WIN32 KAMSO THEN ROOTKIT DETECTION
Solved
BACARA
-
BACARA -
BACARA -
Hello,
First of all, I would like to thank everyone who responds to me.
Here is the problem:
After going to an internet café with my USB drive and then using it on my PC,
Avast discovered a Trojan:
File name: 86l2qw.bat
Malware: Win32:Kamso [trj]
I tried to delete it, but it keeps coming back and attacking other files.
Then Avast discovered a rootkit, I deleted it (not sure if it’s really gone).
I then downloaded Malwarebytes' Anti-Malware, but the scan gets stuck as soon as Avast rediscovers a Trojan.
I also wanted to run an Avast scan, but the preliminary test tells me: infected memory.
From now on, I leave the PC off for fear that someone might retrieve codes or other things like that.
So how can I fix it?
What risks do I run with this Trojan and this rootkit?
Will the Trojan and the rootkit be completely removed if I restore my PC to the initial restore point?
Thank you in advance for your help!
First of all, I would like to thank everyone who responds to me.
Here is the problem:
After going to an internet café with my USB drive and then using it on my PC,
Avast discovered a Trojan:
File name: 86l2qw.bat
Malware: Win32:Kamso [trj]
I tried to delete it, but it keeps coming back and attacking other files.
Then Avast discovered a rootkit, I deleted it (not sure if it’s really gone).
I then downloaded Malwarebytes' Anti-Malware, but the scan gets stuck as soon as Avast rediscovers a Trojan.
I also wanted to run an Avast scan, but the preliminary test tells me: infected memory.
From now on, I leave the PC off for fear that someone might retrieve codes or other things like that.
So how can I fix it?
What risks do I run with this Trojan and this rootkit?
Will the Trojan and the rootkit be completely removed if I restore my PC to the initial restore point?
Thank you in advance for your help!
Configuration: Windows XP Internet Explorer 7.0
27 réponses
- 1
- 2
Suivant
Hello,
Kavo infection.... the purpose of this infection is to retrieve online game credentials...
First, do this:
1- Download and install the software HijackThis:
Here http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
or here http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
or here https://www.clubic.com/telecharger-fiche17891-hijackthis.html
--> Click on the setup to launch the installation: follow the prompts and do not change the installation parameters.
At the end of the installation, the program will launch automatically: close it by clicking on the red cross.
In the end, you should have a shortcut on your desktop and also a path like:
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
( Do not run this program for now and proceed to the next steps... )
2- Download Random's System Information Tool (RSIT) from random/random and save the executable to your Desktop.
-> http://images.malwareremoval.com/random/RSIT.exe
! Disconnect and close all your running applications !
Double-click on "RSIT.exe" to run it.
-> A first window opens with the title: "Disclaimer of warranty".
* In front of the option "List files/folders created ...", choose: 2 months
* then click on "Continue" to start the scan...
-> let the scan run and do not touch the PC ...
When the scan is finished, two text files will open (probably with Notepad).
Post the content of "log.txt" (the one that appears on the screen), and also of "info.txt" (which you will see in the taskbar), for analysis and wait for further instructions...
Important: post one report, then the other in the next response...
If you try to post both at the same time, it could be too long for the forum...
( And if "log.txt" alone does not go through either, do it in 2 parts... thank you... )
( Note: the reports will also be saved in this folder -> C:\rsit)
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are out of trouble until we have
told you so!
Kavo infection.... the purpose of this infection is to retrieve online game credentials...
First, do this:
1- Download and install the software HijackThis:
Here http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
or here http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
or here https://www.clubic.com/telecharger-fiche17891-hijackthis.html
--> Click on the setup to launch the installation: follow the prompts and do not change the installation parameters.
At the end of the installation, the program will launch automatically: close it by clicking on the red cross.
In the end, you should have a shortcut on your desktop and also a path like:
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
( Do not run this program for now and proceed to the next steps... )
2- Download Random's System Information Tool (RSIT) from random/random and save the executable to your Desktop.
-> http://images.malwareremoval.com/random/RSIT.exe
! Disconnect and close all your running applications !
Double-click on "RSIT.exe" to run it.
-> A first window opens with the title: "Disclaimer of warranty".
* In front of the option "List files/folders created ...", choose: 2 months
* then click on "Continue" to start the scan...
-> let the scan run and do not touch the PC ...
When the scan is finished, two text files will open (probably with Notepad).
Post the content of "log.txt" (the one that appears on the screen), and also of "info.txt" (which you will see in the taskbar), for analysis and wait for further instructions...
Important: post one report, then the other in the next response...
If you try to post both at the same time, it could be too long for the forum...
( And if "log.txt" alone does not go through either, do it in 2 parts... thank you... )
( Note: the reports will also be saved in this folder -> C:\rsit)
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are out of trouble until we have
told you so!
Bacara ,
start by doing this :
Download FindyKill ( from C_XX, Chimay8 & Chiquitine29 ) to your desktop :
> http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe
! Disconnect from the internet, disable your antivirus and close all running applications !
--> Double-click on the .exe to start the installation of the tool (don’t touch the installation settings).
Mandatory :
Connect all your external devices to your PC (USB stick, external HDD, flash disk, MP3 player, SD card, etc.) that may have been infected (but do not open them!).
# Double click on the shortcut FindyKill on your desktop to launch the tool.
( in the 1st window, type f then [enter] for the French version ).
# Choose option 1 ( Search )
# Let the tool work and touch nothing during the scan.
# Once finished, post the report FindyKill.txt that will appear.
The report is also saved at the root of the master disk ( C:\FindyKill.txt ).
( CTRL+A To select all, CTRL+C to copy and CTRL+V to paste )
Note :
"Process.exe", a component of the tool, is detected by some antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) as being a RiskTool.
It is not a virus, but a utility designed to terminate processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) which is why these antivirus programs issue an alert.
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : do not think you are out of the woods until
someone has told you so!
start by doing this :
Download FindyKill ( from C_XX, Chimay8 & Chiquitine29 ) to your desktop :
> http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe
! Disconnect from the internet, disable your antivirus and close all running applications !
--> Double-click on the .exe to start the installation of the tool (don’t touch the installation settings).
Mandatory :
Connect all your external devices to your PC (USB stick, external HDD, flash disk, MP3 player, SD card, etc.) that may have been infected (but do not open them!).
# Double click on the shortcut FindyKill on your desktop to launch the tool.
( in the 1st window, type f then [enter] for the French version ).
# Choose option 1 ( Search )
# Let the tool work and touch nothing during the scan.
# Once finished, post the report FindyKill.txt that will appear.
The report is also saved at the root of the master disk ( C:\FindyKill.txt ).
( CTRL+A To select all, CTRL+C to copy and CTRL+V to paste )
Note :
"Process.exe", a component of the tool, is detected by some antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) as being a RiskTool.
It is not a virus, but a utility designed to terminate processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) which is why these antivirus programs issue an alert.
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : do not think you are out of the woods until
someone has told you so!
