Hello, For about a month now, an error message pops up from time to time saying "Windows Explorer has stopped working," followed by another "Windows Explorer is restarting." This closes all my folders and makes the computer glitch for a few seconds. This message appears frequently. I think it's a virus, since I received one that my antivirus was supposed to have eliminated... How can I get rid of it? -- Sometimes it's better to remain silent and appear a fool than to speak and remove all doubt.

use this then run this antimalware, do as indicated Download Malwarebytes Anti-Malware (MBAM): also very useful for ad problems but not all unfortunately Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe Malwarebytes Anti-Malware Tutorial: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm do as indicated, update, complete scan in safe mode, and the reports. PASTE THE REPORT AFTER REMOVAL THANK YOU. keep it and run a scan every month as indicated. if you have Ad-Aware you can uninstall it because it no longer recognizes much. -- As long as we believe all the nonsense we can be told on a global scale, we will continue to head straight for the wall, even accelerating towards it. WAKE UP OF OUR LIVES.

Windows Explorer has stopped working : CCM

Réponse 1 / 22

totobetourne Posted messages 5677 Status Membre 65

How is your computer behaving?

Does Navilog work now?
--
As long as we believe all the nonsense that can be told to us on a global scale, we will continue to head straight for the wall, and even accelerate towards it.
WAKE UP OF OUR LIVES.

Réponse 2 / 22

totobetourne Posted messages 5677 Status Membre 65

Hello

1) For Vista if infected.

Disable User Account Control (you will reactivate it after your cleanup: IMPORTANT NOT TO FORGET):

- Go to Start then Control Panel
- Double-click on the "User Accounts" icon
- Then click on disable and confirm.

http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html

2) Download Random's System Information Tool (RSIT) from random/random and save the executable on your Desktop.

-> http://images.malwareremoval.com/random/RSIT.exe

! Disconnect and close all your running applications!

Double-click on "RSIT.exe" to launch it.

-> A first window opens with the title: "Disclaimer of warranty".

* In front of the option "List files/folders created ...", select: 2 months

* then click on "Continue" to start the scan ...

-> let the scan run and don't touch the PC ...

When the scan is finished, two text files will open (probably with Notepad).

Post the content of "log.txt" (the one that appears on the screen), as well as "info.txt" (which you will see in the taskbar), for analysis and wait for further instructions ...

Important: post one report, then the other in the next response
If you try to post both at the same time, it may take too long for the forum

(Note: the reports will also be saved in this folder -> C:\rsit)

--
As long as we believe all the nonsense that can be told to us on a global scale, we will continue to go straight into the wall, even accelerating toward it.
WAKE UP FROM OUR LIVES.

yoan-of-13 Posted messages 21 Status Membre 9

OK thanks for your quick reply, I'll try and keep you updated.
--
Sometimes it's better to remain silent and be thought of as a fool than to speak up and dispel all doubts.

yoan-of-13 Posted messages 21 Status Membre 9

Log file de l'outil d'informations système de random 1.05 (écrit par random/random)
Exécuté par vincent13 le 2009-03-15 11:51:22
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
Le disque système C: a 82 Go (72%) libres sur 114 Go
RAM totale : 764 Mo (24% libre)

Logfile de Trend Micro HijackThis v2.0.2
Analyse sauvegardée à 11:51:55, le 15/03/2009
Plateforme : Windows Vista SP1 (WinNT 6.00.1905)
MSIE : Internet Explorer v7.00 (7.00.6001.18000)
Mode de démarrage : Normal

Processus en cours :
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\vincent13\AppData\Local\cuwqaie.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\vincent13\Desktop\RSIT.exe
C:\Program Files\trend micro\vincent13.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Page de recherche = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Page de démarrage = fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,URL de page par défaut = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,URL de recherche par défaut = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Page de recherche = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Page de démarrage = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Assistant de recherche =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Personnaliser la recherche =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,Nom du dossier des liens =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (pas de nom) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (pas de fichier)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Aide de la barre d'outils Windows Live - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Gestionnaire d'identifiants pour HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Barre d'outils : Barre d'outils Windows Live - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [InfoSCC] "C:\ordina13 help\MessageSCC.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [cuwqaie] "c:\users\vincent13\appdata\local\cuwqaie.exe" cuwqaie
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Utilisateur 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Utilisateur 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Utilisateur 'SERVICE RÉSEAU')
O4 - Démarrage : OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Démarrage global : DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Élément de menu contextuel supplémentaire : &Recherche Windows Live - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Élément de menu contextuel supplémentaire : Ajouter aux &Favoris Windows Live - https://onedrive.live.com/?id=favorites
O9 - Bouton supplémentaire : (pas de nom) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Élément de menu 'Outils' supplémentaire : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Préfixe Gopher :
O17 - HKLM\Système\CCS\Services\Tcpip\..\{27FBC33F-C641-4290-A369-AA5211750AC3}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: APSHook.dll
O23 - Service : ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service : Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service : Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service : Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service : Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service : AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service : Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service : Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service : Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service : Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service : getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service : HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service : Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service : hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service : HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service : Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service : IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service : RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service : Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service : stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
Fin du fichier - 9233 octets

====== Dossier des tâches planifiées ======

C:\Windows\tasks\User_Feed_Synchronization-{E81EC49E-6831-4221-8D98-A3310C6CFB82}.job
C:\Windows\tasks\User_Feed_Synchronization-{EC327CCD-C48B-4018-B271-534BCFDA36D2}.job
C:\Windows\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

====== Dump du registre ======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Classe SSVHelper - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Aide de la barre d'outils Windows Live - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Gestionnaire d'identifiants pour HP ProtectTools - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2008-05-21 58128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Barre d'outils Windows Live - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1045800]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
""= []
"accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-15 293168]
"CognizanceTS"=C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2008-05-21 24848]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-04-21 197904]
"InfoSCC"=C:\ordina13 help\MessageSCC.exe [2008-06-30 245493]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [2008-03-19 3842048]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2008-06-02 238984]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1314816]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-02-20 1443072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"cuwqaie"=c:\users\vincent13\appdata\local\cuwqaie.exe [2009-03-14 219648]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

