Windows Explorer has stopped working

Solved
yoan-of-13 Posted messages 21 Status Member -  
 voila :) -
Hello,

For about a month now, an error message pops up from time to time saying "Windows Explorer has stopped working," followed by another "Windows Explorer is restarting."
This closes all my folders and makes the computer glitch for a few seconds. This message appears frequently. I think it's a virus, since I received one that my antivirus was supposed to have eliminated...
How can I get rid of it?

--
Sometimes it's better to remain silent and appear a fool than to speak and remove all doubt.
Configuration: Windows Vista Firefox 3.0.1

22 answers

  • 1
  • 2
  1. totobetourne Posted messages 5677 Status Member 65
     
    How is your computer behaving?

    Does Navilog work now?
    --
    As long as we believe all the nonsense that can be told to us on a global scale, we will continue to head straight for the wall, and even accelerate towards it.
    WAKE UP OF OUR LIVES.
    1
  2. totobetourne Posted messages 5677 Status Member 65
     
    Hello

    1) For Vista if infected.

    Disable User Account Control (you will reactivate it after your cleanup: IMPORTANT NOT TO FORGET):

    - Go to Start then Control Panel
    - Double-click on the "User Accounts" icon
    - Then click on disable and confirm.

    http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html

    2) Download Random's System Information Tool (RSIT) from random/random and save the executable on your Desktop.

    -> http://images.malwareremoval.com/random/RSIT.exe

    ! Disconnect and close all your running applications!

    Double-click on "RSIT.exe" to launch it.

    -> A first window opens with the title: "Disclaimer of warranty".

    * In front of the option "List files/folders created ...", select: 2 months

    * then click on "Continue" to start the scan ...

    -> let the scan run and don't touch the PC ...

    When the scan is finished, two text files will open (probably with Notepad).

    Post the content of "log.txt" (the one that appears on the screen), as well as "info.txt" (which you will see in the taskbar), for analysis and wait for further instructions ...

    Important: post one report, then the other in the next response
    If you try to post both at the same time, it may take too long for the forum

    (Note: the reports will also be saved in this folder -> C:\rsit)

    --
    As long as we believe all the nonsense that can be told to us on a global scale, we will continue to go straight into the wall, even accelerating toward it.
    WAKE UP FROM OUR LIVES.
    0
    1. yoan-of-13 Posted messages 21 Status Member 9
       
      OK thanks for your quick reply, I'll try and keep you updated.
      --
      Sometimes it's better to remain silent and be thought of as a fool than to speak up and dispel all doubts.
      0
    2. yoan-of-13 Posted messages 21 Status Member 9
       
      Log file de l'outil d'informations système de random 1.05 (écrit par random/random)
      Exécuté par vincent13 le 2009-03-15 11:51:22
      Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
      Le disque système C: a 82 Go (72%) libres sur 114 Go
      RAM totale : 764 Mo (24% libre)

      Logfile de Trend Micro HijackThis v2.0.2
      Analyse sauvegardée à 11:51:55, le 15/03/2009
      Plateforme : Windows Vista SP1 (WinNT 6.00.1905)
      MSIE : Internet Explorer v7.00 (7.00.6001.18000)
      Mode de démarrage : Normal

      Processus en cours :
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\ESET\ESET Smart Security\egui.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Users\vincent13\AppData\Local\cuwqaie.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.EXE
      C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
      C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      C:\Program Files\ActivIdentity\ActivClient\acevents.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\conime.exe
      C:\Windows\explorer.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Users\vincent13\Desktop\RSIT.exe
      C:\Program Files\trend micro\vincent13.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Page de recherche = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Page de démarrage = fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,URL de page par défaut = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,URL de recherche par défaut = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Page de recherche = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Page de démarrage = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Assistant de recherche =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Personnaliser la recherche =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,Nom du dossier des liens =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (pas de nom) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (pas de fichier)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Aide de la barre d'outils Windows Live - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Gestionnaire d'identifiants pour HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
      O3 - Barre d'outils : Barre d'outils Windows Live - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
      O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
      O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
      O4 - HKLM\..\Run: [InfoSCC] "C:\ordina13 help\MessageSCC.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
      O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKCU\..\Run: [cuwqaie] "c:\users\vincent13\appdata\local\cuwqaie.exe" cuwqaie
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Utilisateur 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Utilisateur 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Utilisateur 'SERVICE RÉSEAU')
      O4 - Démarrage : OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
      O4 - Démarrage global : DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
      O8 - Élément de menu contextuel supplémentaire : &Recherche Windows Live - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Élément de menu contextuel supplémentaire : Ajouter aux &Favoris Windows Live - https://onedrive.live.com/?id=favorites
      O9 - Bouton supplémentaire : (pas de nom) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Élément de menu 'Outils' supplémentaire : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O13 - Préfixe Gopher :
      O17 - HKLM\Système\CCS\Services\Tcpip\..\{27FBC33F-C641-4290-A369-AA5211750AC3}: NameServer = 192.168.1.1
      O20 - AppInit_DLLs: APSHook.dll
      O23 - Service : ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
      O23 - Service : Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
      O23 - Service : Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
      O23 - Service : Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service : Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service : AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
      O23 - Service : Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service : Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      O23 - Service : Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
      O23 - Service : Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      O23 - Service : getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
      O23 - Service : HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
      O23 - Service : Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
      O23 - Service : hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service : HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
      O23 - Service : Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service : IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      O23 - Service : RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
      O23 - Service : Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
      O23 - Service : stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

      --
      Fin du fichier - 9233 octets

      ====== Dossier des tâches planifiées ======

      C:\Windows\tasks\User_Feed_Synchronization-{E81EC49E-6831-4221-8D98-A3310C6CFB82}.job
      C:\Windows\tasks\User_Feed_Synchronization-{EC327CCD-C48B-4018-B271-534BCFDA36D2}.job
      C:\Windows\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

      ====== Dump du registre ======

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
      Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
      Classe SSVHelper - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
      Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
      Aide de la barre d'outils Windows Live - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
      Gestionnaire d'identifiants pour HP ProtectTools - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2008-05-21 58128]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Barre d'outils Windows Live - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
      "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1045800]
      "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
      ""= []
      "accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-15 293168]
      "CognizanceTS"=C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2008-05-21 24848]
      "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456]
      "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
      "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
      "WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-04-21 197904]
      "InfoSCC"=C:\ordina13 help\MessageSCC.exe [2008-06-30 245493]
      "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
      "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [2008-03-19 3842048]
      "PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2008-06-02 238984]
      "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1314816]
      "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
      "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
      "egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-02-20 1443072]

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
      "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
      "cuwqaie"=c:\users\vincent13\appdata\local\cuwqaie.exe [2009-03-14 219648]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
      DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

      C:\Users\vincent13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
      OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLS"="APSHook.dll"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
      "notification packages"=scecli
      ASWLNPkg

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "EnableLUA"=0
      "dontdisplaylastusername"=0
      "legalnoticecaption"=
      "legalnoticetext"=
      "shutdownwithoutlogon"=1
      "undockwithoutlogon"=1
      "EnableUIADesktopToggle"=0

