,061,501 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\bilan contexte et autoorientation.pdf

[2011/09/08 10:24:03 | 003,270,174 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\bc tous les points tres bien.pdf

[2011/09/08 10:23:35 | 000,176,905 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\approche experiencielle chauvet.pdf

[2011/09/07 00:00:03 | 012,919,695 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\tigerKorivo.mpg.FLV

[2011/09/06 23:11:24 | 000,438,272 | ---- | M] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll

[2011/09/06 17:15:06 | 000,007,675 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Web.config

[2011/09/06 15:41:32 | 000,231,424 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/05 18:52:34 | 000,000,390 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Shortcut to download.lnk

[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/08/24 13:07:06 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk

========== Files Created - No Company Name ==========

[2011/09/13 07:50:37 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/09/12 16:24:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/09/12 16:24:04 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/09/12 16:20:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/09/12 16:20:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/09/12 16:20:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/09/12 16:20:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/09/12 16:20:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/09/12 08:02:28 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\0y3hzzj2.exe

[2011/09/12 08:01:38 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\dds.scr

[2011/09/12 08:00:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mat\defogger_reenable

[2011/09/12 08:00:23 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Defogger.exe

[2011/09/11 17:06:22 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\HiJackThis.lnk

[2011/09/11 17:06:04 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\HijackThis.msi

[2011/09/11 09:59:18 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Revo Uninstaller.lnk

[2011/09/09 14:28:50 | 002,111,200 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\publications-et-travaux-de-robert-pages.pdf

[2011/09/08 10:25:09 | 000,176,905 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\chap7_chauvet role du conseiller.pdf

[2011/09/08 10:24:55 | 000,240,640 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Blanchard 2003 role du conseiller et plus.pdf

[2011/09/08 10:24:29 | 000,053,458 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\BilanDeCompetenceTexteDeLemoine role du conseiller.pdf

[2011/09/08 10:24:11 | 000,061,501 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\bilan contexte et autoorientation.pdf

[2011/09/08 10:23:56 | 003,270,174 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\bc tous les points tres bien.pdf

[2011/09/08 10:23:36 | 000,176,905 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\approche experiencielle chauvet.pdf

[2011/09/06 23:59:52 | 012,919,695 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\tigerKorivo.mpg.FLV

[2011/09/06 23:11:25 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini

[2011/09/06 23:11:25 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini

[2011/09/06 17:13:30 | 000,007,675 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Web.config

[2011/09/05 18:52:34 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Shortcut to download.lnk

[2011/02/16 20:05:06 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2011/02/16 20:05:06 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini

[2011/02/16 20:05:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2011/02/16 20:05:05 | 000,009,868 | ---- | C] () -- C:\WINDOWS\HL-2140.INI

[2011/02/16 20:05:02 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2011/02/16 20:05:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT

[2011/02/16 20:04:29 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2010/08/22 16:48:15 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/08/22 16:48:12 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/08/22 16:48:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/08/22 16:47:36 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2010/04/18 16:39:56 | 000,291,928 | ---- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\debuggee.mdmp

[2010/04/11 10:00:03 | 000,014,490 | -HS- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\1744532929

[2010/04/11 10:00:03 | 000,014,490 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1744532929

[2010/04/11 09:48:14 | 000,014,482 | -HS- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\nmA24FsrylC7

[2010/04/11 09:48:14 | 000,014,482 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\nmA24FsrylC7

[2010/03/07 16:31:58 | 000,193,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/02/13 10:36:12 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Mat\Application Data\setup_ldm.iss

[2010/02/13 10:27:56 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

[2010/01/14 21:08:29 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/12/03 10:08:17 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/05/17 15:38:52 | 000,008,128 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/03/01 11:55:40 | 000,000,573 | ---- | C] () -- C:\WINDOWS\label.ini

[2008/12/20 13:16:02 | 000,000,211 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/12/07 18:17:57 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe

[2008/12/07 18:17:57 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2008/12/07 18:17:56 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe

[2008/12/07 18:17:56 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe

[2008/12/07 18:17:56 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe

[2008/11/30 10:08:08 | 000,000,306 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/09/08 20:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI

[2008/09/08 20:11:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI

[2008/09/08 19:19:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI

[2008/09/08 19:12:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MelodyExe.INI

[2008/09/08 19:09:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI

[2008/09/08 08:06:45 | 000,000,200 | ---- | C] () -- C:\WINDOWS\QCPC60UI.dat

[2008/08/29 18:31:18 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys

[2008/06/14 11:02:30 | 000,057,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2008/06/07 07:35:39 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\fusioncache.dat

[2008/06/07 07:29:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini

[2008/06/04 10:47:01 | 000,231,424 | ---- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/05/31 19:55:53 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008/05/31 19:53:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/05/31 16:34:09 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2008/05/31 16:33:03 | 000,014,139 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008/05/31 16:17:17 | 000,014,383 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2008/05/31 16:16:38 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008/05/31 16:16:17 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008/05/31 16:14:33 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2008/05/31 16:10:51 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2008/05/31 16:10:51 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2008/05/31 16:10:41 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2008/05/31 16:10:40 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2008/05/31 16:10:38 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2008/05/31 12:56:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/05/31 12:50:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/05/31 07:57:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/05/31 07:56:22 | 001,560,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/05/02 22:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/11/26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2007/10/11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2004/08/03 20:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2004/08/03 19:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2003/01/21 01:20:21 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\AJ820503.bin

[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 08:00:00 | 000,688,790 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/08/23 08:00:00 | 000,164,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FEBE414

< End of report >

Link to post
Share on other sites

Here you go

OTL logfile created on: 13/09/2011 2:53:48 PM - Run 3

OTL by OldTimer - Version 3.2.27.0x Folder = C:\Documents and Settings\Mat\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 67.88% Memory free

5.09 Gb Paging File | 4.19 Gb Available in Paging File | 82.33% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 78.13 Gb Total Space | 19.52 Gb Free Space | 24.98% Space Free | Partition Type: NTFS

Drive D: | 97.65 Gb Total Space | 28.41 Gb Free Space | 29.10% Space Free | Partition Type: NTFS

Drive E: | 289.97 Gb Total Space | 201.01 Gb Free Space | 69.32% Space Free | Partition Type: NTFS

Drive G: | 117.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive Z: | 2.00 Gb Total Space | 1.88 Gb Free Space | 94.08% Space Free | Partition Type: FAT32

Computer Name: DIXPX-PC | User Name: Mat | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.startup.homepage: "google.ca"

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/09 19:18:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/13 12:54:12 | 000,000,000 | ---D | M]