Hi ske, here is the report:
############################## | FindyKill V6.006 |
# User : Administrator (Administrators) # PC270908708179
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 18:14:35 | 16/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1296 [VPS 090714-0] 4.8.1296 [ (!) Disabled | Updated ]
# C:\ # Local Disk # 29.89 GB (8.09 GB free) # NTFS
# D:\ # CD-ROM
# E:\ # Local Disk # 7.38 GB (438.35 MB free) [HP_RECOVERY] # NTFS
# F:\ # Removable Drive # 981.05 MB (978.48 MB free) # FAT32
# G:\ # Removable Drive # 1.88 GB (1.87 GB free) # FAT
############################## | Active Processes |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Startup Registry |
R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
R1 - HKCU\..\Main: "Start Page"="https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl"
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="Administrator"
F2 - HKLM\..\logon:"AltDefaultUserName"="Administrator"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: MsmqIntCert=regsvr32 /s mqrt.dll
04 - HKLM\..\Run: SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
04 - HKLM\..\Run: PTHOSTTR=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
04 - HKLM\..\Run: DLA=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
04 - HKLM\..\Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run: igfxtray=C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\..\Run: igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\..\Run: igfxpers=C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\..\Run: hpWirelessAssistant=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
04 - HKLM\..\Run: CognizanceTS=rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
04 - HKLM\..\Run: QlbCtrl=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
04 - HKLM\..\Run: Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe
04 - HKLM\..\Run: Recguard=C:\WINDOWS\Sminst\Recguard.exe
04 - HKLM\..\Run: Reminder=C:\WINDOWS\Creator\Remind_XP.exe
04 - HKLM\..\Run: Scheduler=C:\WINDOWS\SMINST\Scheduler.exe
04 - HKLM\..\Run: WatchDog=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
04 - HKLM\..\Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run: BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
04 - HKLM\..\Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\Run: SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKCU\..\Run: swg#C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe#
04 - HKCU\..\Run: ctfmon.exe#C:\WINDOWS\system32\ctfmon.exe#
04 - HKCU\..\Run: cdoosoft#C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe#
################## | Files # Infected Folders |
Present! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmdfgds0.dll
Present! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmdfgds1.dll
Present! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe
################## | C:\Documents and Settings\Administrator\Temporary Internet Files |
Present! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eauninstall.exe
################## | All Drives ... |
C:\autorun.inf # -> called file: "C:\86l2qw.bat" ( Absent ! )
Present! C:\autorun.inf
E:\autorun.inf # -> called file: "E:\86l2qw.bat" ( Absent ! )
Present! E:\autorun.inf
F:\autorun.inf # -> called file: "F:\86l2qw.bat" ( Present ! )
Present! F:\autorun.inf
G:\autorun.inf # -> called file: "G:\86l2qw.bat" ( Present ! )
Present! G:\autorun.inf
################## | Registry # Infected Run Keys |
Present! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Present! HKU\S-1-5-21-2782306073-1845761726-2154029074-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Present! HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
Present! HKLM\SYSTEM\ControlSet001\Services\AVPsys
Present! HKLM\SYSTEM\ControlSet003\Services\AVPsys
Present! HKLM\SYSTEM\ControlSet004\Services\AVPsys
Present! HKLM\software\microsoft\security center "AntiVirusDisableNotify" ( 0x1 )
Present! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 )
################## | Registry # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\F
Shell\AutoRun\command =F:\86l2qw.bat
Shell\open\Command =F:\86l2qw.bat
HKCU\..\..\Explorer\MountPoints2\{031bb4bd-0cb1-11dd-9828-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{06f8966e-f078-11dc-9816-001641bb2538}
Shell\AutoRun\command =F:\86l2qw.bat
Shell\open\Command =F:\86l2qw.bat
HKCU\..\..\Explorer\MountPoints2\{0f1408cf-e920-11dc-9808-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{27ca3d06-97d6-11dd-987e-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{2d066f0e-d878-11dc-97f3-001641bb2538}
Shell\AutoRun\command =G:\3wcxx91.cmd
Shell\explore\Command =G:\3wcxx91.cmd
Shell\open\Command =G:\3wcxx91.cmd
HKCU\..\..\Explorer\MountPoints2\{2de7ef00-9ad1-11dd-9883-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{3bcec8cc-3eac-11dd-9859-001641bb2538}
Shell\AutoRun\command =jfvkcsy.bat
Shell\explore\Command =jfvkcsy.bat
Shell\open\Command =jfvkcsy.bat
HKCU\..\..\Explorer\MountPoints2\{3cde993d-fa46-11db-9752-001641bb2538}
Shell\Auto\command =F:\bittorrent.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
HKCU\..\..\Explorer\MountPoints2\{4b041f94-f4c9-11dc-981a-001641bb2538}
Shell\Auto\command =G:\bittorrent.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
HKCU\..\..\Explorer\MountPoints2\{7c554e88-d40f-11db-9732-001641bb2538}
Shell\Auto\command =F:\bittorrent.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
HKCU\..\..\Explorer\MountPoints2\{97694884-e181-11dc-97fe-001641bb2538}
Shell\AutoRun\command =G:\3o.exe
Shell\explore\Command =G:\3o.exe
Shell\open\Command =G:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{97694885-e181-11dc-97fe-001641bb2538}
Shell\AutoRun\command =H:\3o.exe
Shell\explore\Command =H:\3o.exe
Shell\open\Command =H:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{a4e7e55a-106c-11dd-982a-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{ab3583dc-91bc-11dc-97b5-001641bb2538}
Shell\Auto\command =bittorrent.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
HKCU\..\..\Explorer\MountPoints2\{bcf813e3-107e-11dd-982c-001641bb2538}
Shell\Auto\command =F:\RavMonE.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
HKCU\..\..\Explorer\MountPoints2\{bcf813e4-107e-11dd-982c-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{c616d7b4-eb95-11dc-980d-001641bb2538}
Shell\AutoRun\command =wd_windows_tools\setup.exe
HKCU\..\..\Explorer\MountPoints2\{c780ec37-15c7-11dc-9767-001641bb2538}
Shell\AutoRun\command =G:\3o.exe
Shell\explore\Command =G:\3o.exe
Shell\open\Command =G:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{ca27424a-d5a4-11dd-98b4-001641bb2538}
Shell\AutoRun\command =G:\86l2qw.bat
Shell\open\Command =G:\86l2qw.bat
HKCU\..\..\Explorer\MountPoints2\{edb260d8-ccf9-11db-972f-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{f22c7444-ffc9-11dc-9821-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
################## | Status / Services / Information |
# Display hidden files : OK
# Safe mode : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! End of report # FindyKill V6.006 ! |
############################## | FindyKill V6.006 |
# User : Administrator (Administrators) # PC270908708179
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 18:14:35 | 16/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1296 [VPS 090714-0] 4.8.1296 [ (!) Disabled | Updated ]
# C:\ # Local Disk # 29.89 GB (8.09 GB free) # NTFS
# D:\ # CD-ROM
# E:\ # Local Disk # 7.38 GB (438.35 MB free) [HP_RECOVERY] # NTFS
# F:\ # Removable Drive # 981.05 MB (978.48 MB free) # FAT32
# G:\ # Removable Drive # 1.88 GB (1.87 GB free) # FAT
############################## | Active Processes |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Startup Registry |
R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
R1 - HKCU\..\Main: "Start Page"="https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl"
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="Administrator"
F2 - HKLM\..\logon:"AltDefaultUserName"="Administrator"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: MsmqIntCert=regsvr32 /s mqrt.dll
04 - HKLM\..\Run: SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
04 - HKLM\..\Run: PTHOSTTR=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
04 - HKLM\..\Run: DLA=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
04 - HKLM\..\Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run: igfxtray=C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\..\Run: igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\..\Run: igfxpers=C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\..\Run: hpWirelessAssistant=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
04 - HKLM\..\Run: CognizanceTS=rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
04 - HKLM\..\Run: QlbCtrl=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
04 - HKLM\..\Run: Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe
04 - HKLM\..\Run: Recguard=C:\WINDOWS\Sminst\Recguard.exe
04 - HKLM\..\Run: Reminder=C:\WINDOWS\Creator\Remind_XP.exe
04 - HKLM\..\Run: Scheduler=C:\WINDOWS\SMINST\Scheduler.exe
04 - HKLM\..\Run: WatchDog=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
04 - HKLM\..\Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run: BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
04 - HKLM\..\Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\Run: SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKCU\..\Run: swg#C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe#
04 - HKCU\..\Run: ctfmon.exe#C:\WINDOWS\system32\ctfmon.exe#
04 - HKCU\..\Run: cdoosoft#C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe#
################## | Files # Infected Folders |
Present! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmdfgds0.dll
Present! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmdfgds1.dll
Present! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe
################## | C:\Documents and Settings\Administrator\Temporary Internet Files |
Present! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eauninstall.exe
################## | All Drives ... |
C:\autorun.inf # -> called file: "C:\86l2qw.bat" ( Absent ! )
Present! C:\autorun.inf
E:\autorun.inf # -> called file: "E:\86l2qw.bat" ( Absent ! )
Present! E:\autorun.inf
F:\autorun.inf # -> called file: "F:\86l2qw.bat" ( Present ! )
Present! F:\autorun.inf
G:\autorun.inf # -> called file: "G:\86l2qw.bat" ( Present ! )
Present! G:\autorun.inf
################## | Registry # Infected Run Keys |
Present! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Present! HKU\S-1-5-21-2782306073-1845761726-2154029074-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Present! HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
Present! HKLM\SYSTEM\ControlSet001\Services\AVPsys
Present! HKLM\SYSTEM\ControlSet003\Services\AVPsys
Present! HKLM\SYSTEM\ControlSet004\Services\AVPsys
Present! HKLM\software\microsoft\security center "AntiVirusDisableNotify" ( 0x1 )
Present! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 )
################## | Registry # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\F
Shell\AutoRun\command =F:\86l2qw.bat
Shell\open\Command =F:\86l2qw.bat
HKCU\..\..\Explorer\MountPoints2\{031bb4bd-0cb1-11dd-9828-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{06f8966e-f078-11dc-9816-001641bb2538}
Shell\AutoRun\command =F:\86l2qw.bat
Shell\open\Command =F:\86l2qw.bat
HKCU\..\..\Explorer\MountPoints2\{0f1408cf-e920-11dc-9808-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{27ca3d06-97d6-11dd-987e-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{2d066f0e-d878-11dc-97f3-001641bb2538}
Shell\AutoRun\command =G:\3wcxx91.cmd
Shell\explore\Command =G:\3wcxx91.cmd
Shell\open\Command =G:\3wcxx91.cmd
HKCU\..\..\Explorer\MountPoints2\{2de7ef00-9ad1-11dd-9883-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{3bcec8cc-3eac-11dd-9859-001641bb2538}
Shell\AutoRun\command =jfvkcsy.bat
Shell\explore\Command =jfvkcsy.bat
Shell\open\Command =jfvkcsy.bat
HKCU\..\..\Explorer\MountPoints2\{3cde993d-fa46-11db-9752-001641bb2538}
Shell\Auto\command =F:\bittorrent.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
HKCU\..\..\Explorer\MountPoints2\{4b041f94-f4c9-11dc-981a-001641bb2538}
Shell\Auto\command =G:\bittorrent.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
HKCU\..\..\Explorer\MountPoints2\{7c554e88-d40f-11db-9732-001641bb2538}
Shell\Auto\command =F:\bittorrent.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
HKCU\..\..\Explorer\MountPoints2\{97694884-e181-11dc-97fe-001641bb2538}
Shell\AutoRun\command =G:\3o.exe
Shell\explore\Command =G:\3o.exe
Shell\open\Command =G:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{97694885-e181-11dc-97fe-001641bb2538}
Shell\AutoRun\command =H:\3o.exe
Shell\explore\Command =H:\3o.exe
Shell\open\Command =H:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{a4e7e55a-106c-11dd-982a-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{ab3583dc-91bc-11dc-97b5-001641bb2538}
Shell\Auto\command =bittorrent.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
HKCU\..\..\Explorer\MountPoints2\{bcf813e3-107e-11dd-982c-001641bb2538}
Shell\Auto\command =F:\RavMonE.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
HKCU\..\..\Explorer\MountPoints2\{bcf813e4-107e-11dd-982c-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{c616d7b4-eb95-11dc-980d-001641bb2538}
Shell\AutoRun\command =wd_windows_tools\setup.exe
HKCU\..\..\Explorer\MountPoints2\{c780ec37-15c7-11dc-9767-001641bb2538}
Shell\AutoRun\command =G:\3o.exe
Shell\explore\Command =G:\3o.exe
Shell\open\Command =G:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{ca27424a-d5a4-11dd-98b4-001641bb2538}
Shell\AutoRun\command =G:\86l2qw.bat
Shell\open\Command =G:\86l2qw.bat
HKCU\..\..\Explorer\MountPoints2\{edb260d8-ccf9-11db-972f-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
HKCU\..\..\Explorer\MountPoints2\{f22c7444-ffc9-11dc-9821-001641bb2538}
Shell\AutoRun\command =F:\3o.exe
Shell\explore\Command =F:\3o.exe
Shell\open\Command =F:\3o.exe
################## | Status / Services / Information |
# Display hidden files : OK
# Safe mode : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! End of report # FindyKill V6.006 ! |
re,
everything is fine ... =)
I recommend you uninstall Avast properly, and opt for AntiVir (more efficient, lighter, free, and in French).