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

      ====== Liste des fichiers/dossiers créés au cours des 3 derniers mois ======

      2009-03-15 11:51:23 ----D---- C:\Program Files\trend micro
      2009-03-15 11:51:22 ----D---- C:\rsit
      2009-03-15 11:31:16 ----D---- C:\ProgramData\NortonInstaller
      2009-03-15 10:53:17 ----A---- C:\Windows\ntbtlog.txt
      2009-03-14 19:58:56 ----D---- C:\Users\vincent13\AppData\Roaming\live-player
      2009-03-14 19:58:56 ----D---- C:\Program Files\Live-Player
      2009-03-11 16:22:48 ----D---- C:\Users\vincent13\AppData\Roaming\DivX
      2009-03-11 16:10:26 ----D---- C:\Program Files\DivX
      2009-03-11 10:21:06 ----A---- C:\Windows\system32\wmp.dll
      2009-03-11 10:21:03 ----A---- C:\Windows\system32\spwmp.dll
      2009-03-11 10:21:03 ----A---- C:\Windows\system32\dxmasf.dll
      2009-03-11 10:21:00 ----A---- C:\Windows\system32\wmploc.DLL
      2009-03-11 10:20:55 ----A---- C:\Windows\system32\schannel.dll
      2009-02-28 20:12:21 ----D---- C:\Program Files\Enigma Software Group
      2009-02-28 19:22:15 ----D---- C:\Program Files\Unlocker
      2009-02-28 19:10:29 ----A---- C:\Windows\system32\vcredist_x86.exe
      2009-02-28 19:10:29 ----A---- C:\Windows\system32\readme.txt
      2009-02-28 19:10:29 ----A---- C:\Windows\system32\license.txt
      2009-02-28 19:10:26 ----D---- C:\Windows\system32\lib
      2009-02-28 19:10:23 ----D---- C:\Windows\system32\inc
      2009-02-28 12:20:40 ----D---- C:\Program Files\Bonjour
      2009-02-21 15:59:27 ----D---- C:\Program Files\CCleaner
      2009-02-18 16:25:10 ----D---- C:\Users\vincent13\AppData\Roaming\Malwarebytes
      2009-02-18 16:25:00 ----D---- C:\ProgramData\Malwarebytes
      2009-02-12 12:44:13 ----D---- C:\Users\vincent13\AppData\Roaming\Blumentals
      2009-02-12 12:44:13 ----D---- C:\Program Files\Screensaver Factory 4 Pro
      2009-02-12 09:22:49 ----D---- C:\Users\vincent13\AppData\Roaming\Wireshark
      2009-02-12 09:19:27 ----D---- C:\Program Files\HHD Software
      2009-02-11 19:23:12 ----D---- C:\ProgramData\NOS
      2009-02-11 19:23:12 ----D---- C:\Program Files\NOS
      2009-02-11 10:40:53 ----D---- C:\Program Files\eMule
      2009-02-11 10:33:46 ----A---- C:\Windows\system32\csdlocalmon.dll
      2009-02-11 10:33:09 ----D---- C:\Program Files\iriver
      2009-02-11 09:23:30 ----A---- C:\Windows\system32\mshtml.dll
      2009-02-11 09:23:19 ----A---- C:\Windows\system32\ieframe.dll
      2009-02-11 09:23:09 ----A---- C:\Windows\system32\urlmon.dll
      2009-02-11 09:23:06 ----A---- C:\Windows\system32\msfeeds.dll
      2009-02-11 09:23:02 ----A---- C:\Windows\system32\wininet.dll
      2009-02-11 09:22:59 ----A---- C:\Windows\system32\mstime.dll
      2009-02-11 09:22:55 ----A---- C:\Windows\system32\iertutil.dll
      2009-02-11 09:22:50 ----A---- C:\Windows\system32\jsproxy.dll
      2009-02-09 11:29:49 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
      2009-02-09 11:29:49 ----A---- C:\Windows\system32\infocardapi.dll
      2009-02-09 11:29:47 ----A---- C:\Windows\system32\icardres.dll
      2009-02-09 11:29:47 ----A---- C:\Windows\system32\icardagt.exe
      2009-02-09 11:29:46 ----A---- C:\Windows\system32\PresentationHostProxy.dll
      2009-02-09 11:29:44 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
      2009-02-09 11:29:39 ----A---- C:\Windows\system32\PresentationHost.exe
      2009-02-09 11:23:32 ----A---- C:\Windows\system32\dfshim.dll
      2009-02-09 11:23:30 ----A---- C:\Windows\system32\netfxperf.dll
      2009-02-09 11:23:30 ----A---- C:\Windows\system32\mscoree.dll
      2009-02-09 11:23:19 ----A---- C:\Windows\system32\mscorier.dll
      2009-02-09 11:23:14 ----A---- C:\Windows\system32\mscories.dll
      2009-02-08 17:16:40 ----D---- C:\Program Files\Roman Bowl
      2009-02-07 12:40:47 ----D---- C:\Program Files\Audacity
      2009-02-07 12:33:43 ----D---- C:\ProgramData\SiComponents
      2009-02-07 12:33:18 ----D---- C:\Program Files\Common Files\DVDVIDEOSOFT
      2009-02-07 12:33:10 ----D---- C:\Program Files\DVDVIDEOSOFT
      2009-02-06 12:35:56 ----A---- C:\Windows\system32\LegitCheckControl.DLL
      2009-01-31 19:11:49 ----D---- C:\Windows\system32\Samsung_USB_Drivers
      2009-01-31 19:11:45 ----D---- C:\Program Files\Samsung
      2009-01-28 16:08:06 ----D---- C:\Program Files\SupraASCIIArt
      2009-01-28 13:13:15 ----D---- C:\Users\vincent13\AppData\Roaming\LimeWire
      2009-01-26 20:19:45 ----D---- C:\Users\vincent13\AppData\Roaming\FLV Extract
      2009-01-26 20:16:33 ----D---- C:\Users\vincent13\AppData\Roaming\FMZilla
      2009-01-26 20:16:33 ----D---- C:\downloads
      2009-01-26 19:28:12 ----D---- C:\Program Files\StuffPlug3
      2009-01-25 16:53:31 ----D---- C:\Users\vincent13\AppData\Roaming\Morpheus Software
      2009-01-22 18:41:04 ----D---- C:\Program Files\PhotoFiltre
      2009-01-22 18:30:41 ----D---- C:\Users\vincent13\AppData\Roaming\Apple Computer
      2009-01-22 18:29:54 ----A---- C:\Windows\system32\GEARAspi.dll
      2009-01-22 18:29:53 ----DC---- C:\Windows\system32\DRVSTORE
      2009-01-22 18:29:30 ----D---- C:\Program Files\iPod
      2009-01-22 18:29:25 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
      2009-01-22 18:29:25 ----D---- C:\Program Files\iTunes
      2009-01-22 18:28:01 ----D---- C:\Program Files\QuickTime
      2009-01-22 18:27:58 ----D---- C:\ProgramData\Apple Computer
      2009-01-22 18:27:00 ----D---- C:\Program Files\Apple Software Update
      2009-01-22 18:26:22 ----D---- C:\ProgramData\Apple
      2009-01-22 18:26:22 ----D---- C:\Program Files\Common Files\Apple
      2009-01-16 21:21:24 ----D---- C:\Users\vincent13\AppData\Roaming\InterVideo
      2009-01-16 21:18:55 ----D---- C:\Users\vincent13\AppData\Roaming\dvdcss
      2009-01-11 17:03:00 ----D---- C:\Users\vincent13\AppData\Roaming\WinRAR
      2009-01-11 17:01:51 ----D---- C:\Program Files\WinRAR
      2009-01-10 13:12:27 ----D---- C:\ProgramData\EscapeTheMuseum
      2009-01-10 13:05:05 ----SHD---- C:\Users\vincent13\AppData\Roaming\.#
      2009-01-08 12:25:00 ----D---- C:\Program Files\SuperCopier2
      2009-01-08 12:10:35 ----D---- C:\Program Files\7-Zip
      2009-01-07 14:50:15 ----D---- C:\Users\vincent13\AppData\Roaming\vlc
      2009-01-07 14:32:55 ----D---- C:\Program Files\VideoLAN
      2008-12-29 14:43:58 ----D---- C:\Users\vincent13\AppData\Roaming\Encyclopedie Hachette
      2008-12-27 12:09:42
      0
    3. yoan-of-13 Posted messages 21 Status Member 9
       