[2009/08/31 19:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Extensions

[2009/08/31 19:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Extensions\home2@tomtom.com

[2011/09/13 12:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions

[2010/05/07 19:13:17 | 000,000,000 | ---D | M] (View Cookies) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}

[2011/08/18 07:01:42 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\piclens@cooliris.com

[2008/12/01 08:03:12 | 000,000,000 | ---D | M] (Player ActiveX) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\playeractivex@radiopirate.com

[2011/09/13 13:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/08/17 18:56:00 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/09/13 13:12:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9ICYWBT9.DEFAULT\EXTENSIONS\{4093C4DE-454A-4329-8AFF-C6B0B123C386}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9ICYWBT9.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9ICYWBT9.DEFAULT\EXTENSIONS\SROUSSEY@ILLUMINATION-FOR-DEVELOPERS.COM.XPI

[2011/09/09 19:18:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/09/13 13:12:19 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome - Experimental ==========

CHR - default_search_provider "enabled": true,

CHR - default_search_provider "name": "Conduit",

CHR - default_search_provider "search_url": "http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT3007394",

CHR - default_search_provider "suggest_url": "http://search.conduit.com/"

CHR - plugin - "name": "Chrome PDF Viewer","enabled": true,"path": "C:\\Documents and Settings\\Mat\\Local Settings\\Application Data\\Google\\Chrome\\Application\\9.0.597.98\\pdf.dll",

CHR - plugin - "name": "Google Gears 0.5.33.0","enabled": true,"path": "C:\\Documents and Settings\\Mat\\Local Settings\\Application Data\\Google\\Chrome\\Application\\9.0.597.98\\gears.dll",

CHR - plugin - "name": "Shockwave Flash","enabled": true,"path": "C:\\Documents and Settings\\Mat\\Local Settings\\Application Data\\Google\\Chrome\\Application\\9.0.597.98\\gcswf32.dll",

CHR - plugin - "name": "Adobe Acrobat","enabled": true,"path": "C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Browser\\nppdf32.dll",

CHR - plugin - "name": "2007 Microsoft Office system","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\NPOFF12.DLL",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin.dll",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin2.dll",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin3.dll",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin4.dll",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin5.dll",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin6.dll",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin7.dll",

CHR - plugin - "name": "AOL Media Playback Plugin","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npunagi2.dll",

CHR - plugin - "name": "Microsoft\u00AE DRM","enabled": true,"path": "C:\\Program Files\\Windows Media Player\\npdrmv2.dll",

CHR - plugin - "name": "Windows Media Player Plug-in Dynamic Link Library","enabled": true,"path": "C:\\Program Files\\Windows Media Player\\npdsplay.dll",

CHR - plugin - "name": "Microsoft\u00AE DRM","enabled": true,"path": "C:\\Program Files\\Windows Media Player\\npwmsdrm.dll",

CHR - plugin - "name": "Google Update","enabled": true,"path": "C:\\Documents and Settings\\Mat\\Local Settings\\Application Data\\Google\\Update\\1.2.183.39\\npGoogleOneClick8.dll",

CHR - plugin - "name": "Silverlight Plug-In","enabled": true,"path": "C:\\Program Files\\Microsoft Silverlight\\4.0.50401.0\\npctrl.dll",

CHR - plugin - "name": "iTunes Application Detector","enabled": true,"path": "C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll",

CHR - plugin - "name": "Windows Presentation Foundation","enabled": true,"path": "C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll",

CHR - plugin - "name": "Shockwave Flash","enabled": true,"path": "C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32.dll",

CHR - plugin - "name": "Default Plug-in","enabled": true,"path": "default_plugin",

O1 HOSTS File: ([2011/09/12 17:04:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (IGMONObj Class) - {02464DDC-3187-11D8-8004-0020ED227566} - C:\Program Files\iGetter\Integration\IGMON.dll (Presenta Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [ultraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)

O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ZumoDrive] C:\Program Files\Zecter\ZumoDrive\ZumoLauncher.lnk ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ulaval.ca ([vpn-externe1] https in Trusted sites)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E276E4-1DF9-404E-87A1-742999E5A951}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Mat\My Documents\My Wallpapers\Default.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mat\My Documents\My Wallpapers\Default.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/05/31 12:53:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011/04/22 09:12:54 | 000,000,000 | ---D | M] - Z:\Linked Folders -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

< End of report >

Link to post
Share on other sites

Rerun OTLx.exe and copy/paste the following text into the "custom scan/fix" field. Click Run Fix. When done, let me know if Chrome still has the WhiteSmoke toolbar.

:otl
CHR - default_search_provider "name": "Conduit",
CHR - default_search_provider "search_url": "http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT3007394",
CHR - default_search_provider "suggest_url": "http://search.conduit.com/"

Link to post
Share on other sites

There you go Elise:

OTL logfile created on: 14/09/2011 11:06:29 AM - Run 4

OTL by OldTimer - Version 3.2.28.1 Folder = C:\Documents and Settings\Mat\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 38.58% Memory free

5.09 Gb Paging File | 3.02 Gb Available in Paging File | 59.28% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 78.13 Gb Total Space | 19.24 Gb Free Space | 24.62% Space Free | Partition Type: NTFS

Drive D: | 97.65 Gb Total Space | 28.41 Gb Free Space | 29.10% Space Free | Partition Type: NTFS

Drive E: | 289.97 Gb Total Space | 201.01 Gb Free Space | 69.32% Space Free | Partition Type: NTFS

Drive G: | 117.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DIXPX-PC | User Name: Mat | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/14 11:06:11 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTLx.exe

PRC - [2011/09/13 13:12:19 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2011/09/09 19:18:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/02/09 23:14:59 | 000,994,872 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2009/07/24 16:05:26 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe

PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe

PRC - [2009/04/27 17:49:24 | 007,310,848 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla FTP Client\filezilla.exe

PRC - [2008/08/08 19:36:15 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2007/11/08 01:26:42 | 001,059,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe

PRC - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

PRC - [2007/04/17 20:24:18 | 044,814,336 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe

PRC - [2006/12/18 15:33:48 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/12 21:27:40 | 000,257,536 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe

PRC - [2006/10/12 21:27:20 | 000,304,640 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMon.exe

PRC - [2004/08/03 19:56:56 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe

PRC - [2004/08/03 19:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/14 04:44:38 | 001,561,600 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091400\algo.dll

MOD - [2011/09/13 19:54:03 | 000,032,768 | ---- | M] () -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\15b19ffc\8f6a4981\App_Web_statsleaders.ascx.50d77b3.x9_jbg7t.dll