AntiVir setup tutorial > http://www.commentcamarche.net/faq/sujet 16831 optimal configuration tutorial for antivir personal
=====================================
You need a resident anti-spyware to support your AV. Choose one of these (it's free ;) ):
Download Spyware Terminator:
http://www.commentcamarche.net/telecharger/telecharger 34055170 spyware terminator
But be careful; during installation, you must uncheck the box for:
"allow Web Security Guard"
Do not accept 'Web Security Guard'!!
Regularly check for updates.
Activate real-time protection like this: http://img220.imageshack.us/img220/1985/screenshot269jn3.png
and like this in the "Advanced" tab http://img223.imageshack.us/img223/19/screenshot270fm3.png (HIPS enabled).
Note ==> Note the 'LANGUAGE' function ;) ==> it is here: http://img146.imageshack.us/img146/8679/screenshot271db0.png
Spyware Terminator tutorial:
https://www.malekal.com/tutorial-et-guide-spywareterminator/
Note: if you don't have an antivirus, Spyware Terminator also includes one.
/!\ If you already have an antivirus, do not enable "Clam Antivirus" (only one active antivirus per PC):
->http://img210.imageshack.us/img210/3191/screenshot272kq3.png )
OR ************************************************
SpywareBlaster + SpywareGuard:
* SpywareBlaster:
http://www.brightfort.com/spywareblaster.html
it is purely resident (no scanning possible). Just update it from time to time as the free version does not do it automatically; once installed and updated, enable all protections on "enable"
tutorial: https://www.malekal.com/tutorial-spywareblaster/
* SpywareGuard:
SpywareGuard provides real-time protection against spyware installation attempts.
http://www.commentcamarche.net/telecharger/telecharger 34055277 spywareguard
Tutorial: https://www.zebulon.fr/dossiers/securite/47-spywareguard.html
(check for updates / "live update" regularly)
========================
========================
========================
Glad to have been of service ... ^^
Consider these few recommendations:
=> Behaviors to adopt with your PC: http://assiste.com.free.fr/p/abc/a/safe_cex.html
and why (example): http://assiste.com.free.fr/p/abc/a/zombies_et_botnets.html
=> Monitoring:
Perform regular scans (once every two weeks, for example) with your antivirus and then with your anti-spyware (after updating them, of course!) and delete what they can find (or quarantine it, remembering to empty it later).
=> It is absolutely essential to keep Windows updated regularly:
Via Internet Explorer (mandatory), go to Microsoft Update
http://www.update.microsoft.com/windowsupdate/v6/default.aspx
Perform all proposed critical updates.
You will be required to restart your PC and return to the update function until nothing is reported anymore.
After that, check that Windows updates are indeed set to automatic; to do this:
Start / Control Panel and in Security Center, click on Automatic Updates, then check Automatic installation (recommended), below specify a time when you are usually connected, then click Apply and then OK
=============================================================
=> You must also regularly update Java console:
(Why: http://www.secuser.com/vulnerabilite/2008/080305-java.htm)
So to do this, go to https://www.java.com/fr/download/manual.jsp and download the latest version (if your current version is not up to date) or here https://filehippo.com/download_jre_32/?ex=CORE-116.0
After installing the latest version, uninstall the old versions (of Java) to eliminate security vulnerabilities present in these old versions.
via Start / Settings / Control Panel / and in Add/Remove Programs navigate to the old versions of the Java console present there, then click on “Remove,” follow the prompts in the dialog box that will open to complete the uninstallation.
Do this for each of them, one by one, restart your PC when prompted.
Then go back to Java above and click on the "Verify installation" button to ensure everything is in order.
Another tip: http://www.commentcamarche.net/faq/sujet 15645 javara essential
=============================================================
=> To avoid other security vulnerabilities of the various programs on your PC:
Check for updates for the various software regularly here and update whatever is not. https://www.flexera.com/products/operations/software-vulnerability-management.html
- Tutorial https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/
- Another option, subscribe for free to "the weekly newsletter from secuser.com" here http://www.secuser.com/ at the bottom left of the page.
-> another very good similar software in this tip:
http://www.commentcamarche.net/faq/sujet 9908 update checker are your software up to date
===========================================================
* the XP firewall is worthless, I strongly advise you to install one:
( Important> if your antivirus also acts as a firewall, do not install another! conflicts and crashes assured!)
Armor or Comodo are very good (in English but free)...You will find everything you need here:
http://www.commentcamarche.net/telecharger/logiciel 38 firewall
tutorials:
https://www.malekal.com/tutorial-online-armor-free/
https://www.malekal.com/tutorial-comodo-firewall/
(Warning: for Comodo 3, do not install the toolbar for browsers!)
As a second option (also free):
->Comodo old version 2.4 (in French):
http://download.comodo.com/cpf/download/setups/release/languages/CFP_Setup_English_French_2.4.16.174.exe
tutorial: https://infomars.fr/forum/index.php?s=908072e48ff7cf0359366440cb26c93f&showtopic=389
->PC Tools Firewall Plus (in French):
https://fr.norton.com/
Tutorial: http://www.6ma.fr/tuto/utilisation-pc-tools-firewall-plus/
(Note: make sure to disable the Windows firewall before launching the installation of any other firewall!)
* test the effectiveness of your firewall here (for informational purposes):
http://www.zebulon.fr/outils/scanports/test-securite.php
* firewall tests: http://www.matousec.com/index.html
=> A complement to the firewall to close risky ports (dangerous if left open):
ZebProtect (an application that does not require installation to launch and configure only once) http://telechargement.zebulon.fr/123.html
-Tutorial https://www.zebulon.fr/dossiers/autres/40-zebprotect.html
================================================================
For better security while browsing:
* I recommend using the browser "FireFox":
download it here -> http://www.mozilla-europe.org/fr/
or -> http://www.commentcamarche.net/telecharger/telecharger 111 firefox
(Warning: always keep IE on your PC! It is essential for system updates as well as for many things like online antivirus scans, etc...)
-> Tutorial to secure Firefox:
https://www.malekal.com/securiser-le-navigateur-web-firefox-2/
https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/
* you can install this Add-ons: WOT (free / compatible with IE and FireFox)
-> Firefox https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp - IE https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
-> Demo: http://www.mywot.com/fr/demo
Very simple and light, WOT provides an overview of the danger and reliability of the sites provided by search engines like Google or Live Search.
> http://www.commentcamarche.net/faq/sujet 15620 wot web of trust essential for the informed internet user
* Noscript is another "Add-ons" (for Firefox) that prevents the execution of scripts from websites.
It stops the installation of malicious software via Flash, Java, JavaScript, and other entry points:
http://www.geekstogo.com/forum/redirect.php?url=http%3A%2F%2Fwww.noscript.net
=================================================================
=> Reminder on the main causes of infection:
* The use of cracks or keygens is prohibited, as well as browsing sites that offer them:
The dangers of cracks: http://forum.malekal.com/ftopic893.php
-> The crack in all its splendor, the journal of an expected infection:
https://forum.zebulon.fr/topic/93281-pr%C3%A9vention-le-crack-dans-toute-sa-splendeur/
-> Current scourges via pseudo cracks on the P2P network: Virut/Scrible!
> https://www.futura-sciences.com/tech/actualites/informatique-virut-scribble-retour-infection-redoutable-18310/
* P2P (the use of software like eMule, Shareaza, LimeWire, BitTorrent):
The consequences of P2P: https://forum.zebulon.fr/topic/85544-pr%C3%A9vention-le-p2p-et-ses-cons%C3%A9quences/
Why avoid P2P (eMule, Shareaza, Kazaa, etc.):
> http://www.libellules.ch/...