      Report info.txt


      info.txt logfile of random's system information tool 1.05 2009-03-15 11:52:00

      ======Uninstall list======

      -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      -->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
      7-Zip 4.64-->"C:\Program Files\7-Zip\Uninstall.exe"
      ActivClient 6.1 x86-->MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697}
      Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
      Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Reader 8.1.2 - French-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
      Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
      Agere Systems HDA Modem-->agrsmdel
      Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
      Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
      WinRAR Archive-->C:\Program Files\WinRAR\uninstall.exe
      Windows Live Connection Assistant-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
      Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
      AuthenTec Fingerprint System-->MsiExec.exe /I{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}
      Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
      Broadcom NetXtreme Ethernet Controller-->MsiExec.exe /X{FC57FC53-104C-415C-98D7-B05E659461A9}
      Broadcom Wireless Network Adapter 802.11-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
      Catalyst Control Center - Branding-->MsiExec.exe /I{30BF4E6C-D866-46F7-A4F6-81A45E97706E}
      CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
      Credential Manager for HP ProtectTools-->rundll32.exe "C:\Program Files\Hewlett-Packard\IAM\Bin\SetupHelper.dll",ExecMain /Uninstall {0F98662A-EA83-414F-8766-3FCE46A32641}
      DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
      DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
      DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
      DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
      DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
      Drive Encryption for HP ProtectTools-->MsiExec.exe /I{F657EF23-08BB-4C8D-B688-78C20FA657EA}
      eMule-->"C:\Program Files\eMule\Uninstall.exe"
      Hachette Multimedia Encyclopedia (uninstall)-->"C:\Program Files\Hachette\EHM\uninstall.exe"
      ESET Smart Security-->MsiExec.exe /I{6EEF0EA7-391F-4CBF-9047-C4C85F6A930F}
      Eset-NOD32: Fix Dasumo v3 until 2029-->C:\Program Files\ESET\uninstall.exe
      Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
      Favorite-->c:\users\vincent13\appdata\local\cuwqaie.bat
      Free Video to Mp3 Converter version 2.7-->"C:\Program Files\DVDVIDEOSOFT\Free Video to Mp3 Converter\unins000.exe"
      Windows Live Photo Gallery-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
      getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
      HHD Software Free Hex Editor 3.12-->"C:\Program Files\HHD Software\Hex Editor 3.x\Uninstaller.exe"
      HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
      HP 3D DriveGuard-->MsiExec.exe /X{E44FFEA5-177E-4C5C-9EE1-33C8E3F2755B}
      HP Help and Support-->MsiExec.exe /X{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}
      HP JavaCard for HP ProtectTools-->MsiExec.exe /I{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}
      HP MULTIPLE MODEM INSTALLER for VISTA-->MsiExec.exe /I{45A136EC-88BF-4B95-99F5-C45D3930E1CC}
      HP ProtectTools Security Manager Suite-->C:\Windows\Installer\HPPTSuiteInstallEngine.exe /uninstall=C:\Windows\Installer\36243100.msi
      HP ProtectTools Security Manager-->MsiExec.exe /I{CABCDCC9-31F6-407E-ADD1-9D48BC6B17EB}
      HP Quick Launch Buttons 6.40 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c -removeonly uninst
      HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
      HP Wireless Assistant-->MsiExec.exe /I{340F521E-3576-4E1A-B75C-EB0ACF751379}
      InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
      InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
      iriver plus 3 (remove only)-->"C:\Program Files\iriver\iriver plus 3\uninstall.exe"
      iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
      Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
      Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
      Live-Player-->C:\Program Files\Live-Player\uninst.exe
      Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
      Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
      Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
      Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
      Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
      Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
      Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
      Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
      Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
      Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
      Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{820B6609-4C97-3A2B-B644-573B06A0F0CC}
      Microsoft .NET Framework 3.5 SP1 Language Module- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
      Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
      MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
      MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
      OpenOffice.org 2.4 Language Pack (French)-->MsiExec.exe /I{D2BE6521-F81C-4EC6-8887-A8BBC0B0786B}
      OpenOffice.org 2.4-->MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}
      PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
      Photostory 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
      QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
      Roman Bowl-->"C:\Program Files\Roman Bowl\ReflexiveArcade\unins000.exe"
      Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
      Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
      Roxio Creator Business v10-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
      Roxio Creator Business-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
      Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
      Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
      Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
      Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
      Roxio MyDVD-->MsiExec.exe /I{30A2A953-DEB1-466A-B660-F4399C7C6B9D}
      SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
      Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
      SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
      SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
      Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
      Screensaver Factory 4 Pro-->"C:\Program Files\Screensaver Factory 4 Pro\unins000.exe"
      Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
      SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x040c -removeonly
      Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
      StuffPlug 3-->C:\Program Files\StuffPlug3\Uninstall.exe
      SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
      Highlighter (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
      Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
      Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
      VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
      VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
      Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
      Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
      Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
      Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
      Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
      Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
      Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

      ======Security center information======

      AV: ESET Smart Security 3.0
      FW: ESET Personal Firewall
      AS: ESET Smart Security 3.0

      System event log

      Computer Name: Vincent
      Event Code: 7036
      Message: The Windows HTTP Services Automatic Proxy Discovery service has entered the state: running.
      Record Number: 50281
      Source Name: Service Control Manager
      Time Written: 20090315104927.000000-000
      Event Type: Information
      User:

      Computer Name: Vincent
      Event Code: 8033
      Message: The browser has forced an election on the network \Device\NetBT_Tcpip_{27FBC33F-C641-4290-A369-AA5211750AC3} because a master browser has stopped.
      Record Number: 50282
      Source Name: BROWSER
      Time Written: 20090315105131.000000-000
      Event Type: Information
      User:

      Computer Name: Vincent
      Event Code: 4202
      Message: The system has detected that the network adapter Wireless Network Connection 2 is disconnected from the network; its network configuration has been abandoned. If the network adapter is not disconnected, it may be malfunctioning. Try updating the network adapter driver.
      Record Number: 50283
      Source Name: Tcpip
      Time Written: 20090315105131.329200-000
      Event Type: Information
      User:

      Computer Name: Vincent
      Event Code: 4202
      Message: The system has detected that the network adapter Wireless Network Connection 2 is disconnected from the network; its network configuration has been abandoned. If the network adapter is not disconnected, it may be malfunctioning. Try updating the network adapter driver.
      Record Number: 50284
      Source Name: Tcpip
      Time Written: 20090315105131.625600-000
      Event Type: Information
      User:

      Computer Name: Vincent
      Event Code: 10002
      Message: The WLAN extensibility module has stopped.