MOD - [2011/09/13 19:54:02 | 000,006,144 | ---- | M] () -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\15b19ffc\8f6a4981\App_Web_seasontoolbar.ascx.50d77b3.ljld05qr.dll

MOD - [2011/09/13 19:54:01 | 000,015,872 | ---- | M] () -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\15b19ffc\8f6a4981\App_Web_header.ascx.50d77b3.kmhpmtwg.dll

MOD - [2011/09/13 19:54:01 | 000,005,120 | ---- | M] () -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\15b19ffc\8f6a4981\App_Web_sponsor.ascx.50d77b3.kudlbn-f.dll

MOD - [2011/09/13 19:53:59 | 005,516,800 | ---- | M] () -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\15b19ffc\8f6a4981\assembly\dl3\e03b4598\a46e772e_182acc01\AjaxControlToolkit.DLL

MOD - [2011/09/13 19:47:22 | 005,516,800 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\Microsoft\VisualStudio\9.0\ProjectAssemblies\nmdoirk-01\AjaxControlToolkit.dll

MOD - [2011/09/13 16:37:42 | 001,561,600 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091302\algo.dll

MOD - [2011/09/13 08:07:24 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091400\aswRep.dll

MOD - [2011/09/13 08:07:24 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11091302\aswRep.dll

MOD - [2011/09/09 19:18:19 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/02/09 23:14:58 | 004,106,296 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\pdf.dll

MOD - [2011/02/09 23:13:56 | 000,221,752 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\Locales\en-US.dll

MOD - [2011/02/09 23:13:25 | 000,099,896 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\avutil-50.dll

MOD - [2011/02/09 23:13:23 | 000,197,688 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\avformat-52.dll

MOD - [2011/02/09 23:13:22 | 001,908,280 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\avcodec-52.dll

MOD - [2011/02/09 21:28:59 | 006,104,064 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gcswf32.dll

MOD - [2010/11/07 15:25:48 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2010/07/09 21:28:57 | 003,022,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c0d8d0845a3cb92275188278fdb2a3b0\Microsoft.VisualStudio.Xaml.ni.dll

MOD - [2010/07/09 21:28:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\34e07059bb7b783e90e95ceea3095d31\Microsoft.VisualStudio.WizardFramework.ni.dll

MOD - [2010/07/09 21:28:53 | 001,181,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bb9cc535e4684b06e6df18bdca3e7122\Microsoft.VisualStudio.Windows.Forms.ni.dll

MOD - [2010/07/09 21:28:40 | 000,511,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7ab23e6a17159755e433ad2ca6d9f92d\Microsoft.VisualStudio.Shell.Design.ni.dll

MOD - [2010/07/09 21:28:37 | 000,782,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0b57b98bfc38610381c597de1d1293ad\Microsoft.VisualStudio.Modeling.Sdk.Shell.ni.dll

MOD - [2010/07/09 21:28:36 | 002,383,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\db4eaeb545c5af94b0d03d0b6b287545\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.ni.dll

MOD - [2010/07/09 21:28:34 | 001,309,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\47bb9ad29934888f0155211c1e612edf\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject.ni.dll

MOD - [2010/07/09 21:28:33 | 001,507,840 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0aaa6c884ed47fdac21f77de4f1d63a9\Microsoft.VisualStudio.Modeling.Sdk.ni.dll

MOD - [2010/07/09 21:28:26 | 002,353,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\47af9f3c45f800ad4fb09219f7da1f6c\Microsoft.VisualStudio.EnterpriseTools.ClassDesigner.ni.dll

MOD - [2010/07/09 21:28:24 | 003,253,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5dbcf4c1287c1a7e96e7f5a523a7cb1e\Microsoft.VisualStudio.EnterpriseTools.TypeSystem.ni.dll

MOD - [2010/07/09 21:28:21 | 001,167,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d0f281310c6b0d8e63fa6fed08b2501a\Microsoft.VisualStudio.EnterpriseTools.Shell.ni.dll

MOD - [2010/07/09 21:28:20 | 001,824,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ae1df4f8809d51c95dbab15289d75f78\Microsoft.VisualStudio.Modeling.Diagrams.ni.dll

MOD - [2010/07/09 21:28:18 | 001,362,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a00014203c7f9c1743148dc55df266df\Microsoft.VisualStudio.Modeling.Diagrams.GraphObject.ni.dll

MOD - [2010/07/09 21:28:17 | 000,788,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0caa38a43e935ab09a3ebcbbe9e7a84b\Microsoft.VisualStudio.Modeling.ArtifactMapper.ni.dll

MOD - [2010/07/09 21:28:15 | 002,181,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\39b6167b6199a922718809962e503821\Microsoft.VisualStudio.Modeling.ni.dll

MOD - [2010/07/09 21:28:15 | 000,179,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fa2bc6cea15ba573a7fba8d9018edf00\Microsoft.VisualStudio.EnterpriseTools.ni.dll

MOD - [2010/07/09 21:28:13 | 001,005,568 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e2aeb72c93d6ef4099a42315b9febe08\Microsoft.VisualStudio.VirtualTreeGrid.ni.dll

MOD - [2010/07/09 21:28:06 | 001,435,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\943ce66edb274f11c10ce45bc506ea37\Microsoft.VisualStudio.Design.ni.dll

MOD - [2010/07/09 21:28:02 | 000,680,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\97655f8bc16251db8b444a859aeabc9f\Microsoft.VisualStudio.ni.dll

MOD - [2010/07/09 21:27:04 | 002,199,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SQLEditors\8b28f2bbde72160e85c3d27983f1d08c\SQLEditors.ni.dll

MOD - [2010/07/09 21:27:00 | 000,220,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ObjectExplorerRepli#\ac1b3d0adeacc02c40bfd5adab6dab10\ObjectExplorerReplication.ni.dll

MOD - [2010/07/09 21:26:52 | 003,471,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ObjectExplorer\6e9303f348e4d619e6d410491a7c4955\ObjectExplorer.ni.dll

MOD - [2010/07/09 21:26:42 | 010,546,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SqlManagerUI\fdcc98c50593eaf0bc4a21a3001606cf\SqlManagerUI.ni.dll

MOD - [2010/07/09 21:25:49 | 000,578,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0cbfd31e9f0150642e1ba1ba2603e3d5\Microsoft.SqlServer.SqlTools.VSIntegration.ni.dll

MOD - [2010/07/09 21:25:48 | 008,156,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AppIDPackage\9ab79e55192679fae54d90dce042ca8c\AppIDPackage.ni.dll

MOD - [2010/07/09 21:25:40 | 001,553,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ConnectionDlg\c49e5ac3b6d06b37ab3b8717528f9477\ConnectionDlg.ni.dll