C:\Users\vincent13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

====== Liste des fichiers/dossiers créés au cours des 3 derniers mois ======

2009-03-15 11:51:23 ----D---- C:\Program Files\trend micro
2009-03-15 11:51:22 ----D---- C:\rsit
2009-03-15 11:31:16 ----D---- C:\ProgramData\NortonInstaller
2009-03-15 10:53:17 ----A---- C:\Windows\ntbtlog.txt
2009-03-14 19:58:56 ----D---- C:\Users\vincent13\AppData\Roaming\live-player
2009-03-14 19:58:56 ----D---- C:\Program Files\Live-Player
2009-03-11 16:22:48 ----D---- C:\Users\vincent13\AppData\Roaming\DivX
2009-03-11 16:10:26 ----D---- C:\Program Files\DivX
2009-03-11 10:21:06 ----A---- C:\Windows\system32\wmp.dll
2009-03-11 10:21:03 ----A---- C:\Windows\system32\spwmp.dll
2009-03-11 10:21:03 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-11 10:21:00 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-11 10:20:55 ----A---- C:\Windows\system32\schannel.dll
2009-02-28 20:12:21 ----D---- C:\Program Files\Enigma Software Group
2009-02-28 19:22:15 ----D---- C:\Program Files\Unlocker
2009-02-28 19:10:29 ----A---- C:\Windows\system32\vcredist_x86.exe
2009-02-28 19:10:29 ----A---- C:\Windows\system32\readme.txt
2009-02-28 19:10:29 ----A---- C:\Windows\system32\license.txt
2009-02-28 19:10:26 ----D---- C:\Windows\system32\lib
2009-02-28 19:10:23 ----D---- C:\Windows\system32\inc
2009-02-28 12:20:40 ----D---- C:\Program Files\Bonjour
2009-02-21 15:59:27 ----D---- C:\Program Files\CCleaner
2009-02-18 16:25:10 ----D---- C:\Users\vincent13\AppData\Roaming\Malwarebytes
2009-02-18 16:25:00 ----D---- C:\ProgramData\Malwarebytes
2009-02-12 12:44:13 ----D---- C:\Users\vincent13\AppData\Roaming\Blumentals
2009-02-12 12:44:13 ----D---- C:\Program Files\Screensaver Factory 4 Pro
2009-02-12 09:22:49 ----D---- C:\Users\vincent13\AppData\Roaming\Wireshark
2009-02-12 09:19:27 ----D---- C:\Program Files\HHD Software
2009-02-11 19:23:12 ----D---- C:\ProgramData\NOS
2009-02-11 19:23:12 ----D---- C:\Program Files\NOS
2009-02-11 10:40:53 ----D---- C:\Program Files\eMule
2009-02-11 10:33:46 ----A---- C:\Windows\system32\csdlocalmon.dll
2009-02-11 10:33:09 ----D---- C:\Program Files\iriver
2009-02-11 09:23:30 ----A---- C:\Windows\system32\mshtml.dll
2009-02-11 09:23:19 ----A---- C:\Windows\system32\ieframe.dll
2009-02-11 09:23:09 ----A---- C:\Windows\system32\urlmon.dll
2009-02-11 09:23:06 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-11 09:23:02 ----A---- C:\Windows\system32\wininet.dll
2009-02-11 09:22:59 ----A---- C:\Windows\system32\mstime.dll
2009-02-11 09:22:55 ----A---- C:\Windows\system32\iertutil.dll
2009-02-11 09:22:50 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-09 11:29:49 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-09 11:29:49 ----A---- C:\Windows\system32\infocardapi.dll
2009-02-09 11:29:47 ----A---- C:\Windows\system32\icardres.dll
2009-02-09 11:29:47 ----A---- C:\Windows\system32\icardagt.exe
2009-02-09 11:29:46 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-02-09 11:29:44 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-02-09 11:29:39 ----A---- C:\Windows\system32\PresentationHost.exe
2009-02-09 11:23:32 ----A---- C:\Windows\system32\dfshim.dll
2009-02-09 11:23:30 ----A---- C:\Windows\system32\netfxperf.dll
2009-02-09 11:23:30 ----A---- C:\Windows\system32\mscoree.dll
2009-02-09 11:23:19 ----A---- C:\Windows\system32\mscorier.dll
2009-02-09 11:23:14 ----A---- C:\Windows\system32\mscories.dll
2009-02-08 17:16:40 ----D---- C:\Program Files\Roman Bowl
2009-02-07 12:40:47 ----D---- C:\Program Files\Audacity
2009-02-07 12:33:43 ----D---- C:\ProgramData\SiComponents
2009-02-07 12:33:18 ----D---- C:\Program Files\Common Files\DVDVIDEOSOFT
2009-02-07 12:33:10 ----D---- C:\Program Files\DVDVIDEOSOFT
2009-02-06 12:35:56 ----A---- C:\Windows\system32\LegitCheckControl.DLL
2009-01-31 19:11:49 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2009-01-31 19:11:45 ----D---- C:\Program Files\Samsung
2009-01-28 16:08:06 ----D---- C:\Program Files\SupraASCIIArt
2009-01-28 13:13:15 ----D---- C:\Users\vincent13\AppData\Roaming\LimeWire
2009-01-26 20:19:45 ----D---- C:\Users\vincent13\AppData\Roaming\FLV Extract
2009-01-26 20:16:33 ----D---- C:\Users\vincent13\AppData\Roaming\FMZilla
2009-01-26 20:16:33 ----D---- C:\downloads
2009-01-26 19:28:12 ----D---- C:\Program Files\StuffPlug3
2009-01-25 16:53:31 ----D---- C:\Users\vincent13\AppData\Roaming\Morpheus Software
2009-01-22 18:41:04 ----D---- C:\Program Files\PhotoFiltre
2009-01-22 18:30:41 ----D---- C:\Users\vincent13\AppData\Roaming\Apple Computer
2009-01-22 18:29:54 ----A---- C:\Windows\system32\GEARAspi.dll
2009-01-22 18:29:53 ----DC---- C:\Windows\system32\DRVSTORE
2009-01-22 18:29:30 ----D---- C:\Program Files\iPod
2009-01-22 18:29:25 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-22 18:29:25 ----D---- C:\Program Files\iTunes
2009-01-22 18:28:01 ----D---- C:\Program Files\QuickTime
2009-01-22 18:27:58 ----D---- C:\ProgramData\Apple Computer
2009-01-22 18:27:00 ----D---- C:\Program Files\Apple Software Update
2009-01-22 18:26:22 ----D---- C:\ProgramData\Apple
2009-01-22 18:26:22 ----D---- C:\Program Files\Common Files\Apple
2009-01-16 21:21:24 ----D---- C:\Users\vincent13\AppData\Roaming\InterVideo
2009-01-16 21:18:55 ----D---- C:\Users\vincent13\AppData\Roaming\dvdcss
2009-01-11 17:03:00 ----D---- C:\Users\vincent13\AppData\Roaming\WinRAR
2009-01-11 17:01:51 ----D---- C:\Program Files\WinRAR
2009-01-10 13:12:27 ----D---- C:\ProgramData\EscapeTheMuseum
2009-01-10 13:05:05 ----SHD---- C:\Users\vincent13\AppData\Roaming\.#
2009-01-08 12:25:00 ----D---- C:\Program Files\SuperCopier2
2009-01-08 12:10:35 ----D---- C:\Program Files\7-Zip
2009-01-07 14:50:15 ----D---- C:\Users\vincent13\AppData\Roaming\vlc
2009-01-07 14:32:55 ----D---- C:\Program Files\VideoLAN
2008-12-29 14:43:58 ----D---- C:\Users\vincent13\AppData\Roaming\Encyclopedie Hachette
2008-12-27 12:09:42