> http://www.speedweb1.org/forum-tesgaz/viewtopic.php?t=1793
> https://lexpansion.lexpress.fr/actualite-economique/
* Be careful with ActiveX:
http://assiste.com.free.fr/p/abc/a/activex_dangers.html
and how:
http://assiste.com.free.fr/p/abc/c/anti_activex.html
* Prevention on two other types of current infections:
MSN prevention:
https://forum.zebulon.fr/topic/130590-infection-par-msn-ou-wlm/
-> another growing danger, "phishing" (i.e., fraud):
http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte
Infection via removable media (USB keys, flash drives, external hard drives, etc.):
https://forum.zebulon.fr/topic/131959-infections-par-supports-amovibles/
https://forum.malekal.com/viewtopic.php?f=45&t=5544
* Reminder on using a pirated version of Windows:
http://www.commentcamarche.net/faq/sujet 2981 I am using a pirated version of windows
=================================================================
Good to know:
* The "Recovery Console" (XP):
in the face of new threats (boot sector attacks, for example), the Recovery Console may be the only solution to restore a seriously damaged and particularly unstable system.
tutorials here:
https://www.pcastuces.com/pratique/windows/xp/console_recuperation/page1.htm .
https://www.informatruc.com
Vista equivalent: http://www.forum-vista.net/forum/
* Keep a backup of important files (on CD/DVD, external hard drive, etc.).
* Do not download just anything, avoid free programs like smileys, Macrogaming\SweetIM, Boonty games, etc.
* Analyze received/downloaded files:
For P2P enthusiasts (which I strongly discourage), always analyze downloaded files with the antivirus, the anti-spyware/malware on the PC before
everything is fine ... =)
I recommend you uninstall Avast properly, and opt for AntiVir (more efficient, lighter, free, and in French).
AntiVir setup tutorial > http://www.commentcamarche.net/faq/sujet 16831 optimal configuration tutorial for antivir personal
=====================================
You need a resident anti-spyware to support your AV. Choose one of these (it's free ;) ):
Download Spyware Terminator:
http://www.commentcamarche.net/telecharger/telecharger 34055170 spyware terminator
But be careful; during installation, you must uncheck the box for:
"allow Web Security Guard"
Do not accept 'Web Security Guard'!!
Regularly check for updates.
Activate real-time protection like this: http://img220.imageshack.us/img220/1985/screenshot269jn3.png
and like this in the "Advanced" tab http://img223.imageshack.us/img223/19/screenshot270fm3.png (HIPS enabled).
Note ==> Note the 'LANGUAGE' function ;) ==> it is here: http://img146.imageshack.us/img146/8679/screenshot271db0.png
Spyware Terminator tutorial:
https://www.malekal.com/tutorial-et-guide-spywareterminator/
Note: if you don't have an antivirus, Spyware Terminator also includes one.
/!\ If you already have an antivirus, do not enable "Clam Antivirus" (only one active antivirus per PC):
->http://img210.imageshack.us/img210/3191/screenshot272kq3.png )
OR ************************************************
SpywareBlaster + SpywareGuard:
* SpywareBlaster:
http://www.brightfort.com/spywareblaster.html
it is purely resident (no scanning possible). Just update it from time to time as the free version does not do it automatically; once installed and updated, enable all protections on "enable"
tutorial: https://www.malekal.com/tutorial-spywareblaster/
* SpywareGuard:
SpywareGuard provides real-time protection against spyware installation attempts.
http://www.commentcamarche.net/telecharger/telecharger 34055277 spywareguard
Tutorial: https://www.zebulon.fr/dossiers/securite/47-spywareguard.html
(check for updates / "live update" regularly)
========================
========================
========================
Glad to have been of service ... ^^
Consider these few recommendations:
=> Behaviors to adopt with your PC: http://assiste.com.free.fr/p/abc/a/safe_cex.html
and why (example): http://assiste.com.free.fr/p/abc/a/zombies_et_botnets.html
=> Monitoring:
Perform regular scans (once every two weeks, for example) with your antivirus and then with your anti-spyware (after updating them, of course!) and delete what they can find (or quarantine it, remembering to empty it later).
=> It is absolutely essential to keep Windows updated regularly:
Via Internet Explorer (mandatory), go to Microsoft Update
http://www.update.microsoft.com/windowsupdate/v6/default.aspx
Perform all proposed critical updates.
You will be required to restart your PC and return to the update function until nothing is reported anymore.
After that, check that Windows updates are indeed set to automatic; to do this:
Start / Control Panel and in Security Center, click on Automatic Updates, then check Automatic installation (recommended), below specify a time when you are usually connected, then click Apply and then OK
=============================================================
=> You must also regularly update Java console:
(Why: http://www.secuser.com/vulnerabilite/2008/080305-java.htm)
So to do this, go to https://www.java.com/fr/download/manual.jsp and download the latest version (if your current version is not up to date) or here https://filehippo.com/download_jre_32/?ex=CORE-116.0
After installing the latest version, uninstall the old versions (of Java) to eliminate security vulnerabilities present in these old versions.
via Start / Settings / Control Panel / and in Add/Remove Programs navigate to the old versions of the Java console present there, then click on “Remove,” follow the prompts in the dialog box that will open to complete the uninstallation.
Do this for each of them, one by one, restart your PC when prompted.
Then go back to Java above and click on the "Verify installation" button to ensure everything is in order.
Another tip: http://www.commentcamarche.net/faq/sujet 15645 javara essential
=============================================================
=> To avoid other security vulnerabilities of the various programs on your PC:
Check for updates for the various software regularly here and update whatever is not. https://www.flexera.com/products/operations/software-vulnerability-management.html
- Tutorial https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/
- Another option, subscribe for free to "the weekly newsletter from secuser.com" here http://www.secuser.com/ at the bottom left of the page.
-> another very good similar software in this tip:
http://www.commentcamarche.net/faq/sujet 9908 update checker are your software up to date
===========================================================
* the XP firewall is worthless, I strongly advise you to install one:
( Important> if your antivirus also acts as a firewall, do not install another! conflicts and crashes assured!)
Armor or Comodo are very good (in English but free)...You will find everything you need here:
http://www.commentcamarche.net/telecharger/logiciel 38 firewall
tutorials:
https://www.malekal.com/tutorial-online-armor-free/
https://www.malekal.com/tutorial-comodo-firewall/
(Warning: for Comodo 3, do not install the toolbar for browsers!)
As a second option (also free):
->Comodo old version 2.4 (in French):
http://download.comodo.com/cpf/download/setups/release/languages/CFP_Setup_English_French_2.4.16.174.exe
tutorial: https://infomars.fr/forum/index.php?s=908072e48ff7cf0359366440cb26c93f&showtopic=389
->PC Tools Firewall Plus (in French):
https://fr.norton.com/
Tutorial: http://www.6ma.fr/tuto/utilisation-pc-tools-firewall-plus/
(Note: make sure to disable the Windows firewall before launching the installation of any other firewall!)
* test the effectiveness of your firewall here (for informational purposes):
http://www.zebulon.fr/outils/scanports/test-securite.php
* firewall tests: http://www.matousec.com/index.html
=> A complement to the firewall to close risky ports (dangerous if left open):
ZebProtect (an application that does not require installation to launch and configure only once) http://telechargement.zebulon.fr/123.html
-Tutorial https://www.zebulon.fr/dossiers/autres/40-zebprotect.html
================================================================
For better security while browsing:
* I recommend using the browser "FireFox":
download it here -> http://www.mozilla-europe.org/fr/
or -> http://www.commentcamarche.net/telecharger/telecharger 111 firefox
(Warning: always keep IE on your PC! It is essential for system updates as well as for many things like online antivirus scans, etc...)
-> Tutorial to secure Firefox:
https://www.malekal.com/securiser-le-navigateur-web-firefox-2/
https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/
* you can install this Add-ons: WOT (free / compatible with IE and FireFox)
-> Firefox https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp - IE https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
-> Demo: http://www.mywot.com/fr/demo
Very simple and light, WOT provides an overview of the danger and reliability of the sites provided by search engines like Google or Live Search.
> http://www.commentcamarche.net/faq/sujet 15620 wot web of trust essential for the informed internet user
* Noscript is another "Add-ons" (for Firefox) that prevents the execution of scripts from websites.
It stops the installation of malicious software via Flash, Java, JavaScript, and other entry points:
http://www.geekstogo.com/forum/redirect.php?url=http%3A%2F%2Fwww.noscript.net
=================================================================
=> Reminder on the main causes of infection:
* The use of cracks or keygens is prohibited, as well as browsing sites that offer them:
The dangers of cracks: http://forum.malekal.com/ftopic893.php
-> The crack in all its splendor, the journal of an expected infection:
https://forum.zebulon.fr/topic/93281-pr%C3%A9vention-le-crack-dans-toute-sa-splendeur/
-> Current scourges via pseudo cracks on the P2P network: Virut/Scrible!
> https://www.futura-sciences.com/tech/actualites/informatique-virut-scribble-retour-infection-redoutable-18310/
* P2P (the use of software like eMule, Shareaza, LimeWire, BitTorrent):
The consequences of P2P: https://forum.zebulon.fr/topic/85544-pr%C3%A9vention-le-p2p-et-ses-cons%C3%A9quences/
Why avoid P2P (eMule, Shareaza, Kazaa, etc.):
> http://www.libellules.ch/...