      Module path: C:\Windows\System32\bcmihvsrv.dll

      Record Number: 50285
      Source Name: Microsoft-Windows-WLAN-AutoConfig
      Time Written: 20090315105133.170000-000
      Event Type: Warning
      User: NT AUTHORITY\SYSTEM

      Application event log

      Computer Name: Vincent
      Event Code: 0
      Message: The service successfully handled PowerEvent.
      Record Number: 7424
      Source Name: HP ProtectTools Service
      Time Written: 20090315104435.000000-000
      Event Type: Information
      User:

      Computer Name: Vincent
      Event Code: 0
      Message: The service successfully handled PowerEvent.
      Record Number: 7425
      Source Name: HP ProtectTools Service
      Time Written: 20090315104511.000000-000
      Event Type: Information
      User:

      Computer Name: Vincent
      Event Code: 0
      Message: The service successfully handled PowerEvent.
      Record Number: 7426
      Source Name: HP ProtectTools Service
      Time Written: 20090315104512.000000-000
      Event Type: Information
      User:

      Computer Name: Vincent
      Event Code: 1000
      Message: Faulting application Explorer.EXE, version 6.0.6001.18164, timestamp 0x4907e242, faulting module ntdll.dll, version 6.0.6001.18000, timestamp 0x4791a7a6, exception code 0xc0000005, offset 0x00047dd2, process id 0xcb8, start time of application 0x01c9a554d5a53ce7.
      Record Number: 7427
      Source Name: Application Error
      Time Written: 20090315104806.000000-000
      Event Type: Error
      User:

      Computer Name: Vincent
      Event Code: 1002
      Message: The environment has stopped unexpectedly and explorer.exe has restarted.
      Record Number: 7428
      Source Name: Microsoft-Windows-Winlogon
      Time Written: 20090315104810.000000-000
      Event Type: Information
      User:

      Security event log

      Computer Name: Vincent
      Event Code: 5038
      Message: Code integrity has determined that the hash of a file's image is not valid. The file may be corrupted due to unauthorized modification or the invalid hash may indicate a potential disk unit error.

      File name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
      Record Number: 14117
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20090315105153.436400-000
      Event Type: Audit failure
      User:

      Computer Name: Vincent
      Event Code: 5038
      Message: Code integrity has determined that the hash of a file's image is not valid. The file may be corrupted due to unauthorized modification or the invalid hash may indicate a potential disk unit error.

      File name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
      Record Number: 14118
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20090315105153.514400-000
      Event Type: Audit failure
      User:

      Computer Name: Vincent
      Event Code: 5038
      Message: Code integrity has determined that the hash of a file's image is not valid. The file may be corrupted due to unauthorized modification or the invalid hash may indicate a potential disk unit error.

      File name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
      Record Number: 14119
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20090315105153.592400-000
      Event Type: Audit failure
      User:

      Computer Name: Vincent
      Event Code: 5038
      Message: Code integrity has determined that the hash of a file's image is not valid. The file may be corrupted due to unauthorized modification or the invalid hash may indicate a potential disk unit error.

      File name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
      Record Number: 14120
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20090315105153.639200-000
      Event Type: Audit failure
      User:

      Computer Name: Vincent
      Event Code: 5038
      Message: Code integrity has determined that the hash of a file's image is not valid. The file may be corrupted due to unauthorized modification or the invalid hash may indicate a potential disk unit error.

      File name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
      Record Number: 14121
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20090315105153.670400-000
      Event Type: Audit failure
      User:

      ======Environment variables======

      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "FP_NO_HOST_CHECK"=NO
      "OS"=Windows_NT
      "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files\Hewlett-Packard\IAM\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
      "PROCESSOR_ARCHITECTURE"=x86
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP
      "USERNAME"=SYSTEM
      "windir"=%SystemRoot%
      "PROCESSOR_LEVEL"=17
      "PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
      "PROCESSOR_REVISION"=0301
      "NUMBER_OF_PROCESSORS"=1
      "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
      "EMC_AUTOPLAY"=C:\Program Files\Common Files\Roxio Shared\
      "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
      "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

      -----------------EOF-----------------




      --
      Sometimes it is better to remain silent and be thought a fool than to speak and remove all doubt.
      0
    4. gaudele
       
      Logfile of random's system information tool 1.08 (written by random/random)
      Run by Cathy at 2010-09-17 13:30:54
      Microsoft® Windows Vista(TM) Home Basic Edition Service Pack 2
      System drive C: has 27 GB (38%) free of 71 GB
      Total RAM: 767 MB (28% free)

      Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 13:31:25, on 17/09/2010
      Platform: Windows Vista SP2 (WinNT 6.00.1906)
      MSIE: Internet Explorer v8.00 (8.00.6001.18943)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Acer\Empowering Technology\SysMonitor.exe
      C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
      C:\Program Files\Alwil Software\Avast5\AvastUI.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Common Files\Java\Java Update\jusched.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\BitComet\BitComet.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Orange\Orange Sync Software\Voxsync.exe
      C:\Program Files\Hercules\WiFi Station for Livebox\WiFiLB.exe
      C:\Program Files\LimeWire\LimeWire.exe
      C:\Windows\system32\taskeng.exe
      C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
      C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
      C:\Windows\System32\mobsync.exe
      C:\Program Files\Orange\Orange Sync Software\SyncManager.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Downloads\RSIT.exe
      C:\Program Files\trend micro\Cathy.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
      R3 - URLSearchHook: Yahoo! Toolbar with pop-up blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
      O2 - BHO: Windows Live Sign-in Assistant helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
      O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
      O3 - Toolbar: Yahoo! Toolbar with pop-up blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
      O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
      O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
      O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
      O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Google Update] "C:\Users\Cathy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
      O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
      O4 - Global Startup: Empowering Technology Launcher.lnk = ?
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Orange Sync Software.lnk = ?
      O4 - Global Startup: WiFi Station for Livebox.lnk = C:\Program Files\Hercules\WiFi Station for Livebox\WiFiLB.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
      O8 - Extra context menu item: Download All with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
      O8 - Extra context menu item: Download with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
      O8 - Extra context menu item: Download All Videos with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menu item: &Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll/206 (file missing)
      O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Certificate Delivery Module MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
      O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - http://contacts.orange.fr/wfr_webab/VoxsyncX.cab
      O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
      O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
      O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
      O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
      O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
      O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
      O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
      O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: HP CUE DeviceDiscovery Service (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
      O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
      O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
      O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
      O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
      O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
      O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
      O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
      O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) -
      0
    5. gaudele
       