yoan-of-13 Posted messages 21 Status Membre 9

Report info.txt

info.txt logfile of random's system information tool 1.05 2009-03-15 11:52:00

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
7-Zip 4.64-->"C:\Program Files\7-Zip\Uninstall.exe"
ActivClient 6.1 x86-->MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - French-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
WinRAR Archive-->C:\Program Files\WinRAR\uninstall.exe
Windows Live Connection Assistant-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AuthenTec Fingerprint System-->MsiExec.exe /I{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom NetXtreme Ethernet Controller-->MsiExec.exe /X{FC57FC53-104C-415C-98D7-B05E659461A9}
Broadcom Wireless Network Adapter 802.11-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Catalyst Control Center - Branding-->MsiExec.exe /I{30BF4E6C-D866-46F7-A4F6-81A45E97706E}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Credential Manager for HP ProtectTools-->rundll32.exe "C:\Program Files\Hewlett-Packard\IAM\Bin\SetupHelper.dll",ExecMain /Uninstall {0F98662A-EA83-414F-8766-3FCE46A32641}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drive Encryption for HP ProtectTools-->MsiExec.exe /I{F657EF23-08BB-4C8D-B688-78C20FA657EA}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Hachette Multimedia Encyclopedia (uninstall)-->"C:\Program Files\Hachette\EHM\uninstall.exe"
ESET Smart Security-->MsiExec.exe /I{6EEF0EA7-391F-4CBF-9047-C4C85F6A930F}
Eset-NOD32: Fix Dasumo v3 until 2029-->C:\Program Files\ESET\uninstall.exe
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Favorite-->c:\users\vincent13\appdata\local\cuwqaie.bat
Free Video to Mp3 Converter version 2.7-->"C:\Program Files\DVDVIDEOSOFT\Free Video to Mp3 Converter\unins000.exe"
Windows Live Photo Gallery-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HHD Software Free Hex Editor 3.12-->"C:\Program Files\HHD Software\Hex Editor 3.x\Uninstaller.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP 3D DriveGuard-->MsiExec.exe /X{E44FFEA5-177E-4C5C-9EE1-33C8E3F2755B}
HP Help and Support-->MsiExec.exe /X{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}
HP JavaCard for HP ProtectTools-->MsiExec.exe /I{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}
HP MULTIPLE MODEM INSTALLER for VISTA-->MsiExec.exe /I{45A136EC-88BF-4B95-99F5-C45D3930E1CC}
HP ProtectTools Security Manager Suite-->C:\Windows\Installer\HPPTSuiteInstallEngine.exe /uninstall=C:\Windows\Installer\36243100.msi
HP ProtectTools Security Manager-->MsiExec.exe /I{CABCDCC9-31F6-407E-ADD1-9D48BC6B17EB}
HP Quick Launch Buttons 6.40 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c -removeonly uninst
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Wireless Assistant-->MsiExec.exe /I{340F521E-3576-4E1A-B75C-EB0ACF751379}
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iriver plus 3 (remove only)-->"C:\Program Files\iriver\iriver plus 3\uninstall.exe"
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Live-Player-->C:\Program Files\Live-Player\uninst.exe
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{820B6609-4C97-3A2B-B644-573B06A0F0CC}
Microsoft .NET Framework 3.5 SP1 Language Module- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenOffice.org 2.4 Language Pack (French)-->MsiExec.exe /I{D2BE6521-F81C-4EC6-8887-A8BBC0B0786B}
OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Photostory 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Roman Bowl-->"C:\Program Files\Roman Bowl\ReflexiveArcade\unins000.exe"
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Business v10-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Business-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD-->MsiExec.exe /I{30A2A953-DEB1-466A-B660-F4399C7C6B9D}
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Screensaver Factory 4 Pro-->"C:\Program Files\Screensaver Factory 4 Pro\unins000.exe"
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x040c -removeonly
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StuffPlug 3-->C:\Program Files\StuffPlug3\Uninstall.exe
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Highlighter (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET Personal Firewall
AS: ESET Smart Security 3.0

System event log

Computer Name: Vincent
Event Code: 7036
Message: The Windows HTTP Services Automatic Proxy Discovery service has entered the state: running.
Record Number: 50281
Source Name: Service Control Manager
Time Written: 20090315104927.000000-000
Event Type: Information
User:

Computer Name: Vincent
Event Code: 8033
Message: The browser has forced an election on the network \Device\NetBT_Tcpip_{27FBC33F-C641-4290-A369-AA5211750AC3} because a master browser has stopped.
Record Number: 50282
Source Name: BROWSER
Time Written: 20090315105131.000000-000
Event Type: Information
User:

Computer Name: Vincent
Event Code: 4202
Message: The system has detected that the network adapter Wireless Network Connection 2 is disconnected from the network; its network configuration has been abandoned. If the network adapter is not disconnected, it may be malfunctioning. Try updating the network adapter driver.
Record Number: 50283
Source Name: Tcpip
Time Written: 20090315105131.329200-000
Event Type: Information
User:

Computer Name: Vincent
Event Code: 4202
Message: The system has detected that the network adapter Wireless Network Connection 2 is disconnected from the network; its network configuration has been abandoned. If the network adapter is not disconnected, it may be malfunctioning. Try updating the network adapter driver.
Record Number: 50284
Source Name: Tcpip
Time Written: 20090315105131.625600-000
Event Type: Information
User:

Computer Name: Vincent
Event Code: 10002
Message: The WLAN extensibility module has stopped.

Module path: C:\Windows\System32\bcmihvsrv.dll

Record Number: 50285
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090315105133.170000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: Vincent
Event Code: 0
Message: The service successfully handled PowerEvent.
Record Number: 7424
Source Name: HP ProtectTools Service
Time Written: 20090315104435.000000-000
Event Type: Information
User:

Computer Name: Vincent
Event Code: 0
Message: The service successfully handled PowerEvent.
Record Number: 7425
Source Name: HP ProtectTools Service
Time Written: 20090315104511.000000-000
Event Type: Information
User:

Computer Name: Vincent
Event Code: 0
Message: The service successfully handled PowerEvent.
Record Number: 7426
Source Name: HP ProtectTools Service
Time Written: 20090315104512.000000-000
Event Type: Information
User:

Computer Name: Vincent
Event Code: 1000
Message: Faulting application Explorer.EXE, version 6.0.6001.18164, timestamp 0x4907e242, faulting module ntdll.dll, version 6.0.6001.18000, timestamp 0x4791a7a6, exception code 0xc0000005, offset 0x00047dd2, process id 0xcb8, start time of application 0x01c9a554d5a53ce7.
Record Number: 7427
Source Name: Application Error
Time Written: 20090315104806.000000-000
Event Type: Error
User:

Computer Name: Vincent
Event Code: 1002
Message: The environment has stopped unexpectedly and explorer.exe has restarted.
Record Number: 7428
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090315104810.000000-000
Event Type: Information
User:

Security event log

Computer Name: Vincent
Event Code: 5038
Message: Code integrity has determined that the hash of a file's image is not valid. The file may be corrupted due to unauthorized modification or the invalid hash may indicate a potential disk unit error.

File name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14117
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090315105153.436400-000
Event Type: Audit failure
User:

Computer Name: Vincent
Event Code: 5038
Message: Code integrity has determined that the hash of a file's image is not valid. The file may be corrupted due to unauthorized modification or the invalid hash may indicate a potential disk unit error.

File name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14118
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090315105153.514400-000
Event Type: Audit failure
User:

Computer Name: Vincent
Event Code: 5038
Message: Code integrity has determined that the hash of a file's image is not valid. The file may be corrupted due to unauthorized modification or the invalid hash may indicate a potential disk unit error.

File name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14119
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090315105153.592400-000
Event Type: Audit failure
User:

Computer Name: Vincent
Event Code: 5038
Message: Code integrity has determined that the hash of a file's image is not valid. The file may be corrupted due to unauthorized modification or the invalid hash may indicate a potential disk unit error.

File name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14120
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090315105153.639200-000
Event Type: Audit failure
User:

Computer Name: Vincent
Event Code: 5038
Message: Code integrity has determined that the hash of a file's image is not valid. The file may be corrupted due to unauthorized modification or the invalid hash may indicate a potential disk unit error.

File name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 14121
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090315105153.670400-000
Event Type: Audit failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files\Hewlett-Packard\IAM\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=1
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"EMC_AUTOPLAY"=C:\Program Files\Common Files\Roxio Shared\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

--
Sometimes it is better to remain silent and be thought a fool than to speak and remove all doubt.

gaudele

Logfile of random's system information tool 1.08 (written by random/random)
Run by Cathy at 2010-09-17 13:30:54
Microsoft® Windows Vista(TM) Home Basic Edition Service Pack 2
System drive C: has 27 GB (38%) free of 71 GB
Total RAM: 767 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:31:25, on 17/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orange\Orange Sync Software\Voxsync.exe
C:\Program Files\Hercules\WiFi Station for Livebox\WiFiLB.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Orange\Orange Sync Software\SyncManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\RSIT.exe
C:\Program Files\trend micro\Cathy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar with pop-up blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Assistant helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar with pop-up blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Cathy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orange Sync Software.lnk = ?
O4 - Global Startup: WiFi Station for Livebox.lnk = C:\Program Files\Hercules\WiFi Station for Livebox\WiFiLB.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Download All with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download All Videos with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menu item: &Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll/206 (file missing)
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Certificate Delivery Module MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - http://contacts.orange.fr/wfr_webab/VoxsyncX.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: HP CUE DeviceDiscovery Service (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) -