> http://www.speedweb1.org/forum-tesgaz/viewtopic.php?t=1793
> https://lexpansion.lexpress.fr/actualite-economique/
* Be careful with ActiveX:
http://assiste.com.free.fr/p/abc/a/activex_dangers.html
and how:
http://assiste.com.free.fr/p/abc/c/anti_activex.html
* Prevention on two other types of current infections:
MSN prevention:
https://forum.zebulon.fr/topic/130590-infection-par-msn-ou-wlm/
-> another growing danger, "phishing" (i.e., fraud):
http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte
Infection via removable media (USB keys, flash drives, external hard drives, etc.):
https://forum.zebulon.fr/topic/131959-infections-par-supports-amovibles/
https://forum.malekal.com/viewtopic.php?f=45&t=5544
* Reminder on using a pirated version of Windows:
http://www.commentcamarche.net/faq/sujet 2981 I am using a pirated version of windows
=================================================================
Good to know:
* The "Recovery Console" (XP):
in the face of new threats (boot sector attacks, for example), the Recovery Console may be the only solution to restore a seriously damaged and particularly unstable system.
tutorials here:
https://www.pcastuces.com/pratique/windows/xp/console_recuperation/page1.htm .
https://www.informatruc.com
Vista equivalent: http://www.forum-vista.net/forum/
* Keep a backup of important files (on CD/DVD, external hard drive, etc.).
* Do not download just anything, avoid free programs like smileys, Macrogaming\SweetIM, Boonty games, etc.
* Analyze received/downloaded files:
For P2P enthusiasts (which I strongly discourage), always analyze downloaded files with the antivirus, the anti-spyware/malware on the PC before
Ske, to be honest, a big thank you for all the time you’ve spent with me over the past week.
Quick and efficient responses at any hour for a perfect result (so far).
But tell me, you know a lot of things; how do you know all this? Is it your job?
Otherwise, I properly uninstalled Avast and installed Avira and Spyware Terminator. Since the photo wouldn't open
I checked "bases" for the real-time shield protection level, and I activated HIPS application control on low security level. Should I leave it like that?
Last couple of questions and then I’ll leave you alone:
- Can I reuse my USB drives without worry?
- Is the restore point I created at the end definitely safe?
That's pretty much everything that's on my mind.
Thanks again, and I’ll keep you in my contacts if I have any issues. Talk later!
Quick and efficient responses at any hour for a perfect result (so far).
But tell me, you know a lot of things; how do you know all this? Is it your job?
Otherwise, I properly uninstalled Avast and installed Avira and Spyware Terminator. Since the photo wouldn't open
I checked "bases" for the real-time shield protection level, and I activated HIPS application control on low security level. Should I leave it like that?
Last couple of questions and then I’ll leave you alone:
- Can I reuse my USB drives without worry?
- Is the restore point I created at the end definitely safe?
That's pretty much everything that's on my mind.
Thanks again, and I’ll keep you in my contacts if I have any issues. Talk later!
Re,
I'm trying that this week
try, no ... do it yes! ... this first operation is just a diagnostic ... once the reports are posted, we'll tackle the cleaning ...
it can't be more serious, just recovering my online gaming codes, I'm thinking about the email address and other sites?
> normally, we ... but it's an infection that evolves very quickly ... the latest variants go further ... I don't know ... but in any case, do not keep this crap on the PC ... And it may not be the only infection ....
I'm therefore waiting for the requested reports ....
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don't think you're in the clear until
someone tells you!
I'm trying that this week
try, no ... do it yes! ... this first operation is just a diagnostic ... once the reports are posted, we'll tackle the cleaning ...
it can't be more serious, just recovering my online gaming codes, I'm thinking about the email address and other sites?
> normally, we ... but it's an infection that evolves very quickly ... the latest variants go further ... I don't know ... but in any case, do not keep this crap on the PC ... And it may not be the only infection ....
I'm therefore waiting for the requested reports ....
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don't think you're in the clear until
someone tells you!
Hello
Here are the results sked:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-15 13:50:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (27%) free of 31 GB
Total RAM: 503 MB (31% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Helper for Adobe PDF Reader link - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-25 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-22 17920]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-05-08 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 184320]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-05 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"cdoosoft"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe [2009-07-08 110096]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-25 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-09-17 210168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
AsWlnPkg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"BackupNoCDBurning"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Soulseek-Test\slsk.exe"="C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\86l2qw.bat
shell\open\command - F:\86l2qw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{031bb4bd-0cb1-11dd-9828-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06f8966e-f078-11dc-9816-001641bb2538}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f1408cf-e920-11dc-9808-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27ca3d06-97d6-11dd-987e-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d066f0e-d878-11dc-97f3-001641bb2538}]
shell\AutoRun\command - G:\3wcxx91.cmd
shell\explore\command - G:\3wcxx91.cmd
shell\open\command - G:\3wcxx91.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2de7ef00-9ad1-11dd-9883-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bcec8cc-3eac-11dd-9859-001641bb2538}]
shell\AutoRun\command - jfvkcsy.bat
shell\explore\command - jfvkcsy.bat
shell\open\command - jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cde993d-fa46-11db-9752-001641bb2538}]
shell\Auto\command - F:\bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b041f94-f4c9-11dc-981a-001641bb2538}]
shell\Auto\command - G:\bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c554e88-d40f-11db-9732-001641bb2538}]
shell\Auto\command - F:\bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97694884-e181-11dc-97fe-001641bb2538}]
shell\AutoRun\command - G:\3o.exe
shell\explore\command - G:\3o.exe
shell\open\command - G:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97694885-e181-11dc-97fe-001641bb2538}]
shell\AutoRun\command - H:\3o.exe
shell\explore\command - H:\3o.exe
shell\open\command - H:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4e7e55a-106c-11dd-982a-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab3583dc-91bc-11dc-97b5-001641bb2538}]
shell\Auto\command - bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcf813e3-107e-11dd-982c-001641bb2538}]
shell\Auto\command - F:\RavMonE.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcf813e4-107e-11dd-982c-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c616d7b4-eb95-11dc-980d-001641bb2538}]
shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c780ec37-15c7-11dc-9767-001641bb2538}]
shell\AutoRun\command - G:\3o.exe
shell\explore\command - G:\3o.exe
shell\open\command - G:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27424a-d5a4-11dd-98b4-001641bb2538}]
shell\AutoRun\command - G:\86l2qw.bat
shell\open\command - G:\86l2qw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edb260d8-ccf9-11db-972f-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f22c7444-ffc9-11dc-9821-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
======File associations======
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 2 months======
2009-07-15 13:50:54 ----D---- C:\rsit
2009-07-15 13:45:54 ----D---- C:\WINDOWS\LastGood
2009-07-14 16:02:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-07-14 16:01:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-14 16:01:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-02 22:15:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-11 17:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 17:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 17:10:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 17:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
======List of files/folders modified in the last 2 months======
2009-07-15 13:50:56 ----D---- C:\WINDOWS\Prefetch
2009-07-15 13:47:14 ----D---- C:\WINDOWS\Temp
2009-07-15 13:46:28 ----HD---- C:\WINDOWS\inf
2009-07-15 13:46:16 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-15 13:46:15 ----D---- C:\WINDOWS
2009-07-15 13:45:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-15 13:45:40 ----SD---- C:\WINDOWS\Tasks
2009-07-15 13:43:43 ----D---- C:\WINDOWS\system32
2009-07-15 13:43:09 ----D---- C:\WINDOWS\SMINST
2009-07-14 20:43:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-14 16:01:35 ----D---- C:\WINDOWS\system32\drivers
2009-07-14 16:01:26 ----RD---- C:\Program Files
2009-07-14 15:33:48 ----D---- C:\WINDOWS\Minidump
2009-07-13 23:03:34 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-08 18:42:33 ----SHD---- C:\WINDOWS\Installer
2009-07-08 18:42:33 ----HD---- C:\Config.Msi
2009-07-08 18:42:28 ----D---- C:\Program Files\Google
2009-07-03 17:54:46 ----D---- C:\Program Files\eMule
2009-07-03 00:03:26 ----D---- C:\Program Files\Soulseek
2009-07-02 22:17:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Google
2009-06-11 17:12:14 ----A---- C:\WINDOWS\imsins.BAK
2009-06-11 17:10:39 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-11 17:10:39 ----D---- C:\Program Files\Internet Explorer
2009-06-11 17:10:28 ----D---- C:\WINDOWS\ie7updates
2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;HID Keyboard Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-31 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-31 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-31 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-31 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-31 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-31 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-31 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-07-31 1155584]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-02-09 45312]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-18 401664]
R3 BTKRNL;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-18 1342570]
R3 CmBatt;Microsoft ACPI Compliant Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192736]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 Arp1394;ARP 1394 Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-30 130432]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-02-09 142720]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-18 30363]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Personal Area Network Device; C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth Local Area Network Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-18 148168]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-01-18 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-18 57096]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;HPZid412 IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 NIC1394;1394 Network Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Rasirda;Extended Network Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RFCOMM;Bluetooth Device (RFCOMM protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB Printer Class Driver; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scannner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-18 258103]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-20 49152]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message
Here are the results sked:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-15 13:50:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (27%) free of 31 GB