MOD - [2010/07/09 21:25:21 | 000,083,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SqlWorkbench.Interf#\17be9042dd0c8efbf577e2fa61a1a3d1\SqlWorkbench.Interfaces.ni.dll

MOD - [2010/07/09 21:25:20 | 005,296,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SqlMgmt\2c21e67660af1172dabec0182d21e340\SqlMgmt.ni.dll

MOD - [2010/07/09 21:17:03 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b0bd09e51b98488041d62585bb2f8f4c\Microsoft.SqlServer.RegSvrEnum.ni.dll

MOD - [2010/07/09 21:16:59 | 001,229,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3ce6b339b72239e1233d61809b2b752e\Microsoft.SqlServer.SqlEnum.ni.dll

MOD - [2010/07/09 21:16:58 | 004,331,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\801c0709401985934bb597ac816b978c\Microsoft.SqlServer.Smo.ni.dll

MOD - [2010/07/09 21:16:46 | 000,615,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a60d222eda054f19f4fac0524c74f3c3\Microsoft.SqlServer.BatchParser.ni.dll

MOD - [2010/07/09 21:16:46 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\881da3ee4f0febfa772a39cfb0995ef8\Microsoft.SqlServer.ConnectionInfo.ni.dll

MOD - [2010/07/09 21:16:45 | 000,344,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5a2042766cee9460d4ba62865dfe3ca1\Microsoft.SqlServer.SmoEnum.ni.dll

MOD - [2010/07/09 21:16:45 | 000,165,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\20915c57f31efdebb21302f3be07edb5\Microsoft.SqlServer.DataStorage.ni.dll

MOD - [2010/07/09 21:02:12 | 000,530,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\16a42f39de574b65672a6f7b60d47b94\Microsoft.SqlServer.GridControl.ni.dll

MOD - [2010/07/09 21:02:12 | 000,074,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ea2ae783dc512b6a9e62bba0d4f71ecf\Microsoft.SqlServer.CustomControls.ni.dll

MOD - [2010/07/09 21:02:11 | 000,231,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\f900abeac1a34b1ea03de11b1ef647b1\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll

MOD - [2010/07/09 20:50:19 | 000,363,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.BatchParser.dll

MOD - [2010/07/09 20:40:51 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\WebDev.WebHost\9.0.0.0__b03f5f7f11d50a3a\WebDev.WebHost.dll

MOD - [2010/07/09 20:36:48 | 000,641,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Microsoft.VisualStudio.Modeling.Diagrams.GraphObject\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Diagrams.GraphObject.dll

MOD - [2010/07/09 20:36:46 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject.dll

MOD - [2010/07/09 20:36:13 | 000,200,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Services\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Services.dll

MOD - [2010/07/09 20:36:13 | 000,172,032 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Framework\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Framework.dll

MOD - [2010/07/09 20:36:13 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Core\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Core.dll

MOD - [2010/07/09 20:36:10 | 004,386,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VSDesigner\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VSDesigner.dll

MOD - [2010/07/09 20:36:00 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CppCodeProvider\8.0.0.0__b03f5f7f11d50a3a\CppCodeProvider.dll

MOD - [2010/07/09 20:12:32 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/07/09 20:12:31 | 000,486,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

MOD - [2010/07/09 20:12:28 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

MOD - [2010/07/09 20:12:24 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

MOD - [2010/07/09 20:12:23 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2010/07/09 20:12:17 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

MOD - [2010/06/08 21:10:49 | 000,595,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\27ad3762201dbe843e970dab623e0be7\Microsoft.VisualStudio.Shell.Design.ni.dll

MOD - [2010/06/08 21:10:48 | 000,022,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f52daae3504052bf68c32cde71d5d24d\Microsoft.VisualStudio.Designer.Interfaces.ni.dll

MOD - [2010/06/08 20:29:58 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f0d3a4279c8e2e79fbe4e6e0432c3108\Microsoft.VisualStudio.Debugger.Interop.ni.dll

MOD - [2010/06/08 20:29:57 | 004,344,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3c618d0c9e7e4fbcb6fcd6ab796bb93f\Microsoft.VisualStudio.DataTools.ni.dll

MOD - [2010/06/08 20:29:52 | 000,059,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\604e8ccdca0fcf2b5c8b2c9bc5ba3b25\Microsoft.VisualStudio.Data.Interop.ni.dll

MOD - [2010/06/08 20:29:51 | 000,067,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\949dde0ba994a2823313fe4dd8fffa32\Microsoft.VisualStudio.DataTools.Interop.ni.dll

MOD - [2010/06/08 20:29:50 | 000,678,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Data.Conn#\23f020ecbdff5ec1d631378fc9310e18\Microsoft.Data.ConnectionUI.Dialog.ni.dll

MOD - [2010/06/08 20:28:59 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.ReportVie#\955dfb0ceace7971a9758667b274238a\Microsoft.ReportViewer.WinForms.ni.dll

MOD - [2010/06/08 20:28:57 | 000,026,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3f2f81c949d4660d2e1673c8bbb8104a\Microsoft.SqlServer.Instapi.ni.dll

MOD - [2010/06/08 20:28:57 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Data.Conn#\4e954e78e6153bf59071979931ad7438\Microsoft.Data.ConnectionUI.ni.dll

MOD - [2010/06/08 20:28:56 | 000,381,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ba8c6453c37dd200ec9392d51468928b\Microsoft.VisualStudio.Data.ni.dll

MOD - [2010/06/08 20:28:55 | 000,091,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\351e822a6243c1b5b0d1dfdd6bf2bc49\Microsoft.DataWarehouse.SQM.ni.dll

MOD - [2010/06/08 20:28:51 | 000,577,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\efc2eb6ca56427308d481391f06f2676\Microsoft.VisualStudio.Shell.Interop.ni.dll

MOD - [2010/06/08 20:28:50 | 000,281,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8a82707ee93009a5db29387abdd46590\Microsoft.VisualStudio.TextManager.Interop.ni.dll

MOD - [2010/06/08 20:18:36 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1846c2d9b64f3d3ef3a394ecb237a908\Microsoft.SqlServer.SqlTDiagM.ni.dll

MOD - [2010/06/08 20:12:36 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll

MOD - [2010/06/08 20:12:36 | 000,294,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.dll

MOD - [2009/11/03 20:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll

MOD - [2009/07/24 16:05:26 | 000,524,144 | ---- | M] () -- C:\WINDOWS\system32\LcProxy.ax

MOD - [2009/06/02 20:53:25 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\592a8acf828652d43e17a28d2cbdd26e\Microsoft.VisualStudio.Shell.Interop.9.0.ni.dll