gaudele

```html info.txt logfile of random's system information tool 1.08 2010-09-17 13:31:40

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
802.11 USB Wireless LAN Adapter-->C:\Windows\system32\unwlsdrv.exe SiS163u
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eMode Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Reader 9.3.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Windows Live Connection Assistant-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
BitComet 1.22-->C:\Program Files\BitComet\uninst.exe
CometBird (3.6.6)-->C:\Program Files\CometBird\uninstall\helper.exe
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x040c
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_223E2B8E7BAD9544.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hercules WiFi Station for Livebox-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe -runfromtemp -l0x040c -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Windows Live Installation-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Installation-->MsiExec.exe /I{133742BA-6F46-4D3E-85AF-78631D9AD8B8}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
LimeWire 5.5.10-->"C:\Program Files\LimeWire\uninstall.exe"
WinRAR Archiving Software-->C:\Program Files\WinRAR\uninstall.exe
Orange Synchronization Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2EBC2F1-B766-4AE3-A10C-6EBBC1EE3B02}\setup.exe" -l0x40c -removeonly
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile FRA Language Pack-->MsiExec.exe /X{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}
Microsoft .NET Framework 3.5 SP1 Language Pack - fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Microsoft .NET Framework 4 Client Profile FRA Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1036 /parameterfolder ClientLP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
Orange Voice Mail Plug-in 888-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}\Setup.exe" -l0x40c --AddRemove
Windows Live Download Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Office 2007 (KB934528)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-002F-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Windows Live Call-->MsiExec.exe /I{B3B487E7-6171-4376-9074-B28082CEB504}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Messenger-->MsiExec.exe /X{445B183D-F4F1-45C8-B9DB-F11355CA657B}
Yahoo! Toolbar with pop-up blocker-->C:\PROGRA~1\Yahoo!\common\unyt.exe

======Security center information======

AV: avast! Antivirus
AS: Windows Defender
AS: avast! Antivirus

======System event log======

Computer Name: PC-de-Cathy
Event Code: 57
Message: The system could not empty the transaction log data. Data might be corrupted.
Record Number: 96222
Source Name: volsnap
Time Written: 20100817144247.365200-000
Event Type: Warning
User:

Computer Name: PC-de-Cathy
Event Code: 57
Message: The system could not empty the transaction log data. Data might be corrupted.
Record Number: 96221
Source Name: volsnap
Time Written: 20100817144242.334200-000
Event Type: Warning
User:

Computer Name: PC-de-Cathy
Event Code: 57
Message: The system could not empty the transaction log data. Data might be corrupted.
Record Number: 96220
Source Name: volsnap
Time Written: 20100817144237.313200-000
Event Type: Warning
User:

Computer Name: PC-de-Cathy
Event Code: 57
Message: The system could not empty the transaction log data. Data might be corrupted.
Record Number: 96219
Source Name: volsnap
Time Written: 20100817144232.302200-000
Event Type: Warning
User:

Computer Name: PC-de-Cathy
Event Code: 57
Message: The system could not empty the transaction log data. Data might be corrupted.
Record Number: 96218
Source Name: volsnap
Time Written: 20100817144227.224200-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: PC-de-Cathy
Event Code: 1530
Message: Windows has detected that your Registry file is still in use by other applications or services. The file will be unloaded. Applications or services that have access to your Registry may not function correctly afterward.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-663912834-2552467733-3157150852-1000:
Process 544 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-663912834-2552467733-3157150852-1000

Record Number: 739
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100712113243.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: PC-de-Cathy
Event Code: 8194
Message: Volume Shadow Copy Service error: error querying the IVssWriterCallback interface. hr = 0x80070005. This error is often due to incorrect security settings in the writer or requester process.

Operation:
Writer data being collected

Context:
Writer class ID: {e8132975-6f93-4464-a53e-1050253ae220}
Writer name: System Writer
Writer instance ID: {f7d94b22-4a5f-4d53-b4d3-6fd9a053c5c4}
Record Number: 734
Source Name: VSS
Time Written: 20100712113123.000000-000
Event Type: Error
User:

Computer Name: PC-de-Cathy
Event Code: 1008
Message: The Windows Search service is attempting to delete the old catalog.

Record Number: 486
Source Name: Microsoft-Windows-Search
Time Written: 20100712111939.000000-000
Event Type: Warning
User:

Computer Name: LH-183N2DA2QYTI
Event Code: 1036
Message: Failed to InitializePrintProvider for provider inetpp.dll. This may occur due to system instability or a lack of system resources.
Record Number: 454
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20100712110957.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LH-183N2DA2QYTI
Event Code: 1530
Message: Windows has detected that your Registry file is still in use by other applications or services. The file will be unloaded. Applications or services that have access to your Registry may not function correctly afterward.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3435342520-3187486475-2238804463-500:
Process 2544 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3435342520-3187486475-2238804463-500\Software\Microsoft\Windows\CurrentVersion\Explorer

Record Number: 420
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20070506212844.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: LH-183N2DA2QYTI
Event Code: 1100
Message: The event logging service has been stopped.
Record Number: 372
Source Name: Microsoft-Windows-Eventlog
Time Written: 20070506212845.592800-000
Event Type: Audit Success
User:

Computer Name: LH-183N2DA2QYTI
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 371
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20070506212823.737729-000
Event Type: Audit Success
User:

Computer Name: LH-183N2DA2QYTI
Event Code: 4624
Message: An account logon was successful.

Subject:
Security ID: S-1-5-18
Account Name: LH-183N2DA2QYTI$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x29c
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transmission Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon is created. It is generated on the computer where the logon was performed.

The Object field indicates the account on the local system that requested the logon. This is most often a service, such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the type of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon field indicates the account for which the new logon was created, for example, the account that logged on.
```

Réponse 3 / 22

totobetourne Posted messages 5677 Status Membre 65

1) Download navilog1
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Follow the instructions. On the main menu, choose 1 and confirm.
(do not choose 2, 3, or 4 without our advice/approval)
Wait until the message:
*** Analysis Completed on ..... ***
Press a key as requested, Notepad will open.
Copy and paste the entire content into a response. Close Notepad.
The report is also saved at the root of the disk (fixnavi.txt)

2) Hi,

When you reach the main menu, choose option 2 and confirm (automatic "cleaning").

The fix will then ask you to "restart the PC", close all open windows
and press a key as requested. (if the PC does not restart automatically, do it manually)
Upon restarting the PC, choose the usual session if necessary.

Wait until the message: "Cleaning Completed on ..."

The desktop will return, then Notepad will open.
Save this report in a way that you can find it later, then close Notepad ...
(The report will also be saved at the root of disk "C:\cleannavi.txt")

Post this report in your new response for analysis and await further instructions ...