Total RAM: 503 MB (31% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Helper for Adobe PDF Reader link - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-25 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-22 17920]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-05-08 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 184320]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-05 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"cdoosoft"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe [2009-07-08 110096]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-25 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-09-17 210168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
AsWlnPkg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"BackupNoCDBurning"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Soulseek-Test\slsk.exe"="C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\86l2qw.bat
shell\open\command - F:\86l2qw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{031bb4bd-0cb1-11dd-9828-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06f8966e-f078-11dc-9816-001641bb2538}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f1408cf-e920-11dc-9808-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27ca3d06-97d6-11dd-987e-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d066f0e-d878-11dc-97f3-001641bb2538}]
shell\AutoRun\command - G:\3wcxx91.cmd
shell\explore\command - G:\3wcxx91.cmd
shell\open\command - G:\3wcxx91.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2de7ef00-9ad1-11dd-9883-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bcec8cc-3eac-11dd-9859-001641bb2538}]
shell\AutoRun\command - jfvkcsy.bat
shell\explore\command - jfvkcsy.bat
shell\open\command - jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cde993d-fa46-11db-9752-001641bb2538}]
shell\Auto\command - F:\bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b041f94-f4c9-11dc-981a-001641bb2538}]
shell\Auto\command - G:\bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c554e88-d40f-11db-9732-001641bb2538}]
shell\Auto\command - F:\bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97694884-e181-11dc-97fe-001641bb2538}]
shell\AutoRun\command - G:\3o.exe
shell\explore\command - G:\3o.exe
shell\open\command - G:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97694885-e181-11dc-97fe-001641bb2538}]
shell\AutoRun\command - H:\3o.exe
shell\explore\command - H:\3o.exe
shell\open\command - H:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4e7e55a-106c-11dd-982a-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab3583dc-91bc-11dc-97b5-001641bb2538}]
shell\Auto\command - bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcf813e3-107e-11dd-982c-001641bb2538}]
shell\Auto\command - F:\RavMonE.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcf813e4-107e-11dd-982c-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c616d7b4-eb95-11dc-980d-001641bb2538}]
shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c780ec37-15c7-11dc-9767-001641bb2538}]
shell\AutoRun\command - G:\3o.exe
shell\explore\command - G:\3o.exe
shell\open\command - G:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27424a-d5a4-11dd-98b4-001641bb2538}]
shell\AutoRun\command - G:\86l2qw.bat
shell\open\command - G:\86l2qw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edb260d8-ccf9-11db-972f-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f22c7444-ffc9-11dc-9821-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
======File associations======
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 2 months======
2009-07-15 13:50:54 ----D---- C:\rsit
2009-07-15 13:45:54 ----D---- C:\WINDOWS\LastGood
2009-07-14 16:02:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-07-14 16:01:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-14 16:01:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-02 22:15:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-11 17:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 17:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 17:10:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 17:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
======List of files/folders modified in the last 2 months======
2009-07-15 13:50:56 ----D---- C:\WINDOWS\Prefetch
2009-07-15 13:47:14 ----D---- C:\WINDOWS\Temp
2009-07-15 13:46:28 ----HD---- C:\WINDOWS\inf
2009-07-15 13:46:16 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-15 13:46:15 ----D---- C:\WINDOWS
2009-07-15 13:45:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-15 13:45:40 ----SD---- C:\WINDOWS\Tasks
2009-07-15 13:43:43 ----D---- C:\WINDOWS\system32
2009-07-15 13:43:09 ----D---- C:\WINDOWS\SMINST
2009-07-14 20:43:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-14 16:01:35 ----D---- C:\WINDOWS\system32\drivers
2009-07-14 16:01:26 ----RD---- C:\Program Files
2009-07-14 15:33:48 ----D---- C:\WINDOWS\Minidump
2009-07-13 23:03:34 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-08 18:42:33 ----SHD---- C:\WINDOWS\Installer
2009-07-08 18:42:33 ----HD---- C:\Config.Msi
2009-07-08 18:42:28 ----D---- C:\Program Files\Google
2009-07-03 17:54:46 ----D---- C:\Program Files\eMule
2009-07-03 00:03:26 ----D---- C:\Program Files\Soulseek
2009-07-02 22:17:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Google
2009-06-11 17:12:14 ----A---- C:\WINDOWS\imsins.BAK
2009-06-11 17:10:39 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-11 17:10:39 ----D---- C:\Program Files\Internet Explorer
2009-06-11 17:10:28 ----D---- C:\WINDOWS\ie7updates
2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;HID Keyboard Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-31 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-31 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-31 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-31 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-31 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-31 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-31 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-07-31 1155584]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-02-09 45312]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-18 401664]
R3 BTKRNL;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-18 1342570]
R3 CmBatt;Microsoft ACPI Compliant Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192736]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-19 1428096]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 Arp1394;ARP 1394 Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-30 130432]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-02-09 142720]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-18 30363]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Personal Area Network Device; C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth Local Area Network Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-18 148168]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-01-18 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-18 57096]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;HPZid412 IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 NIC1394;1394 Network Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 Rasirda;Extended Network Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RFCOMM;Bluetooth Device (RFCOMM protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB Printer Class Driver; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scannner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-18 258103]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-20 49152]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message
And info:
info.txt logfile of random's system information tool 1.06 2009-07-15 13:51:17
======Uninstall list======
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{26DE0F0B-9CF1-4796-A1B5-01B912E35B46}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - French-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Agere Systems HDA Modem-->agrsmdel
Application Installer 4.00.B5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}\setup.exe" -l0x40c
WinRAR Archiver-->C:\Program Files\WinRAR\uninstall.exe
AutoCAD 2005 - French-->MsiExec.exe /I{5783F2D7-0301-040C-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
ConsumerUpdate-->MsiExec.exe /I{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}
Windows XP Hotfix (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
D-Jix Media Gold-->MsiExec.exe /X{0C44674A-71EC-4DCC-9D03-D74F5085B638}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
Full Pack Codecs-->C:\Program Files\Full Pack Codecs\uninst.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Documents and Settings\Administrator\Desktop\HijackThis.exe" /uninstall
HP BIOS Configuration for ProtectTools 2.00 E1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE052EF7-2640-48D7-8915-69B810D975CB}\Setup.exe" -l0x40c biosuninst
HP Credential Manager for ProtectTools-->MsiExec.exe /X{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}
HP Help and Support-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c -removeonly
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Notebook Accessories Product Tour-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}\setup.exe" -l0x9 -removeonly
HP ProtectTools Security Manager 2.00 C3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}\Setup.exe" -l0x40c -removeonly hpquninst
HP Quick Launch Buttons 6.00 H1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x40c -removeonly uninst
HP User Guides 0015-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB0781F5-06D2-49BB-87B5-00F3B834FC3B}\setup.exe" -l0x40c -removeonly
HP Wireless Assistant 2.00 E1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x40c hpquninst
Installation of HP Backup and Recovery Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x40c -uninst -removeonly
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Project Standard 2003-->MsiExec.exe /I{903A040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft XML Parser and SDK-->MsiExec.exe /I{2AEBE10C-D819-4EBF-BC60-03BF2327D340}
Security update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security update for Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security update for Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenOffice.org 2.0-->MsiExec.exe /I{752783F5-0CFC-44C3-9E1F-CAF17C4508E7}
Google Update Tool-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
WindowBlinds-->C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 090714-0]
======System event log======
Computer Name: PC270908708179
Event Code: 7036
Message: The Computer Browser service entered the state: stopped.
Record Number: 31978
Source Name: Service Control Manager
Time Written: 20090618120056.000000+120
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 7036
Message: The Application Layer Gateway Service entered the state: running.
Record Number: 31977
Source Name: Service Control Manager
Time Written: 20090618120054.000000+120
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 7035
Message: A Start control has been successfully sent to the Application Layer Gateway Service.
Record Number: 31976
Source Name: Service Control Manager
Time Written: 20090618120054.000000+120
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 7036
Message: The SSDP Discovery Service entered the state: running.
Record Number: 31975
Source Name: Service Control Manager
Time Written: 20090618120053.000000+120
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 7035
Message: A Start control has been successfully sent to the SSDP Discovery Service.
Record Number: 31974
Source Name: Service Control Manager
Time Written: 20090618120052.000000+120
Event Type: Information
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: PC270908708179
Event Code: 35
Message:
Record Number: 25995
Source Name: ccSetMgr
Time Written: 20081224133754.000000+060
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 34
Message:
Record Number: 25994
Source Name: ccSetMgr
Time Written: 20081224133754.000000+060
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 1517
Message: Windows has saved the user registry PC270908708179\Administrator while an application or service was still using the registry during logoff. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as user account, try to configure services to run under network service account or local service account.
Record Number: 25993
Source Name: Userenv
Time Written: 20081224133643.000000+060
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 0
Message:
Record Number: 25992
Source Name: LiveUpdate Notice Service
Time Written: 20081224133512.000000+060
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 11707
Message: Product: LiveUpdate Notice (Symantec Corporation) -- Installation completed.