MOD - [2009/06/02 20:53:04 | 000,875,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f85781c9aa5920952530b0af278403f3\Microsoft.VisualStudio.Shell.9.0.ni.dll

MOD - [2009/06/02 20:52:45 | 001,872,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\805f3e42eab85672f3ffe100f6891a41\Microsoft.VisualStudio.CommonIDE.ni.dll

MOD - [2009/06/02 20:50:47 | 000,822,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\eb6c53622a66c7044eb9d52b7623ebaf\Microsoft.VisualStudio.Shell.ni.dll

MOD - [2009/06/02 20:50:45 | 000,373,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\595670f02e1eb34d643eb395e27e9136\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll

MOD - [2009/06/02 20:31:14 | 000,671,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommonIDE.dll

MOD - [2009/04/27 17:49:26 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2009/04/27 17:16:36 | 000,006,656 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\mingwm10.dll

MOD - [2008/12/23 00:33:50 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll

MOD - [2008/12/23 00:33:50 | 000,098,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VSLangProj\e129aadcd9943b937f62f41055f89048\VSLangProj.ni.dll

MOD - [2008/12/23 00:33:49 | 001,355,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\43911ac4e29949c57560eee5cb7b76c2\System.WorkflowServices.ni.dll

MOD - [2008/12/23 00:33:38 | 002,209,280 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e5995a34d44ad5af7d9f335075bded4d\System.Web.Mobile.ni.dll

MOD - [2008/12/23 00:33:36 | 000,858,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f288f2cb75465c0f45154079365af9e8\System.Web.Extensions.Design.ni.dll

MOD - [2008/12/23 00:33:33 | 002,400,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6a20b64ad8e2aaa2f40d67ff01fcc708\System.Web.Extensions.ni.dll

MOD - [2008/12/23 00:33:31 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\fbe60d84b9f1ab74e396fb1507f69615\System.Web.Abstractions.ni.dll

MOD - [2008/12/23 00:33:28 | 001,705,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\a3adabee8e63dc76f65710a9c32175fc\System.ServiceModel.Web.ni.dll

MOD - [2008/12/23 00:32:50 | 000,135,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f4ddae492a4a4ce4a2961f3d72d9399\System.Data.DataSetExtensions.ni.dll

MOD - [2008/12/23 00:31:16 | 000,175,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll

MOD - [2008/12/23 00:31:15 | 001,965,568 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll

MOD - [2008/12/23 00:31:11 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll

MOD - [2008/12/23 00:31:10 | 001,886,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll

MOD - [2008/12/23 00:31:09 | 000,074,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll

MOD - [2008/12/23 00:29:49 | 000,276,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\EnvDTE80\e1777a50d7d4b403c4e123ed8b413ea9\EnvDTE80.ni.dll

MOD - [2008/12/23 00:20:29 | 001,191,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\97a3c959d7b0883b9654f983c5e71d77\Microsoft.VisualStudio.vspSqlEnum.ni.dll

MOD - [2008/12/23 00:20:24 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9cb4917fc3ce6e1ef78436a88efa2cbc\Microsoft.VisualStudio.vspSmoEnum.ni.dll

MOD - [2008/12/23 00:20:24 | 000,267,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f452325aab8fe29bebee3806b481cd0c\Microsoft.VisualStudio.vspConnectionInfo.ni.dll

MOD - [2008/12/23 00:20:23 | 000,529,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4b50ebf9892d1182a31a4b3754c2bd41\Microsoft.VisualStudio.vspGridControl.ni.dll

MOD - [2008/12/23 00:20:07 | 000,306,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f4f46a684d6bfb198e493d6c911613cd\Microsoft.VisualStudio.OLE.Interop.ni.dll

MOD - [2008/12/23 00:18:55 | 000,055,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\28ea74096df47800fe2c78bb2b9a4f2a\Microsoft.Vsa.ni.dll

MOD - [2008/12/23 00:18:54 | 002,332,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7d61e63dea85f4f77ea4c13df7651ec7\Microsoft.JScript.ni.dll

MOD - [2008/12/23 00:18:53 | 000,997,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll

MOD - [2008/12/23 00:18:43 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\EnvDTE\5836ab1a74216a09cd6335a7c79d65be\EnvDTE.ni.dll

MOD - [2008/12/23 00:18:39 | 000,255,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll

MOD - [2008/12/23 00:18:34 | 017,313,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll

MOD - [2008/12/23 00:18:18 | 002,338,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll

MOD - [2008/12/23 00:18:14 | 001,056,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll

MOD - [2008/12/22 23:22:53 | 002,510,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\fa206c73f39721cd2c55829b9853de44\System.Data.Linq.ni.dll

MOD - [2008/12/22 23:22:49 | 002,294,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll

MOD - [2008/12/22 23:22:43 | 000,202,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\70764208219715962d310336b5959dfa\System.Web.RegularExpressions.ni.dll

MOD - [2008/12/22 23:22:42 | 001,115,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\57f7cf02ea17b36bc3d9c75c22d0f551\System.Data.OracleClient.ni.dll

MOD - [2008/12/22 23:22:41 | 000,208,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\5f5d64dd0e7991aaaad2d98ee52afe42\System.Drawing.Design.ni.dll

MOD - [2008/12/22 23:22:39 | 010,681,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\204db7071fb26343b0fd3f3d140c0bf8\System.Design.ni.dll

MOD - [2008/12/22 23:22:32 | 001,840,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll

MOD - [2008/12/22 23:22:30 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll

MOD - [2008/12/22 23:22:21 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll

MOD - [2008/12/22 23:22:21 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll

MOD - [2008/12/22 23:22:21 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.Wrapper.dll

MOD - [2008/12/22 23:22:20 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll

MOD - [2008/12/22 23:21:25 | 003,311,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\df20e56b59b1b1a595af305ddc0777ba\WindowsBase.ni.dll

MOD - [2008/12/22 23:21:19 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll

MOD - [2008/12/22 23:21:14 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll

MOD - [2008/12/22 23:21:03 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll

MOD - [2008/12/22 23:21:01 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\01dc643b54310ebc5ab7e4696df426bc\System.Runtime.Serialization.Formatters.Soap.ni.dll

MOD - [2008/12/22 23:21:00 | 000,676,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll

MOD - [2008/12/22 23:20:55 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll

MOD - [2008/12/22 23:20:49 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll

MOD - [2008/12/22 23:20:18 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll

MOD - [2008/12/22 23:19:55 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll

MOD - [2008/12/22 23:15:24 | 000,598,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

MOD - [2008/11/30 09:56:13 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop.dll

MOD - [2008/11/30 09:56:00 | 000,015,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.TemplateWizardInterface\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TemplateWizardInterface.dll

MOD - [2008/05/02 00:15:37 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll

MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2007/03/21 20:53:00 | 000,049,152 | ---- | M] () -- C:\Program Files\Adobe\Adobe Photoshop CS3\QuickTimeGlue.dll

MOD - [2007/03/21 20:52:52 | 000,393,216 | ---- | M] () -- C:\Program Files\Adobe\Adobe Photoshop CS3\AdobeXMP.dll

MOD - [2006/12/18 15:34:45 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2004/08/03 19:56:44 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2004/08/03 19:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/13 13:12:19 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

SRV - [2008/08/08 19:36:15 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)

SRV - [2007/11/06 16:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2007/10/19 14:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)

SRV - [2004/08/03 19:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)

SRV - [2004/08/03 19:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)

SRV - [2004/08/03 19:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

========== Driver Services (SafeList) ==========

DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/12/17 21:40:30 | 000,147,416 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs.sys -- (CbFs)

DRV - [2010/02/03 16:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009/07/24 16:05:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)

DRV - [2009/01/06 20:00:08 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/08/29 18:31:18 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)

DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2007/10/19 14:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007/10/11 22:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/10/11 21:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV - [2007/10/11 21:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)

DRV - [2007/10/11 19:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2007/10/11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007/03/20 11:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)

DRV - [2007/03/15 10:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)

DRV - [2006/09/24 21:23:14 | 000,003,584 | ---- | M] (Realtime Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys -- (UltraMonMirror)

DRV - [2006/09/24 21:22:52 | 000,011,776 | ---- | M] (Realtime Soft) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)

DRV - [2004/11/15 10:09:18 | 000,048,734 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8012U.sys -- (MA8012U)

DRV - [2004/11/11 13:55:44 | 000,025,300 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8012M.sys -- (MA8012M)

DRV - [2004/09/16 17:11:02 | 000,025,300 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8512M.sys -- (MA8512M)

DRV - [2004/09/16 17:11:00 | 000,049,106 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MA8512U.sys -- (MA8512U)

DRV - [2004/09/13 11:11:30 | 000,049,611 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MaRdP2K.sys -- (MaRdPnp)

DRV - [2004/08/23 15:40:04 | 000,011,089 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)

DRV - [2004/08/13 14:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/08/03 17:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.startup.homepage: "google.ca"

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/09 19:18:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/13 12:54:12 | 000,000,000 | ---D | M]

[2009/08/31 19:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Extensions

[2009/08/31 19:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Extensions\home2@tomtom.com

[2011/09/13 12:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions

[2010/05/07 19:13:17 | 000,000,000 | ---D | M] (View Cookies) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}

[2011/08/18 07:01:42 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\piclens@cooliris.com

[2008/12/01 08:03:12 | 000,000,000 | ---D | M] (Player ActiveX) -- C:\Documents and Settings\Mat\Application Data\Mozilla\Firefox\Profiles\9icywbt9.default\extensions\playeractivex@radiopirate.com

[2011/09/13 13:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/08/17 18:56:00 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/09/13 13:12:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9ICYWBT9.DEFAULT\EXTENSIONS\{4093C4DE-454A-4329-8AFF-C6B0B123C386}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9ICYWBT9.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9ICYWBT9.DEFAULT\EXTENSIONS\SROUSSEY@ILLUMINATION-FOR-DEVELOPERS.COM.XPI

[2011/09/09 19:18:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/09/13 13:12:19 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome - Experimental ==========

CHR - default_search_provider "enabled": true,

CHR - default_search_provider "name": "Google",

CHR - default_search_provider "search_url": "{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}",

CHR - default_search_provider "suggest_url": "{google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}"

CHR - plugin - "name": "Chrome PDF Viewer","enabled": true,"path": "C:\\Documents and Settings\\Mat\\Local Settings\\Application Data\\Google\\Chrome\\Application\\9.0.597.98\\pdf.dll",

CHR - plugin - "name": "Google Gears 0.5.33.0","enabled": true,"path": "C:\\Documents and Settings\\Mat\\Local Settings\\Application Data\\Google\\Chrome\\Application\\9.0.597.98\\gears.dll",

CHR - plugin - "name": "Shockwave Flash","enabled": true,"path": "C:\\Documents and Settings\\Mat\\Local Settings\\Application Data\\Google\\Chrome\\Application\\9.0.597.98\\gcswf32.dll",

CHR - plugin - "name": "Adobe Acrobat","enabled": true,"path": "C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Browser\\nppdf32.dll",

CHR - plugin - "name": "2007 Microsoft Office system","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\NPOFF12.DLL",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin.dll",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin2.dll",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin3.dll",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin4.dll",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin5.dll",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin6.dll",

CHR - plugin - "name": "QuickTime Plug-in 7.6.8","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin7.dll",

CHR - plugin - "name": "AOL Media Playback Plugin","enabled": true,"path": "C:\\Program Files\\Mozilla Firefox\\plugins\\npunagi2.dll",

CHR - plugin - "name": "Microsoft\u00AE DRM","enabled": true,"path": "C:\\Program Files\\Windows Media Player\\npdrmv2.dll",

CHR - plugin - "name": "Windows Media Player Plug-in Dynamic Link Library","enabled": true,"path": "C:\\Program Files\\Windows Media Player\\npdsplay.dll",

CHR - plugin - "name": "Microsoft\u00AE DRM","enabled": true,"path": "C:\\Program Files\\Windows Media Player\\npwmsdrm.dll",

CHR - plugin - "name": "Google Update","enabled": true,"path": "C:\\Documents and Settings\\Mat\\Local Settings\\Application Data\\Google\\Update\\1.2.183.39\\npGoogleOneClick8.dll",

CHR - plugin - "name": "Silverlight Plug-In","enabled": true,"path": "C:\\Program Files\\Microsoft Silverlight\\4.0.50401.0\\npctrl.dll",

CHR - plugin - "name": "iTunes Application Detector","enabled": true,"path": "C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll",

CHR - plugin - "name": "Windows Presentation Foundation","enabled": true,"path": "C:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll",

CHR - plugin - "name": "Shockwave Flash","enabled": true,"path": "C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32.dll",

CHR - plugin - "name": "Default Plug-in","enabled": true,"path": "default_plugin",

CHR - Extension - "name": "WhiteSmoke Bar", - C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bakaaanikglogbgdnnkhieaaadpnkggc\2.3.0.8_0\