(PS: If the desktop does not reappear, press CTRL+ALT+DELETE to open Task Manager.
Select the processes tab. Click on file at the top left and choose run,
Type explorer and confirm.)
--
As long as we believe all the nonsense that can be told to us on a global scale, we will continue to head straight into the wall or even accelerate towards it.
WAKE UP FROM OUR LIVES.

yoan-of-13 Posted messages 21 Status Membre 9

It doesn't work, an error message says that GetPaths.exe has stopped working...
--
Sometimes it's better to stay silent and be thought a fool than to speak and remove all doubt.

voila :)

Fix Navipromo version 4.1.1 started on 08/23/2013 10:13:39,21

!!! Warning, this report may indicate legitimate files/programs!!!
!!! Post this report on the forum to have it analyzed !!!

Tool executed from C:\navilog1

Updated on 04/07/2012 at 20:00 by IL-MAFIOSO

Microsoft® Windows Vista(TM) Home Premium Edition ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU U2300 @ 1.20GHz )
BIOS : Phoenix SecureCore(tm) NB Version 02CX.M003.20090825.KSY
USER : rocco ( Not Administrator ! )
BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:120 Go (Free:42 Go)
D:\ (Local Disk) - NTFS - Total:98 Go (Free:49 Go)

Search executed in normal mode

[b]No Navipromo/Egdaccess Infection found[/b]

*** Scan completed 08/23/2013 10:15:52,22 ***

Réponse 4 / 22

totobetourne Posted messages 5677 Status Membre 65

Have you done the 1) of my first message.
--
As long as we believe all the nonsense that can be told to us on a global scale, we will continue to go straight into the wall or even speed up towards it.
WAKE UP TO OUR LIVES.

yoan-of-13 Posted messages 21 Status Membre 9

No, I couldn't. It keeps saying "Access denied" and it closes the program before I can reach the main menu.
--
Sometimes, it's better to remain silent and come off as a fool than to speak and clear up all doubts.

Réponse 5 / 22

totobetourne Posted messages 5677 Status Membre 65

at this moment, right-click on the navilog icon and give it administrator rights.

it's good to tell me in advance if what I'm proposing doesn't work.
--
As long as we believe all the nonsense that can be told to us on a global scale, we will continue to head straight for the wall, or even accelerate towards it.
WAKE UP TO OUR LIVES.

Réponse 6 / 22

yoan-of-13 Posted messages 21 Status Membre 9

Uh....
How do we do that ??
--
Sometimes it's better to remain silent and be thought a fool than to speak up and remove all doubt.

Réponse 7 / 22

totobetourne Posted messages 5677 Status Membre 65

do as instructed I can't tell you more. for the right click it's with your mouse when you're on the navilog icon that you click on it but instead of clicking with the left button you do it with the right button.
--
As long as we believe all the nonsense that can be told to us on a global scale, we will continue to head straight for the wall or even accelerate towards it.
WAKE UP OUR LIVES.

Réponse 8 / 22

yoan-of-13 Posted messages 21 Status Membre 9

Yeah, I understood about the right-click but there's nowhere to give admin rights and when I run as administrator it doesn't do anything.
--
Sometimes it's better to remain silent and be thought of as a fool than to speak up and remove all doubt.

Réponse 9 / 22

yoan-of-13 Posted messages 21 Status Membre 9

OK thanks, I'll give it a try
--
Sometimes it's better to remain silent and be thought a fool than to speak up and remove all doubt.

Réponse 10 / 22

yoan-of-13 Posted messages 21 Status Membre 9

Here is the report:

Malwarebytes' Anti-Malware 1.34
Database version: 1883
Windows 6.0.6001 Service Pack 1

03/22/2009 12:48:17
mbam-log-2009-03-22 (12-48-17).txt

Scan type: Complete scan (C:\|)
Items examined: 211786
Elapsed time: 32 minute(s), 37 second(s)

Infected memory process(es): 0
Infected memory module(s): 0
Infected registry key(s): 4
Infected registry value(s): 0
Infected registry data item(s): 0
Infected folder(s): 0
Infected file(s): 4

Infected memory process(es):
(No harmful items detected)

Infected memory module(s):
(No harmful items detected)

Infected registry key(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.

Infected registry value(s):
(No harmful items detected)

Infected registry data item(s):
(No harmful items detected)

Infected folder(s):
(No harmful items detected)

Infected file(s):
C:\Users\vincent13\Local Settings\Application Data\cuwqaie_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\vincent13\Local Settings\Application Data\cuwqaie_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\vincent13\Local Settings\Application Data\cuwqaie.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\vincent13\Local Settings\Application Data\cuwqaie.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.

--
Sometimes it's better to remain silent and be thought a fool than to speak and remove all doubt.

Réponse 11 / 22

yoan-of-13 Posted messages 21 Status Membre 9

Yes, now navilog is working. I'm doing the analysis and I'll send you the report in the next post.
--
Sometimes it's better to remain silent and be thought a fool than to speak and dispel all doubt.

Réponse 12 / 22

yoan-of-13 Posted messages 21 Status Membre 9

Search Navipromo version 3.7.6 started on 22/03/2009 at 17:13:55.12

!!! Warning, this report may indicate legitimate files/programs!!!
!!! Post this report on the forum for analysis!!!
!!! Do not start the cleanup process without a specialist's advice!!!

Tool executed from C:\Program Files\navilog1

Updated on 14.03.2009 at 18:00 by IL-MAFIOSO

Microsoft® Windows Vista™ Home Basic Edition (v6.0.6001) Service Pack 1
X86-based PC (Multiprocessor Free: AMD Sempron(tm) SI-40)
BIOS: Default System BIOS
USER: vincent13 (Administrator)
BOOT: Normal boot

Antivirus: ESET Smart Security 3.0 3.0 (Activated)
Firewall: ESET Personal Firewall 3.0.642.0 (Activated)

C:\ (Local Disk) - NTFS - Total: 111 GB (Free: 86 GB)
D:\ (CD or DVD) - CDFS - Total: 0 GB (Free: 0 GB)

Search executed in normal mode

*** Searching folders in "C:\Windows" ***

*** Searching folders in "C:\Program Files" ***

...\Live-Player found!