Record Number: 25991
Source Name: MsiInstaller
Time Written: 20081224133512.000000+060
Event Type: Information
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\HPQ\IAM\bin;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-07-15 13:51:17
======Uninstall list======
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{26DE0F0B-9CF1-4796-A1B5-01B912E35B46}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - French-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Agere Systems HDA Modem-->agrsmdel
Application Installer 4.00.B5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}\setup.exe" -l0x40c
WinRAR Archiver-->C:\Program Files\WinRAR\uninstall.exe
AutoCAD 2005 - French-->MsiExec.exe /I{5783F2D7-0301-040C-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
ConsumerUpdate-->MsiExec.exe /I{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}
Windows XP Hotfix (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
D-Jix Media Gold-->MsiExec.exe /X{0C44674A-71EC-4DCC-9D03-D74F5085B638}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
Full Pack Codecs-->C:\Program Files\Full Pack Codecs\uninst.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Documents and Settings\Administrator\Desktop\HijackThis.exe" /uninstall
HP BIOS Configuration for ProtectTools 2.00 E1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE052EF7-2640-48D7-8915-69B810D975CB}\Setup.exe" -l0x40c biosuninst
HP Credential Manager for ProtectTools-->MsiExec.exe /X{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}
HP Help and Support-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c -removeonly
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Notebook Accessories Product Tour-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}\setup.exe" -l0x9 -removeonly
HP ProtectTools Security Manager 2.00 C3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}\Setup.exe" -l0x40c -removeonly hpquninst
HP Quick Launch Buttons 6.00 H1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x40c -removeonly uninst
HP User Guides 0015-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB0781F5-06D2-49BB-87B5-00F3B834FC3B}\setup.exe" -l0x40c -removeonly
HP Wireless Assistant 2.00 E1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x40c hpquninst
Installation of HP Backup and Recovery Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x40c -uninst -removeonly
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Project Standard 2003-->MsiExec.exe /I{903A040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft XML Parser and SDK-->MsiExec.exe /I{2AEBE10C-D819-4EBF-BC60-03BF2327D340}
Security update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security update for Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security update for Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenOffice.org 2.0-->MsiExec.exe /I{752783F5-0CFC-44C3-9E1F-CAF17C4508E7}
Google Update Tool-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
WindowBlinds-->C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 090714-0]
======System event log======
Computer Name: PC270908708179
Event Code: 7036
Message: The Computer Browser service entered the state: stopped.
Record Number: 31978
Source Name: Service Control Manager
Time Written: 20090618120056.000000+120
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 7036
Message: The Application Layer Gateway Service entered the state: running.
Record Number: 31977
Source Name: Service Control Manager
Time Written: 20090618120054.000000+120
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 7035
Message: A Start control has been successfully sent to the Application Layer Gateway Service.
Record Number: 31976
Source Name: Service Control Manager
Time Written: 20090618120054.000000+120
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 7036
Message: The SSDP Discovery Service entered the state: running.
Record Number: 31975
Source Name: Service Control Manager
Time Written: 20090618120053.000000+120
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 7035
Message: A Start control has been successfully sent to the SSDP Discovery Service.
Record Number: 31974
Source Name: Service Control Manager
Time Written: 20090618120052.000000+120
Event Type: Information
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: PC270908708179
Event Code: 35
Message:
Record Number: 25995
Source Name: ccSetMgr
Time Written: 20081224133754.000000+060
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 34
Message:
Record Number: 25994
Source Name: ccSetMgr
Time Written: 20081224133754.000000+060
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 1517
Message: Windows has saved the user registry PC270908708179\Administrator while an application or service was still using the registry during logoff. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as user account, try to configure services to run under network service account or local service account.
Record Number: 25993
Source Name: Userenv
Time Written: 20081224133643.000000+060
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 0
Message:
Record Number: 25992
Source Name: LiveUpdate Notice Service
Time Written: 20081224133512.000000+060
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 11707
Message: Product: LiveUpdate Notice (Symantec Corporation) -- Installation completed.
Record Number: 25991
Source Name: MsiInstaller
Time Written: 20081224133512.000000+060
Event Type: Information
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\HPQ\IAM\bin;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
And info:
info.txt logfile of random's system information tool 1.06 2009-07-15 13:51:17
======Uninstall list======
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{26DE0F0B-9CF1-4796-A1B5-01B912E35B46}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - French-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Agere Systems HDA Modem-->agrsmdel
Application Installer 4.00.B5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}\setup.exe" -l0x40c
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
AutoCAD 2005 - French-->MsiExec.exe /I{5783F2D7-0301-040C-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
ConsumerUpdate-->MsiExec.exe /I{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
D-Jix Media Gold-->MsiExec.exe /X{0C44674A-71EC-4DCC-9D03-D74F5085B638}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
Full Pack Codecs-->C:\Program Files\Full Pack Codecs\uninst.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe" /uninstall
HP BIOS Configuration for ProtectTools 2.00 E1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE052EF7-2640-48D7-8915-69B810D975CB}\Setup.exe" -l0x40c biosuninst
HP Credential Manager for ProtectTools-->MsiExec.exe /X{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}
HP Help and Support-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c -removeonly
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Notebook Accessories Product Tour-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}\setup.exe" -l0x9 -removeonly
HP ProtectTools Security Manager 2.00 C3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}\Setup.exe" -l0x40c -removeonly hpquninst
HP Quick Launch Buttons 6.00 H1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x40c -removeonly uninst
HP User Guides 0015-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB0781F5-06D2-49BB-87B5-00F3B834FC3B}\setup.exe" -l0x40c -removeonly
HP Wireless Assistant 2.00 E1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x40c hpquninst
Installation of HP Backup and Recovery Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x40c -uninst -removeonly
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Project Standard 2003-->MsiExec.exe /I{903A040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft XML Parser and SDK-->MsiExec.exe /I{2AEBE10C-D819-4EBF-BC60-03BF2327D340}
Security update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security update for Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security update for Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenOffice.org 2.0-->MsiExec.exe /I{752783F5-0CFC-44C3-9E1F-CAF17C4508E7}
Google Update Tool-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
WindowBlinds-->C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 090714-0]
======System event log======
Computer Name: PC270908708179
Event Code: 7036
Message: The Computer Explorer service has entered the state: stopped.
Record Number: 31978
Source Name: Service Control Manager
Time Written: 20090618120056.000000+120
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 7036
Message: The Application Layer Gateway Service has entered the state: running.
Record Number: 31977
Source Name: Service Control Manager
Time Written: 20090618120054.000000+120
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 7035
Message: A Start control has been successfully sent to the Application Layer Gateway Service.
Record Number: 31976
Source Name: Service Control Manager
Time Written: 20090618120054.000000+120
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 7036
Message: The SSDP Discovery Service has entered the state: running.
Record Number: 31975
Source Name: Service Control Manager
Time Written: 20090618120053.000000+120
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 7035
Message: A Start control has been successfully sent to the SSDP Discovery Service.
Record Number: 31974
Source Name: Service Control Manager
Time Written: 20090618120052.000000+120
Event Type: Information
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: PC270908708179
Event Code: 35
Message:
Record Number: 25995
Source Name: ccSetMgr
Time Written: 20081224133754.000000+060
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 34
Message:
Record Number: 25994
Source Name: ccSetMgr
Time Written: 20081224133754.000000+060
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 1517
Message: Windows has saved the user registry PC270908708179\Administrator while an application or service was still using the registry during logoff. The memory used by the user registry has not been released. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in the network service account or local service account.
Record Number: 25993
Source Name: Userenv
Time Written: 20081224133643.000000+060
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 0
Message:
Record Number: 25992
Source Name: LiveUpdate Notice Service
Time Written: 20081224133512.000000+060
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 11707
Message: Product: LiveUpdate Notice (Symantec Corporation) -- Installation completed.
Record Number: 25991
Source Name: MsiInstaller
Time Written: 20081224133512.000000+060
Event Type: Information
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\HPQ\IAM\bin;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322;C:\Program Files\Fichiers communs\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-07-15 13:51:17
======Uninstall list======
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{26DE0F0B-9CF1-4796-A1B5-01B912E35B46}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - French-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Agere Systems HDA Modem-->agrsmdel
Application Installer 4.00.B5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}\setup.exe" -l0x40c
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
AutoCAD 2005 - French-->MsiExec.exe /I{5783F2D7-0301-040C-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
ConsumerUpdate-->MsiExec.exe /I{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
D-Jix Media Gold-->MsiExec.exe /X{0C44674A-71EC-4DCC-9D03-D74F5085B638}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
Full Pack Codecs-->C:\Program Files\Full Pack Codecs\uninst.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe" /uninstall
HP BIOS Configuration for ProtectTools 2.00 E1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE052EF7-2640-48D7-8915-69B810D975CB}\Setup.exe" -l0x40c biosuninst
HP Credential Manager for ProtectTools-->MsiExec.exe /X{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}
HP Help and Support-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c -removeonly
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Notebook Accessories Product Tour-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}\setup.exe" -l0x9 -removeonly
HP ProtectTools Security Manager 2.00 C3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}\Setup.exe" -l0x40c -removeonly hpquninst
HP Quick Launch Buttons 6.00 H1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x40c -removeonly uninst
HP User Guides 0015-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB0781F5-06D2-49BB-87B5-00F3B834FC3B}\setup.exe" -l0x40c -removeonly
HP Wireless Assistant 2.00 E1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x40c hpquninst
Installation of HP Backup and Recovery Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x40c -uninst -removeonly
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Project Standard 2003-->MsiExec.exe /I{903A040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft XML Parser and SDK-->MsiExec.exe /I{2AEBE10C-D819-4EBF-BC60-03BF2327D340}
Security update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security update for Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security update for Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenOffice.org 2.0-->MsiExec.exe /I{752783F5-0CFC-44C3-9E1F-CAF17C4508E7}
Google Update Tool-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
WindowBlinds-->C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 090714-0]
======System event log======
Computer Name: PC270908708179
Event Code: 7036
Message: The Computer Explorer service has entered the state: stopped.