      ```html info.txt logfile of random's system information tool 1.08 2010-09-17 13:31:40

      ======Uninstall list======

      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
      32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
      802.11 USB Wireless LAN Adapter-->C:\Windows\system32\unwlsdrv.exe SiS163u
      Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
      Acer eMode Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
      Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
      Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x40c -removeonly
      Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
      Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
      Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
      Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
      Adobe Reader 9.3.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
      Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
      Windows Live Connection Assistant-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
      ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
      avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
      BitComet 1.22-->C:\Program Files\BitComet\uninst.exe
      CometBird (3.6.6)-->C:\Program Files\CometBird\uninstall\helper.exe
      eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x040c
      Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_223E2B8E7BAD9544.exe" /uninstall
      Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
      Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
      Hercules WiFi Station for Livebox-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe -runfromtemp -l0x040c -removeonly
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
      HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
      HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
      HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
      HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
      HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
      HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
      HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
      HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
      HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
      ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
      Windows Live Installation-->C:\Program Files\Windows Live\Installer\wlarp.exe
      Windows Live Installation-->MsiExec.exe /I{133742BA-6F46-4D3E-85AF-78631D9AD8B8}
      Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
      LimeWire 5.5.10-->"C:\Program Files\LimeWire\uninstall.exe"
      WinRAR Archiving Software-->C:\Program Files\WinRAR\uninstall.exe
      Orange Synchronization Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2EBC2F1-B766-4AE3-A10C-6EBBC1EE3B02}\setup.exe" -l0x40c -removeonly
      Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
      Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
      Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
      Microsoft .NET Framework 4 Client Profile FRA Language Pack-->MsiExec.exe /X{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
      Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
      Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
      Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
      Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
      Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
      Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
      Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
      Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
      Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
      Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
      Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
      Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
      Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
      Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
      Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
      Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
      Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
      Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
      Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}
      Microsoft .NET Framework 3.5 SP1 Language Pack - fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
      Microsoft .NET Framework 4 Client Profile FRA Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1036 /parameterfolder ClientLP
      MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
      MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
      MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
      NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
      NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
      Orange Voice Mail Plug-in 888-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}\Setup.exe" -l0x40c --AddRemove
      Windows Live Download Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
      PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
      Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
      Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
      Update for Office 2007 (KB934528)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
      Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-002F-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
      Windows Live Call-->MsiExec.exe /I{B3B487E7-6171-4376-9074-B28082CEB504}
      Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
      Windows Live Messenger-->MsiExec.exe /X{445B183D-F4F1-45C8-B9DB-F11355CA657B}
      Yahoo! Toolbar with pop-up blocker-->C:\PROGRA~1\Yahoo!\common\unyt.exe

      ======Security center information======

      AV: avast! Antivirus
      AS: Windows Defender
      AS: avast! Antivirus

      ======System event log======

      Computer Name: PC-de-Cathy
      Event Code: 57
      Message: The system could not empty the transaction log data. Data might be corrupted.
      Record Number: 96222
      Source Name: volsnap
      Time Written: 20100817144247.365200-000
      Event Type: Warning
      User:

      Computer Name: PC-de-Cathy
      Event Code: 57
      Message: The system could not empty the transaction log data. Data might be corrupted.
      Record Number: 96221
      Source Name: volsnap
      Time Written: 20100817144242.334200-000
      Event Type: Warning
      User:

      Computer Name: PC-de-Cathy
      Event Code: 57
      Message: The system could not empty the transaction log data. Data might be corrupted.
      Record Number: 96220
      Source Name: volsnap
      Time Written: 20100817144237.313200-000
      Event Type: Warning
      User:

      Computer Name: PC-de-Cathy
      Event Code: 57
      Message: The system could not empty the transaction log data. Data might be corrupted.
      Record Number: 96219
      Source Name: volsnap
      Time Written: 20100817144232.302200-000
      Event Type: Warning
      User:

      Computer Name: PC-de-Cathy
      Event Code: 57
      Message: The system could not empty the transaction log data. Data might be corrupted.
      Record Number: 96218
      Source Name: volsnap
      Time Written: 20100817144227.224200-000
      Event Type: Warning
      User:

      =====Application event log=====

      Computer Name: PC-de-Cathy
      Event Code: 1530
      Message: Windows has detected that your Registry file is still in use by other applications or services. The file will be unloaded. Applications or services that have access to your Registry may not function correctly afterward.

      DETAIL -
      1 user registry handles leaked from \Registry\User\S-1-5-21-663912834-2552467733-3157150852-1000:
      Process 544 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-663912834-2552467733-3157150852-1000

      Record Number: 739
      Source Name: Microsoft-Windows-User Profiles Service
      Time Written: 20100712113243.000000-000
      Event Type: Warning
      User: NT AUTHORITY\SYSTEM

      Computer Name: PC-de-Cathy
      Event Code: 8194
      Message: Volume Shadow Copy Service error: error querying the IVssWriterCallback interface. hr = 0x80070005. This error is often due to incorrect security settings in the writer or requester process.

      Operation:
      Writer data being collected

      Context:
      Writer class ID: {e8132975-6f93-4464-a53e-1050253ae220}
      Writer name: System Writer
      Writer instance ID: {f7d94b22-4a5f-4d53-b4d3-6fd9a053c5c4}
      Record Number: 734
      Source Name: VSS
      Time Written: 20100712113123.000000-000
      Event Type: Error
      User:

      Computer Name: PC-de-Cathy
      Event Code: 1008
      Message: The Windows Search service is attempting to delete the old catalog.

      Record Number: 486
      Source Name: Microsoft-Windows-Search
      Time Written: 20100712111939.000000-000
      Event Type: Warning
      User:

      Computer Name: LH-183N2DA2QYTI
      Event Code: 1036
      Message: Failed to InitializePrintProvider for provider inetpp.dll. This may occur due to system instability or a lack of system resources.
      Record Number: 454
      Source Name: Microsoft-Windows-SpoolerSpoolss
      Time Written: 20100712110957.000000-000
      Event Type: Warning
      User: NT AUTHORITY\SYSTEM

      Computer Name: LH-183N2DA2QYTI
      Event Code: 1530
      Message: Windows has detected that your Registry file is still in use by other applications or services. The file will be unloaded. Applications or services that have access to your Registry may not function correctly afterward.

      DETAIL -
      1 user registry handles leaked from \Registry\User\S-1-5-21-3435342520-3187486475-2238804463-500:
      Process 2544 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3435342520-3187486475-2238804463-500\Software\Microsoft\Windows\CurrentVersion\Explorer

      Record Number: 420
      Source Name: Microsoft-Windows-User Profiles Service
      Time Written: 20070506212844.000000-000
      Event Type: Warning
      User: NT AUTHORITY\SYSTEM

      =====Security event log=====

      Computer Name: LH-183N2DA2QYTI
      Event Code: 1100
      Message: The event logging service has been stopped.
      Record Number: 372
      Source Name: Microsoft-Windows-Eventlog
      Time Written: 20070506212845.592800-000
      Event Type: Audit Success
      User:

      Computer Name: LH-183N2DA2QYTI
      Event Code: 4672
      Message: Special privileges assigned to new logon.