CHR - Extension - "name": "Firebug Lite", - C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bnbbfjbeaefgipfjpdabmpadaacmafkj\1.27\

CHR - Extension - "name": "Click to call with Skype", - C:\Documents and Settings\Mat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\

O1 HOSTS File: ([2011/09/12 17:04:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (IGMONObj Class) - {02464DDC-3187-11D8-8004-0020ED227566} - C:\Program Files\iGetter\Integration\IGMON.dll (Presenta Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE File not found

O4 - HKLM..\Run: [ultraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)

O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ZumoDrive] C:\Program Files\Zecter\ZumoDrive\ZumoLauncher.lnk ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: ulaval.ca ([vpn-externe1] https in Trusted sites)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E276E4-1DF9-404E-87A1-742999E5A951}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found

O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found

O24 - Desktop WallPaper: C:\Documents and Settings\Mat\My Documents\My Wallpapers\Default.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mat\My Documents\My Wallpapers\Default.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found

O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found

O29 - HKLM SecurityProviders - (schannel.dll) - File not found

O29 - HKLM SecurityProviders - (digest.dll) - File not found

O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/05/31 12:53:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/13 14:52:35 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTLx.exe

[2011/09/13 13:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Local Settings\Application Data\Sun

[2011/09/13 13:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/09/13 13:12:36 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2011/09/13 13:12:36 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2011/09/13 13:12:36 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2011/09/13 13:12:36 | 000,128,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2011/09/13 12:56:03 | 000,892,328 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Mat\Desktop\jre-7-windows-i586-iftw.exe

[2011/09/13 12:55:11 | 021,323,656 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Mat\Desktop\jre-7-windows-x64.exe

[2011/09/13 12:23:02 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/09/13 10:37:15 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.exe

[2011/09/13 07:51:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/09/12 16:23:58 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/09/12 16:20:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/09/12 16:20:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/09/12 16:20:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/09/12 16:20:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/09/12 16:20:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/09/12 16:20:25 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/09/12 16:12:49 | 004,204,602 | R--- | C] (Swearware) -- C:\Documents and Settings\Mat\Desktop\ComboFix.exe

[2011/09/11 17:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/09/11 17:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Start Menu\Programs\HiJackThis

[2011/09/11 14:57:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\TFC.exe

[2011/09/11 10:22:31 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Mat\Desktop\spybotsd162.exe

[2011/09/11 10:09:42 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mat\Desktop\TDSSKiller.exe

[2011/09/11 09:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2011/09/11 09:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Start Menu\Programs\Revo Uninstaller

[2011/09/11 09:59:07 | 002,617,176 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Mat\Desktop\revosetup.exe

[2011/09/11 09:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/09/11 09:57:03 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/09/11 09:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/09/11 09:56:28 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mat\Desktop\mbam-setup-1.51.1.1800(1).exe

[2011/09/06 23:11:24 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll

[2011/09/06 23:08:14 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2011/09/06 23:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\WhiteSmoke

[2011/09/06 23:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Local Settings\Application Data\Conduit

[2011/09/06 23:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft

[2011/09/05 19:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mat\Application Data\iGetter

[2011/09/05 19:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\iGetter

[2011/08/17 18:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

========== Files - Modified Within 30 Days ==========

[2011/09/14 11:06:11 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTLx.exe

[2011/09/14 10:22:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1958367476-725345543-1003UA.job

[2011/09/14 07:22:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1958367476-725345543-1003Core.job

[2011/09/13 19:54:29 | 000,001,849 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\logo_emm.png

[2011/09/13 16:46:45 | 000,008,128 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/09/13 13:36:37 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2011/09/13 13:32:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/09/13 13:12:18 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2011/09/13 13:12:18 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2011/09/13 13:12:18 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2011/09/13 13:12:18 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2011/09/13 13:12:18 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2011/09/13 12:56:04 | 000,892,328 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Mat\Desktop\jre-7-windows-i586-iftw.exe

[2011/09/13 12:55:42 | 021,323,656 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Mat\Desktop\jre-7-windows-x64.exe

[2011/09/13 12:54:13 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

[2011/09/13 10:37:14 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\OTL.exe

[2011/09/13 07:52:04 | 000,271,360 | ---- | M] () -- C:\Personal Folders(1).pst

[2011/09/13 07:50:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/09/13 07:07:31 | 004,204,602 | R--- | M] (Swearware) -- C:\Documents and Settings\Mat\Desktop\ComboFix.exe

[2011/09/12 17:04:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/09/12 16:24:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/09/12 08:02:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\0y3hzzj2.exe

[2011/09/12 08:01:42 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\dds.scr

[2011/09/12 08:00:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mat\defogger_reenable

[2011/09/12 08:00:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Defogger.exe

[2011/09/11 17:06:22 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\HiJackThis.lnk

[2011/09/11 17:06:06 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\HijackThis.msi

[2011/09/11 15:16:08 | 000,001,734 | -H-- | M] () -- C:\Documents and Settings\Mat\My Documents\Default.rdp

[2011/09/11 14:57:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mat\Desktop\TFC.exe

[2011/09/11 10:23:00 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Mat\Desktop\spybotsd162.exe

[2011/09/11 09:59:18 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Revo Uninstaller.lnk

[2011/09/11 09:59:10 | 002,617,176 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Mat\Desktop\revosetup.exe

[2011/09/11 09:56:42 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mat\Desktop\mbam-setup-1.51.1.1800(1).exe

[2011/09/11 09:45:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/09/10 21:08:10 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mat\Desktop\TDSSKiller.exe

[2011/09/09 14:29:03 | 002,111,200 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\publications-et-travaux-de-robert-pages.pdf

[2011/09/08 10:25:09 | 000,176,905 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\chap7_chauvet role du conseiller.pdf

[2011/09/08 10:24:55 | 000,240,640 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Blanchard 2003 role du conseiller et plus.pdf

[2011/09/08 10:24:28 | 000,053,458 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\BilanDeCompetenceTexteDeLemoine role du conseiller.pdf

[2011/09/08 10:24:10 | 000,061,501 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\bilan contexte et autoorientation.pdf

[2011/09/08 10:24:03 | 003,270,174 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\bc tous les points tres bien.pdf

[2011/09/08 10:23:35 | 000,176,905 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\approche experiencielle chauvet.pdf

[2011/09/07 00:00:03 | 012,919,695 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\tigerKorivo.mpg.FLV

[2011/09/06 23:11:24 | 000,438,272 | ---- | M] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll

[2011/09/06 17:15:06 | 000,007,675 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Web.config