*** Searching folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***

...\Live-Player found!

*** Searching folders in "c:\progra~2\micros~1\windows\startm~1" ***

*** Searching folders in "C:\ProgramData" ***

*** Searching folders in "c:\users\vincen~1\appdata\roaming\micros~1\windows\startm~1\programs" ***

*** Searching folders in "C:\Users\vincent13\AppData\Local\virtualstore\Program Files" ***

*** Searching folders in "C:\Users\AdminSAV\AppData\Local\virtualstore\Program Files" ***

*** Searching folders in "C:\Users\vincent13\AppData\Local" ***

*** Searching folders in "C:\Users\AdminSAV\AppData\Local" ***

*** Searching folders in "C:\Users\vincent13\AppData\Roaming" ***

...\Live-Player found!

*** Searching folders in "C:\Users\AdminSAV\appdata\roaming" ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info: http://www.gmer.net

*** Search with GenericNaviSearch ***
!!! All these results may reveal legitimate files!!!
!!! Must be verified before any manual deletion!!!

* Searching in "C:\Windows\system32" *

* Searching in "C:\Users\vincent13\AppData\Local\Microsoft" *

* Searching in "C:\Users\vincent13\AppData\Local\virtualstore\windows\system32" *

* Searching in "C:\Users\vincent13\AppData\Local" *

* Searching in "C:\Users\AdminSAV\AppData\Local" *

*** Searching files ***

c:\users\public\desktop\Live-Player.lnk found!

*** Searching specific keys in the Registry ***
!! The found keys are not necessarily infected !!

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cuwqaie"="\"c:\\users\\vincent13\\appdata\\local\\cuwqaie.exe\" cuwqaie"

*** Additional Search Module ***
(Searching specific files)

1) Searching for new Instant Access files:

2) Heuristic Search:

* In "C:\Windows\system32":

* In "C:\Users\vincent13\AppData\Local\Microsoft":

* In "C:\Users\vincent13\AppData\Local\virtualstore\windows\system32":

* In "C:\Users\vincent13\AppData\Local":

cuwqaie.bat found!

* In "C:\Users\AdminSAV\AppData\Local":

3) Searching Certificates:

Egroup certificate absent!
Electronic-Group certificate absent!
Montorgueil certificate absent!
OOO-Favorit certificate absent!
Sunny-Day-Design-Ltd certificate absent!

4) Searching other known folders and files:

*** Analysis completed on 22/03/2009 at 17:39:23.25 ***

--
Sometimes it is better to remain silent and be thought a fool than to speak and remove all doubt.

Réponse 13 / 22

totobetourne Posted messages 5677 Status Membre 65

look if you can launch navilog on option 2 now.
--
As long as we believe all the nonsense we can be told on a global scale, we will continue to head straight for the wall, indeed even accelerate towards it.
WAKE UP FROM OUR LIVES.

Réponse 14 / 22

yoan-of-13 Posted messages 21 Status Membre 9

I chose option 2, I'll send you the report in the next post. Thank you ^^
--
Sometimes it's better to remain silent and be thought of as a fool than to speak and dispel all doubts.

Réponse 15 / 22

yoan-of-13 Posted messages 21 Status Membre 9

Clean Navipromo version 3.7.6 started on 03/23/2009 at 18:32:22.56

Tool executed from C:\Program Files\navilog1

Updated on 03/14/2009 at 6:00 PM by IL-MAFIOSO

Microsoft® Windows Vista™ Basic Home Edition (v6.0.6001) Service Pack 1
X86-based PC (Multiprocessor Free: AMD Sempron(tm) SI-40)
BIOS: Default System BIOS
USER: vincent13 (Administrator)
BOOT: Normal boot

Antivirus: ESET Smart Security 3.0 3.0 (Activated)
Firewall: ESET Personal Firewall 3.0.642.0 (Activated)

C:\ (Local Disk) - NTFS - Total: 111 GB (Free: 85 GB)
D:\ (CD or DVD) - CDFS - Total: 0 GB (Free: 0 GB)

Automatic deletion mode
with support for results Catchme and GNS

Cleaning executed at computer restart

*** fsbl1.txt not found ***
(Ensure Catchme found nothing during the search)

*** Deletion with backups results GenericNaviSearch ***

* Deletion in "C:\Windows\System32" *

* Deletion in "C:\Users\vincent13\AppData\Local\Microsoft" *

* Deletion in "C:\Users\vincent13\AppData\Local\virtualstore\windows\system32" *

* Deletion in "C:\Users\vincent13\AppData\Local" *

* Deletion in "C:\Users\AdminSAV\AppData\Local" *

*** Deletion folders in "C:\Windows" ***

*** Deletion folders in "C:\Program Files" ***

...\Live-Player ...deleting...
...\Live-Player deleted!

*** Deletion folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***

...\Live-Player ...deleting...
...\Live-Player deleted!

*** Deletion folders in "c:\progra~2\micros~1\windows\startm~1" ***

*** Deletion folders in "C:\ProgramData" ***

*** Deletion folders in c:\users\vincen~1\appdata\roaming\micros~1\windows\startm~1\programs ***

*** Deletion folders in "C:\Users\AdminSAV\appdata\roaming\micros~1\windows\startm~1\programs" ***

*** Deletion folders in "C:\Users\vincent13\AppData\Local\virtualstore\Program Files" ***

*** Deletion folders in "C:\Users\AdminSAV\AppData\Local\virtualstore\Program Files" ***

*** Deletion folders in "C:\Users\vincent13\AppData\Local" ***

*** Deletion folders in "C:\Users\AdminSAV\AppData\Local" ***

*** Deletion folders in "C:\Users\vincent13\AppData\Roaming" ***

...\Live-Player ...deleting...
...\Live-Player deleted!

*** Deletion folders in "C:\Users\AdminSAV\appdata\roaming" ***

*** Deletion files ***

c:\users\public\desktop\Live-Player.lnk deleted!