      Subject:
      Security ID: S-1-5-18
      Account Name: SYSTEM
      Account Domain: NT AUTHORITY
      Logon ID: 0x3e7

      Privileges: SeAssignPrimaryTokenPrivilege
      SeTcbPrivilege
      SeSecurityPrivilege
      SeTakeOwnershipPrivilege
      SeLoadDriverPrivilege
      SeBackupPrivilege
      SeRestorePrivilege
      SeDebugPrivilege
      SeAuditPrivilege
      SeSystemEnvironmentPrivilege
      SeImpersonatePrivilege
      Record Number: 371
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20070506212823.737729-000
      Event Type: Audit Success
      User:

      Computer Name: LH-183N2DA2QYTI
      Event Code: 4624
      Message: An account logon was successful.

      Subject:
      Security ID: S-1-5-18
      Account Name: LH-183N2DA2QYTI$
      Account Domain: WORKGROUP
      Logon ID: 0x3e7

      Logon Type: 5

      New Logon:
      Security ID: S-1-5-18
      Account Name: SYSTEM
      Account Domain: NT AUTHORITY
      Logon ID: 0x3e7
      Logon GUID: {00000000-0000-0000-0000-000000000000}

      Process Information:
      Process ID: 0x29c
      Process Name: C:\Windows\System32\services.exe

      Network Information:
      Workstation Name:
      Source Network Address: -
      Source Port: -

      Detailed Authentication Information:
      Logon Process: Advapi
      Authentication Package: Negotiate
      Transmission Services: -
      Package Name (NTLM only): -
      Key Length: 0

      This event is generated when a logon is created. It is generated on the computer where the logon was performed.

      The Object field indicates the account on the local system that requested the logon. This is most often a service, such as the Server service, or a local process such as Winlogon.exe or Services.exe.

      The Logon Type field indicates the type of logon that occurred. The most common types are 2 (interactive) and 3 (network).

      The New Logon field indicates the account for which the new logon was created, for example, the account that logged on.
      ```
      0
  3. totobetourne Posted messages 5677 Status Member 65
     


    1) Download navilog1
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Follow the instructions. On the main menu, choose 1 and confirm.
    (do not choose 2, 3, or 4 without our advice/approval)
    Wait until the message:
    *** Analysis Completed on ..... ***
    Press a key as requested, Notepad will open.
    Copy and paste the entire content into a response. Close Notepad.
    The report is also saved at the root of the disk (fixnavi.txt)

    2) Hi,

    When you reach the main menu, choose option 2 and confirm (automatic "cleaning").

    The fix will then ask you to "restart the PC", close all open windows
    and press a key as requested. (if the PC does not restart automatically, do it manually)
    Upon restarting the PC, choose the usual session if necessary.

    Wait until the message: "Cleaning Completed on ..."

    The desktop will return, then Notepad will open.
    Save this report in a way that you can find it later, then close Notepad ...
    (The report will also be saved at the root of disk "C:\cleannavi.txt")

    Post this report in your new response for analysis and await further instructions ...

    (PS: If the desktop does not reappear, press CTRL+ALT+DELETE to open Task Manager.
    Select the processes tab. Click on file at the top left and choose run,
    Type explorer and confirm.)
    --
    As long as we believe all the nonsense that can be told to us on a global scale, we will continue to head straight into the wall or even accelerate towards it.
    WAKE UP FROM OUR LIVES.
    0
    1. yoan-of-13 Posted messages 21 Status Member 9
       
      It doesn't work, an error message says that GetPaths.exe has stopped working...
      --
      Sometimes it's better to stay silent and be thought a fool than to speak and remove all doubt.
      0
    2. voila :)
       
      Fix Navipromo version 4.1.1 started on 08/23/2013 10:13:39,21

      !!! Warning, this report may indicate legitimate files/programs!!!
      !!! Post this report on the forum to have it analyzed !!!

      Tool executed from C:\navilog1

      Updated on 04/07/2012 at 20:00 by IL-MAFIOSO

      Microsoft® Windows Vista(TM) Home Premium Edition ( v6.0.6001 ) Service Pack 1
      X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU U2300 @ 1.20GHz )
      BIOS : Phoenix SecureCore(tm) NB Version 02CX.M003.20090825.KSY
      USER : rocco ( Not Administrator ! )
      BOOT : Normal boot




      C:\ (Local Disk) - NTFS - Total:120 Go (Free:42 Go)
      D:\ (Local Disk) - NTFS - Total:98 Go (Free:49 Go)


      Search executed in normal mode


      [b]No Navipromo/Egdaccess Infection found[/b]



      *** Scan completed 08/23/2013 10:15:52,22 ***
      0
  4. totobetourne Posted messages 5677 Status Member 65
     
    Have you done the 1) of my first message.
    --
    As long as we believe all the nonsense that can be told to us on a global scale, we will continue to go straight into the wall or even speed up towards it.
    WAKE UP TO OUR LIVES.
    0
    1. yoan-of-13 Posted messages 21 Status Member 9
       
      No, I couldn't. It keeps saying "Access denied" and it closes the program before I can reach the main menu.
      --
      Sometimes, it's better to remain silent and come off as a fool than to speak and clear up all doubts.
      0
  5. totobetourne Posted messages 5677 Status Member 65
     
    at this moment, right-click on the navilog icon and give it administrator rights.

    it's good to tell me in advance if what I'm proposing doesn't work.
    --
    As long as we believe all the nonsense that can be told to us on a global scale, we will continue to head straight for the wall, or even accelerate towards it.
    WAKE UP TO OUR LIVES.
    0
  6. yoan-of-13 Posted messages 21 Status Member 9
     
    Uh....
    How do we do that ??
    --
    Sometimes it's better to remain silent and be thought a fool than to speak up and remove all doubt.
    0
  7. totobetourne Posted messages 5677 Status Member 65
     
    do as instructed I can't tell you more. for the right click it's with your mouse when you're on the navilog icon that you click on it but instead of clicking with the left button you do it with the right button.
    --
    As long as we believe all the nonsense that can be told to us on a global scale, we will continue to head straight for the wall or even accelerate towards it.
    WAKE UP OUR LIVES.
    0
  8. yoan-of-13 Posted messages 21 Status Member 9
     
    Yeah, I understood about the right-click but there's nowhere to give admin rights and when I run as administrator it doesn't do anything.
    --
    Sometimes it's better to remain silent and be thought of as a fool than to speak up and remove all doubt.
    0
  9. yoan-of-13 Posted messages 21 Status Member 9
     
    OK thanks, I'll give it a try
    --
    Sometimes it's better to remain silent and be thought a fool than to speak up and remove all doubt.
    0
  10. yoan-of-13 Posted messages 21 Status Member 9
     
    Here is the report:

    Malwarebytes' Anti-Malware 1.34
    Database version: 1883
    Windows 6.0.6001 Service Pack 1

    03/22/2009 12:48:17
    mbam-log-2009-03-22 (12-48-17).txt

    Scan type: Complete scan (C:\|)
    Items examined: 211786
    Elapsed time: 32 minute(s), 37 second(s)

    Infected memory process(es): 0
    Infected memory module(s): 0
    Infected registry key(s): 4
    Infected registry value(s): 0
    Infected registry data item(s): 0
    Infected folder(s): 0
    Infected file(s): 4

    Infected memory process(es):
    (No harmful items detected)

    Infected memory module(s):
    (No harmful items detected)

    Infected registry key(s):
    HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.