[2011/09/06 16:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2011/09/06 16:36:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2011/09/06 16:36:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2011/09/06 16:33:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2011/09/06 15:41:32 | 000,231,424 | ---- | M] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/05 18:52:34 | 000,000,390 | ---- | M] () -- C:\Documents and Settings\Mat\Desktop\Shortcut to download.lnk

[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/08/24 13:07:06 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Mat\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk

========== Files Created - No Company Name ==========

[2011/09/13 19:54:30 | 000,001,849 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\logo_emm.png

[2011/09/13 12:54:13 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk

[2011/09/13 12:54:13 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

[2011/09/13 07:50:37 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2011/09/12 16:24:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/09/12 16:24:04 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/09/12 16:20:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/09/12 16:20:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/09/12 16:20:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/09/12 16:20:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/09/12 16:20:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/09/12 08:02:28 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\0y3hzzj2.exe

[2011/09/12 08:01:38 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\dds.scr

[2011/09/12 08:00:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mat\defogger_reenable

[2011/09/12 08:00:23 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Defogger.exe

[2011/09/11 17:06:22 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\HiJackThis.lnk

[2011/09/11 17:06:04 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\HijackThis.msi

[2011/09/11 09:59:18 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Revo Uninstaller.lnk

[2011/09/09 14:28:50 | 002,111,200 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\publications-et-travaux-de-robert-pages.pdf

[2011/09/08 10:25:09 | 000,176,905 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\chap7_chauvet role du conseiller.pdf

[2011/09/08 10:24:55 | 000,240,640 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Blanchard 2003 role du conseiller et plus.pdf

[2011/09/08 10:24:29 | 000,053,458 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\BilanDeCompetenceTexteDeLemoine role du conseiller.pdf

[2011/09/08 10:24:11 | 000,061,501 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\bilan contexte et autoorientation.pdf

[2011/09/08 10:23:56 | 003,270,174 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\bc tous les points tres bien.pdf

[2011/09/08 10:23:36 | 000,176,905 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\approche experiencielle chauvet.pdf

[2011/09/06 23:59:52 | 012,919,695 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\tigerKorivo.mpg.FLV

[2011/09/06 23:11:25 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini

[2011/09/06 23:11:25 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini

[2011/09/06 17:13:30 | 000,007,675 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Web.config

[2011/09/05 18:52:34 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\Mat\Desktop\Shortcut to download.lnk

[2011/02/16 20:05:06 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI

[2011/02/16 20:05:06 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini

[2011/02/16 20:05:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2011/02/16 20:05:05 | 000,009,868 | ---- | C] () -- C:\WINDOWS\HL-2140.INI

[2011/02/16 20:05:02 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2011/02/16 20:05:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2140.DAT

[2011/02/16 20:04:29 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2010/08/22 16:48:15 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/08/22 16:48:12 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/08/22 16:48:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/08/22 16:47:36 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2010/04/18 16:39:56 | 000,291,928 | ---- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\debuggee.mdmp

[2010/04/11 10:00:03 | 000,014,490 | -HS- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\1744532929

[2010/04/11 10:00:03 | 000,014,490 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1744532929

[2010/04/11 09:48:14 | 000,014,482 | -HS- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\nmA24FsrylC7

[2010/04/11 09:48:14 | 000,014,482 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\nmA24FsrylC7

[2010/03/07 16:31:58 | 000,193,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/02/13 10:36:12 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Mat\Application Data\setup_ldm.iss

[2010/02/13 10:27:56 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

[2010/01/14 21:08:29 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2009/12/03 10:08:17 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/05/17 15:38:52 | 000,008,128 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/03/01 11:55:40 | 000,000,573 | ---- | C] () -- C:\WINDOWS\label.ini

[2008/12/20 13:16:02 | 000,000,211 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/12/07 18:17:57 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe

[2008/12/07 18:17:57 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2008/12/07 18:17:56 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe

[2008/12/07 18:17:56 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe

[2008/12/07 18:17:56 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe

[2008/11/30 10:08:08 | 000,000,306 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/09/08 20:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI

[2008/09/08 20:11:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI

[2008/09/08 19:19:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI

[2008/09/08 19:12:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MelodyExe.INI

[2008/09/08 19:09:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI

[2008/09/08 08:06:45 | 000,000,200 | ---- | C] () -- C:\WINDOWS\QCPC60UI.dat

[2008/08/29 18:31:18 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys

[2008/06/14 11:02:30 | 000,057,284 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2008/06/07 07:35:39 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\fusioncache.dat

[2008/06/07 07:29:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini

[2008/06/04 10:47:01 | 000,231,424 | ---- | C] () -- C:\Documents and Settings\Mat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/05/31 19:55:53 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008/05/31 19:53:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/05/31 16:34:09 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2008/05/31 16:33:03 | 000,014,139 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008/05/31 16:17:17 | 000,014,383 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2008/05/31 16:16:38 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008/05/31 16:16:17 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008/05/31 16:14:33 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2008/05/31 16:10:51 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini

[2008/05/31 16:10:51 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini

[2008/05/31 16:10:41 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini

[2008/05/31 16:10:40 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

[2008/05/31 16:10:38 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini

[2008/05/31 12:56:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/05/31 12:50:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/05/31 07:57:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/05/31 07:56:22 | 001,560,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/05/02 22:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/11/26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2007/10/11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2004/08/03 20:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2004/08/03 19:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2003/01/21 01:20:21 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\AJ820503.bin

[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 08:00:00 | 000,688,790 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/08/23 08:00:00 | 000,164,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FEBE414

< End of report >

Link to post
Share on other sites

Yes, no more White Smoke at last!

I cant thank you enough Elise, nothing less then stellar support.

Now, final questions,

Are you aware of the nature of this malware? is it really nasty ? can it compromise the data on my PC and the credential that i have been using on some banking site ?

Cnn i expect any lingering effects of this ?

Also, you mention uTorrent earlier, im mainly using PirateBay, IsoHunt and btJunkie for movie and music, any way of using these sites safely ?

Thanks again

Mat

Link to post
Share on other sites

WhiteSmoke itself isn't very harmful, although it is persistent, but it often is seen in combination with a rootkit (not in your cause), which could compromise data.

As for the Chrome remnants, thanks to OldTimer, for adding a few features to the OTL scan. :)

Also, you mention uTorrent earlier, im mainly using PirateBay, IsoHunt and btJunkie for movie and music, any way of using these sites safely ?

These sites share a lot of illegally distributed material, which is obviously illegal. However on top of that, illegal p2p downloads often come together with the latest malware. If you continue to use them, no matter the site you get them from, you will most likely be reinfected sooner or later.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.