*** Deletion temporary files ***

Cleaning contents of C:\Windows\Temp completed!
Cleaning contents of C:\Users\VINCEN~1\AppData\Local\Temp completed!

*** Processing Additional Search ***
(Searching for specific files)

1)Deletion with backups new files Instant Access:

2)Search, create backups, and Heuristic deletion:

* In "C:\Windows\system32" *

* In "C:\Users\vincent13\AppData\Local\Microsoft" *

* In "C:\Users\vincent13\AppData\Local\virtualstore\windows\system32" *

* In "C:\Users\vincent13\AppData\Local" *

cuwqaie.bat found!
Copy of cuwqaie.bat completed successfully!
cuwqaie.bat deleted!

* In "C:\Users\AdminSAV\AppData\Local" *

*** Registry Backup to Safebackup folder ***

Registry backup completed successfully!

*** Registry Cleaning ***

Registry Cleaning Ok

*** Certificates ***

Egroup Certificate absent!
Electronic-Group Certificate absent!
Montorgueil Certificate absent!
OOO-Favorit Certificate absent!
Sunny-Day-Design-Ltdt Certificate absent!

*** Search for other known folders and files ***

*** Cleaning completed on 03/23/2009 at 18:57:21.38 ***

--
Sometimes it's better to remain silent and be thought a fool than to speak and remove all doubt.

Réponse 16 / 22

totobetourne Posted messages 5677 Status Membre 65

It is now okay

1) remove rsit and navilog keep malwarebyte.

2) to remove temporary files

to do every 15 days or so.

• Download CCLeaner and install it on the desktop while refusing the installation of the Yahoo toolbar.
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner

• Close all applications
• Launch CCLeaner
If it is not in French click on Options, Setting, Language
and select French
• check in the Cleaner menu - Windows tab:
Internet Explorer: Temporary Internet Files, Cookies
• System: Empty the Recycle Bin, Temporary Files, Clipboard
• Advanced: Old Prefetch data
• Uncheck in the Options menu - Advanced submenu:
Only delete files from the Windows temp folder older than 48 hours
• Check in the Cleaner menu - Applications tab: Internet: Sun Java
• Check, if possible, in the Cleaner menu - Applications tab:
Firefox/Mozilla: Internet Cache, Cookies
• Click on Analyze
• Click on the Run Cleaner button in the Cleaner menu.
• Click on Registry
• Select all
• Click on Find Errors (At the bottom)

Once the scan is complete select all
• Click on Repair Selected Errors

3) switch to mozilla 3 instead of internet explorer because it is much safer.

http://www.commentcamarche.net/telecharger/telecharger 111 firefox

do what is indicated in this link to better secure firefox.
https://www.malekal.com/securiser-le-navigateur-web-firefox-2/

especially NO SCRIPT (stops Java and Adobe programs automatically, prevents infections via scripts
so you need to allow certain sites of yours to be able to read texts or videos)

effective on unknown or dubious sites.
--
As long as we believe all the nonsense that can be told to us on a global scale, we will continue to head straight for the wall, even accelerating towards it.
WAKE UP OF OUR LIVES.

Réponse 17 / 22

yoan-of-13 Posted messages 21 Status Membre 9

Ok, thank you very much!!!!
It hasn't happened to me since the analysis with Malwarebytes.
--
Sometimes it's better to stay silent and be thought a fool than to talk and dispel all doubts.

Réponse 18 / 22

jordan2701 Posted messages 56 Registration date Status Membre 8

I have exactly the same problem, but I think it's because Vista is still under SP1. When SP2 comes out, many problems will be resolved.

Réponse 19 / 22

totobetourne Posted messages 5677 Status Membre 65

he was disgusting that's why the problems are being solved.

during a transition from SP1 to SP2, many problems will be resolved and many others will arise.
--
As long as we believe all the nonsense we are told, we will continue to head straight for the wall.
WAKE UP FROM OUR LIVES.

Réponse 20 / 22

Mel_Gibson Posted messages 315 Status Membre 148

Hello, there can be several solutions to this problem:

1st solution (IT DISABLES A PROTECTION --> AT YOUR OWN RISK (for me, who had the same problem under XP, it worked)):

In Windows Explorer, right-click on 'Computer' --> 'Properties' --> 'Advanced System Settings'
--> Performance (if you want to disable visual effects to increase performance, it's here by the way)
--> Data Execution Prevention tab
--> Turn on DEP for essential Windows programs and services only, EXCEPT FOR THOSE I SELECT
--> Click Add, C:\Windows\Explorer.exe
--> Apply

2nd solution It may come from a dll that needs to be removed:

https://forum.zebulon.fr/topic/122256-explorateur-windows-a-cess%C3%A9-de-fonctionner/

3rd solution, the problem could come from Firefox:
[quote]Crazy trick. I tried the manipulation suggested by a guy and it works!

I quote:

1) Launch Firefox
2) Go to Tools > Options > Privacy
3) Select "Use Custom Settings for History"
4) Uncheck everything
5) Check "Clear History when Firefox closes"/quote

Source: http://forum.canardpc.com/threads/41587-RESOLU-windows-7-Plantage-incessant-de-l-explorer?p=2733245#post2733245

4th solution format (-_-)
If the problem persists after formatting/reinstalling Windows, usually it's the last option to fix issues related to Windows, then it's caused by other things.

When you formatted/reinstalled Windows,
did you install any other programs before testing?
I recommend formatting/reinstalling and not adding any programs or peripherals (only mouse and keyboard)
That means just after the installation is complete and your desktop appears, repeat the same operations.
If the problem does not appear then install the programs one by one, starting with the internet.

Windows Explorer has stopped working

22 réponses

Canon mb5350 - cartridge replacement impossible

Texture issues in enshrouded

Football manager (club management game)

Select next line csh foreach

Win32 kamso then rootkit detection

Win32:spyware-gen [trj] detected by avast

Unknown video error on the freebox player

Make it or break it

How to open a cbr file

Please log in with manager privileges.