    Infected registry value(s):
    (No harmful items detected)

    Infected registry data item(s):
    (No harmful items detected)

    Infected folder(s):
    (No harmful items detected)

    Infected file(s):
    C:\Users\vincent13\Local Settings\Application Data\cuwqaie_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\vincent13\Local Settings\Application Data\cuwqaie_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\vincent13\Local Settings\Application Data\cuwqaie.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\vincent13\Local Settings\Application Data\cuwqaie.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.

    --
    Sometimes it's better to remain silent and be thought a fool than to speak and remove all doubt.
    0
  11. yoan-of-13 Posted messages 21 Status Member 9
     
    Yes, now navilog is working. I'm doing the analysis and I'll send you the report in the next post.
    --
    Sometimes it's better to remain silent and be thought a fool than to speak and dispel all doubt.
    0
  12. yoan-of-13 Posted messages 21 Status Member 9
     
    Search Navipromo version 3.7.6 started on 22/03/2009 at 17:13:55.12

    !!! Warning, this report may indicate legitimate files/programs!!!
    !!! Post this report on the forum for analysis!!!
    !!! Do not start the cleanup process without a specialist's advice!!!

    Tool executed from C:\Program Files\navilog1

    Updated on 14.03.2009 at 18:00 by IL-MAFIOSO

    Microsoft® Windows Vista™ Home Basic Edition (v6.0.6001) Service Pack 1
    X86-based PC (Multiprocessor Free: AMD Sempron(tm) SI-40)
    BIOS: Default System BIOS
    USER: vincent13 (Administrator)
    BOOT: Normal boot

    Antivirus: ESET Smart Security 3.0 3.0 (Activated)
    Firewall: ESET Personal Firewall 3.0.642.0 (Activated)

    C:\ (Local Disk) - NTFS - Total: 111 GB (Free: 86 GB)
    D:\ (CD or DVD) - CDFS - Total: 0 GB (Free: 0 GB)

    Search executed in normal mode

    *** Searching folders in "C:\Windows" ***

    *** Searching folders in "C:\Program Files" ***

    ...\Live-Player found!

    *** Searching folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***

    ...\Live-Player found!

    *** Searching folders in "c:\progra~2\micros~1\windows\startm~1" ***

    *** Searching folders in "C:\ProgramData" ***

    *** Searching folders in "c:\users\vincen~1\appdata\roaming\micros~1\windows\startm~1\programs" ***

    *** Searching folders in "C:\Users\vincent13\AppData\Local\virtualstore\Program Files" ***

    *** Searching folders in "C:\Users\AdminSAV\AppData\Local\virtualstore\Program Files" ***

    *** Searching folders in "C:\Users\vincent13\AppData\Local" ***

    *** Searching folders in "C:\Users\AdminSAV\AppData\Local" ***

    *** Searching folders in "C:\Users\vincent13\AppData\Roaming" ***

    ...\Live-Player found!

    *** Searching folders in "C:\Users\AdminSAV\appdata\roaming" ***

    *** Search with Catchme-rootkit/stealth malware detector by gmer ***
    for more info: http://www.gmer.net

    *** Search with GenericNaviSearch ***
    !!! All these results may reveal legitimate files!!!
    !!! Must be verified before any manual deletion!!!

    * Searching in "C:\Windows\system32" *

    * Searching in "C:\Users\vincent13\AppData\Local\Microsoft" *

    * Searching in "C:\Users\vincent13\AppData\Local\virtualstore\windows\system32" *

    * Searching in "C:\Users\vincent13\AppData\Local" *

    * Searching in "C:\Users\AdminSAV\AppData\Local" *

    *** Searching files ***

    c:\users\public\desktop\Live-Player.lnk found!

    *** Searching specific keys in the Registry ***
    !! The found keys are not necessarily infected !!

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cuwqaie"="\"c:\\users\\vincent13\\appdata\\local\\cuwqaie.exe\" cuwqaie"

    *** Additional Search Module ***
    (Searching specific files)

    1) Searching for new Instant Access files:

    2) Heuristic Search:

    * In "C:\Windows\system32":

    * In "C:\Users\vincent13\AppData\Local\Microsoft":

    * In "C:\Users\vincent13\AppData\Local\virtualstore\windows\system32":

    * In "C:\Users\vincent13\AppData\Local":

    cuwqaie.bat found!

    * In "C:\Users\AdminSAV\AppData\Local":

    3) Searching Certificates:

    Egroup certificate absent!
    Electronic-Group certificate absent!
    Montorgueil certificate absent!
    OOO-Favorit certificate absent!
    Sunny-Day-Design-Ltd certificate absent!

    4) Searching other known folders and files:

    *** Analysis completed on 22/03/2009 at 17:39:23.25 ***

    --
    Sometimes it is better to remain silent and be thought a fool than to speak and remove all doubt.
    0
  13. totobetourne Posted messages 5677 Status Member 65
     
    look if you can launch navilog on option 2 now.
    --
    As long as we believe all the nonsense we can be told on a global scale, we will continue to head straight for the wall, indeed even accelerate towards it.
    WAKE UP FROM OUR LIVES.
    0
  14. yoan-of-13 Posted messages 21 Status Member 9
     
    I chose option 2, I'll send you the report in the next post. Thank you ^^
    --
    Sometimes it's better to remain silent and be thought of as a fool than to speak and dispel all doubts.
    0
  15. yoan-of-13 Posted messages 21 Status Member 9
     
    Clean Navipromo version 3.7.6 started on 03/23/2009 at 18:32:22.56

    Tool executed from C:\Program Files\navilog1

    Updated on 03/14/2009 at 6:00 PM by IL-MAFIOSO

    Microsoft® Windows Vista™ Basic Home Edition (v6.0.6001) Service Pack 1
    X86-based PC (Multiprocessor Free: AMD Sempron(tm) SI-40)
    BIOS: Default System BIOS
    USER: vincent13 (Administrator)
    BOOT: Normal boot

    Antivirus: ESET Smart Security 3.0 3.0 (Activated)
    Firewall: ESET Personal Firewall 3.0.642.0 (Activated)

    C:\ (Local Disk) - NTFS - Total: 111 GB (Free: 85 GB)
    D:\ (CD or DVD) - CDFS - Total: 0 GB (Free: 0 GB)

    Automatic deletion mode
    with support for results Catchme and GNS

    Cleaning executed at computer restart

    *** fsbl1.txt not found ***
    (Ensure Catchme found nothing during the search)

    *** Deletion with backups results GenericNaviSearch ***

    * Deletion in "C:\Windows\System32" *

    * Deletion in "C:\Users\vincent13\AppData\Local\Microsoft" *

    * Deletion in "C:\Users\vincent13\AppData\Local\virtualstore\windows\system32" *

    * Deletion in "C:\Users\vincent13\AppData\Local" *

    * Deletion in "C:\Users\AdminSAV\AppData\Local" *

    *** Deletion folders in "C:\Windows" ***

    *** Deletion folders in "C:\Program Files" ***

    ...\Live-Player ...deleting...
    ...\Live-Player deleted!

    *** Deletion folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***

    ...\Live-Player ...deleting...
    ...\Live-Player deleted!

    *** Deletion folders in "c:\progra~2\micros~1\windows\startm~1" ***

    *** Deletion folders in "C:\ProgramData" ***

    *** Deletion folders in c:\users\vincen~1\appdata\roaming\micros~1\windows\startm~1\programs ***

    *** Deletion folders in "C:\Users\AdminSAV\appdata\roaming\micros~1\windows\startm~1\programs" ***

    *** Deletion folders in "C:\Users\vincent13\AppData\Local\virtualstore\Program Files" ***

    *** Deletion folders in "C:\Users\AdminSAV\AppData\Local\virtualstore\Program Files" ***

    *** Deletion folders in "C:\Users\vincent13\AppData\Local" ***

    *** Deletion folders in "C:\Users\AdminSAV\AppData\Local" ***

    *** Deletion folders in "C:\Users\vincent13\AppData\Roaming" ***

    ...\Live-Player ...deleting...
    ...\Live-Player deleted!

    *** Deletion folders in "C:\Users\AdminSAV\appdata\roaming" ***

    *** Deletion files ***

    c:\users\public\desktop\Live-Player.lnk deleted!

    *** Deletion temporary files ***

    Cleaning contents of C:\Windows\Temp completed!
    Cleaning contents of C:\Users\VINCEN~1\AppData\Local\Temp completed!

    *** Processing Additional Search ***
    (Searching for specific files)

    1)Deletion with backups new files Instant Access:

    2)Search, create backups, and Heuristic deletion:

    * In "C:\Windows\system32" *

    * In "C:\Users\vincent13\AppData\Local\Microsoft" *

    * In "C:\Users\vincent13\AppData\Local\virtualstore\windows\system32" *

    * In "C:\Users\vincent13\AppData\Local" *

    cuwqaie.bat found!
    Copy of cuwqaie.bat completed successfully!
    cuwqaie.bat deleted!

    * In "C:\Users\AdminSAV\AppData\Local" *

    *** Registry Backup to Safebackup folder ***

    Registry backup completed successfully!

    *** Registry Cleaning ***

    Registry Cleaning Ok

    *** Certificates ***

    Egroup Certificate absent!
    Electronic-Group Certificate absent!
    Montorgueil Certificate absent!
    OOO-Favorit Certificate absent!
    Sunny-Day-Design-Ltdt Certificate absent!

    *** Search for other known folders and files ***

    *** Cleaning completed on 03/23/2009 at 18:57:21.38 ***

    --
    Sometimes it's better to remain silent and be thought a fool than to speak and remove all doubt.
    0
  16. totobetourne Posted messages 5677 Status Member 65
     
    It is now okay

    1) remove rsit and navilog keep malwarebyte.

    2) to remove temporary files

    to do every 15 days or so.

    • Download CCLeaner and install it on the desktop while refusing the installation of the Yahoo toolbar.
    http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner

    • Close all applications
    • Launch CCLeaner
    If it is not in French click on Options, Setting, Language
    and select French
    • check in the Cleaner menu - Windows tab:
    Internet Explorer: Temporary Internet Files, Cookies
    • System: Empty the Recycle Bin, Temporary Files, Clipboard
    • Advanced: Old Prefetch data
    • Uncheck in the Options menu - Advanced submenu:
    Only delete files from the Windows temp folder older than 48 hours
    • Check in the Cleaner menu - Applications tab: Internet: Sun Java
    • Check, if possible, in the Cleaner menu - Applications tab:
    Firefox/Mozilla: Internet Cache, Cookies
    • Click on Analyze
    • Click on the Run Cleaner button in the Cleaner menu.
    • Click on Registry
    • Select all
    • Click on Find Errors (At the bottom)

    Once the scan is complete select all
    • Click on Repair Selected Errors

    3) switch to mozilla 3 instead of internet explorer because it is much safer.

    http://www.commentcamarche.net/telecharger/telecharger 111 firefox

    do what is indicated in this link to better secure firefox.
    https://www.malekal.com/securiser-le-navigateur-web-firefox-2/

    especially NO SCRIPT (stops Java and Adobe programs automatically, prevents infections via scripts
    so you need to allow certain sites of yours to be able to read texts or videos)

    effective on unknown or dubious sites.
    --
    As long as we believe all the nonsense that can be told to us on a global scale, we will continue to head straight for the wall, even accelerating towards it.
    WAKE UP OF OUR LIVES.
    0
  17. yoan-of-13 Posted messages 21 Status Member 9
     
    Ok, thank you very much!!!!
    It hasn't happened to me since the analysis with Malwarebytes.
    --
    Sometimes it's better to stay silent and be thought a fool than to talk and dispel all doubts.
    0
  18. jordan2701 Posted messages 56 Registration date   Status Member 8
     
    I have exactly the same problem, but I think it's because Vista is still under SP1. When SP2 comes out, many problems will be resolved.
    0
  19. totobetourne Posted messages 5677 Status Member 65
     
    he was disgusting that's why the problems are being solved.

    during a transition from SP1 to SP2, many problems will be resolved and many others will arise.
    --
    As long as we believe all the nonsense we are told, we will continue to head straight for the wall.
    WAKE UP FROM OUR LIVES.
    0
  20. Mel_Gibson Posted messages 315 Status Member 148
     
    Hello, there can be several solutions to this problem:

    1st solution (IT DISABLES A PROTECTION --> AT YOUR OWN RISK (for me, who had the same problem under XP, it worked)):

    In Windows Explorer, right-click on 'Computer' --> 'Properties' --> 'Advanced System Settings'
    --> Performance (if you want to disable visual effects to increase performance, it's here by the way)
    --> Data Execution Prevention tab
    --> Turn on DEP for essential Windows programs and services only, EXCEPT FOR THOSE I SELECT
    --> Click Add, C:\Windows\Explorer.exe
    --> Apply

    2nd solution It may come from a dll that needs to be removed:

    https://forum.zebulon.fr/topic/122256-explorateur-windows-a-cess%C3%A9-de-fonctionner/

    3rd solution, the problem could come from Firefox:
    [quote]Crazy trick. I tried the manipulation suggested by a guy and it works!

    I quote:

    1) Launch Firefox
    2) Go to Tools > Options > Privacy
    3) Select "Use Custom Settings for History"
    4) Uncheck everything
    5) Check "Clear History when Firefox closes"/quote

    Source: http://forum.canardpc.com/threads/41587-RESOLU-windows-7-Plantage-incessant-de-l-explorer?p=2733245#post2733245

    4th solution format (-_-)
    If the problem persists after formatting/reinstalling Windows, usually it's the last option to fix issues related to Windows, then it's caused by other things.

    When you formatted/reinstalled Windows,
    did you install any other programs before testing?
    I recommend formatting/reinstalling and not adding any programs or peripherals (only mouse and keyboard)
    That means just after the installation is complete and your desktop appears, repeat the same operations.
    If the problem does not appear then install the programs one by one, starting with the internet.
    0
  • 1
  • 2