Record Number: 31978
Source Name: Service Control Manager
Time Written: 20090618120056.000000+120
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 7036
Message: The Application Layer Gateway Service has entered the state: running.
Record Number: 31977
Source Name: Service Control Manager
Time Written: 20090618120054.000000+120
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 7035
Message: A Start control has been successfully sent to the Application Layer Gateway Service.
Record Number: 31976
Source Name: Service Control Manager
Time Written: 20090618120054.000000+120
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 7036
Message: The SSDP Discovery Service has entered the state: running.
Record Number: 31975
Source Name: Service Control Manager
Time Written: 20090618120053.000000+120
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 7035
Message: A Start control has been successfully sent to the SSDP Discovery Service.
Record Number: 31974
Source Name: Service Control Manager
Time Written: 20090618120052.000000+120
Event Type: Information
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: PC270908708179
Event Code: 35
Message:
Record Number: 25995
Source Name: ccSetMgr
Time Written: 20081224133754.000000+060
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 34
Message:
Record Number: 25994
Source Name: ccSetMgr
Time Written: 20081224133754.000000+060
Event Type: Information
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 1517
Message: Windows has saved the user registry PC270908708179\Administrator while an application or service was still using the registry during logoff. The memory used by the user registry has not been released. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in the network service account or local service account.
Record Number: 25993
Source Name: Userenv
Time Written: 20081224133643.000000+060
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: PC270908708179
Event Code: 0
Message:
Record Number: 25992
Source Name: LiveUpdate Notice Service
Time Written: 20081224133512.000000+060
Event Type: Information
User:
Computer Name: PC270908708179
Event Code: 11707
Message: Product: LiveUpdate Notice (Symantec Corporation) -- Installation completed.
Record Number: 25991
Source Name: MsiInstaller
Time Written: 20081224133512.000000+060
Event Type: Information
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\HPQ\IAM\bin;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322;C:\Program Files\Fichiers communs\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
Hello everyone, I have the same problem, so I did the manipulation and here is the result from the notepad in "Log":
Logfile of random's system information tool 1.06 (written by random/random)
Run by Quentin at 2009-07-15 12:53:52
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 13 GB (44%) free of 29 GB
Total RAM: 511 MB (25% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:50, on 15/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Quentin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Quentin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.com/fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Quentin\LOCALS~1\Temp\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://D:\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
--
End of file - 15389 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1231343270.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2007-12-13 370296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-23 669168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-09-04 806912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-03 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-09-04 806912]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-11-07 114688]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-07-10 339968]
"HKSERV.EXE"=C:\Program Files\Sony\HotKey Utility\HKserv.exe [2004-06-29 122880]
"VAIO Update 2"=C:\Program Files\sony\vaio update 2\VAIOUpdt.exe [2004-06-29 147456]
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2004-01-19 290816]
"SonyPowerCfg"=C:\Program Files\sony\vaio power management\SPMgr.exe [2004-06-29 180224]
"Hcontrol"=C:\WINDOWS\ATK0100\Hcontrol.exe [2003-09-19 61440]
"Mouse Suite 98
Logfile of random's system information tool 1.06 (written by random/random)
Run by Quentin at 2009-07-15 12:53:52
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 13 GB (44%) free of 29 GB
Total RAM: 511 MB (25% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:50, on 15/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Quentin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Quentin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.com/fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Quentin\LOCALS~1\Temp\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://D:\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
--
End of file - 15389 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1231343270.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2007-12-13 370296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-23 669168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-09-04 806912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-03 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-09-04 806912]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-11-07 114688]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-07-10 339968]
"HKSERV.EXE"=C:\Program Files\Sony\HotKey Utility\HKserv.exe [2004-06-29 122880]
"VAIO Update 2"=C:\Program Files\sony\vaio update 2\VAIOUpdt.exe [2004-06-29 147456]
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2004-01-19 290816]
"SonyPowerCfg"=C:\Program Files\sony\vaio power management\SPMgr.exe [2004-06-29 180224]
"Hcontrol"=C:\WINDOWS\ATK0100\Hcontrol.exe [2003-09-19 61440]
"Mouse Suite 98
And here is the report in "txt", what is the next step?
info.txt logfile of random's system information tool 1.06 2009-07-15 12:54:57
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Encore DVD 1.0-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2CF483C-7EEE-4B64-A730-14F83CD5AFFE}\setup.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe InDesign CS2-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Premiere Standard-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{7998F67D-655B-42E3-B651-18D96DD17268}\setup.exe"
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArchiCAD 10 R1 FRA-->C:\Program Files\Graphisoft\ArchiCAD 10\Uninstall.AC\uninstaller.exe
ATI - Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe
AutoCAD 2004-->MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
Autodesk Express Viewer-->C:\PROGRA~1\Autodesk\AUTODE~2\Setup.exe /remove
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Click to DVD 2.1.10-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
Logitech QuickCam Driver Box-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.70.1196\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.70" /clone_wait /hide_progress
CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
Security update for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Security update Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Security update Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Security update Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Security update Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Security update Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Security update Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Security update Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Security update Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
HP Souvenir Disk-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Click to DVD 2.0.01 Menu Data-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98A3A654-3AEF-42D9-BA91-DE5815EA5897}\setup.exe"
DVgate Plus-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x40c
Online registration VAIO (French)-->C:\PROGRA~1\Common Files\INSTALL~1\Driver\7\INTEL3~1\IDriver.exe /M{668B1BD6-4593-4959-970E-249AFFE6F35C} /l1036
Google SketchUp 6-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HotKey Utility-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\Setup.exe" -l0x40c
hp psc 2100 series-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
InterVideo WinDVD 5 for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVDX-->"C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Last.fm 1.4.2.59470-->"C:\Program Files\Last.fm\unins000.exe"
Logitech QuickCam-->MsiExec.exe /X{6444D9D9-CD6C-4464-B970-55C606C944DC}
Macromedia Flash Player-->MsiExec.exe /X{27579b3c-5470-4496-be6c-0c872674f19f}
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\Setup.exe" -l0x40c /UNINSTALL
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Motocross Madness 2-->"C:\Program Files\Microsoft Games\Motocross Madness 2\Uninstal.exe" /runtemp /addremove
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
Security update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security update for Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP
info.txt logfile of random's system information tool 1.06 2009-07-15 12:54:57
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Encore DVD 1.0-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2CF483C-7EEE-4B64-A730-14F83CD5AFFE}\setup.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe InDesign CS2-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Premiere Standard-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{7998F67D-655B-42E3-B651-18D96DD17268}\setup.exe"
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArchiCAD 10 R1 FRA-->C:\Program Files\Graphisoft\ArchiCAD 10\Uninstall.AC\uninstaller.exe
ATI - Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe
AutoCAD 2004-->MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
Autodesk Express Viewer-->C:\PROGRA~1\Autodesk\AUTODE~2\Setup.exe /remove
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Click to DVD 2.1.10-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
Logitech QuickCam Driver Box-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.70.1196\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.70" /clone_wait /hide_progress
CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
Security update for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Security update Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Security update Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Security update Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Security update Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Security update Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Security update Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Security update Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Security update Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
HP Souvenir Disk-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Click to DVD 2.0.01 Menu Data-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98A3A654-3AEF-42D9-BA91-DE5815EA5897}\setup.exe"
DVgate Plus-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x40c
Online registration VAIO (French)-->C:\PROGRA~1\Common Files\INSTALL~1\Driver\7\INTEL3~1\IDriver.exe /M{668B1BD6-4593-4959-970E-249AFFE6F35C} /l1036
Google SketchUp 6-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HotKey Utility-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\Setup.exe" -l0x40c
hp psc 2100 series-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
InterVideo WinDVD 5 for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVDX-->"C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Last.fm 1.4.2.59470-->"C:\Program Files\Last.fm\unins000.exe"
Logitech QuickCam-->MsiExec.exe /X{6444D9D9-CD6C-4464-B970-55C606C944DC}
Macromedia Flash Player-->MsiExec.exe /X{27579b3c-5470-4496-be6c-0c872674f19f}
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\Common Files\INSTALL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\Setup.exe" -l0x40c /UNINSTALL
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Motocross Madness 2-->"C:\Program Files\Microsoft Games\Motocross Madness 2\Uninstal.exe" /runtemp /addremove
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
Security update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security update for Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP
Steve McQueen,
It would be better if you made your personal message, that will make the posts more understandable and the response to your problem more effective.
Proceed as follows:
*Click on this link -> http://www.commentcamarche.net/forum/forum 7#ecrire
*Then in the box, below the "hello", clearly and precisely state your problem...
To post your question on the forum, all you have to do is click on "Add"...
Be patient and a helper will eventually take care of you ;)
Good luck =)
See you soon
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are out of trouble until it is
told to you!
It would be better if you made your personal message, that will make the posts more understandable and the response to your problem more effective.
Proceed as follows:
*Click on this link -> http://www.commentcamarche.net/forum/forum 7#ecrire
*Then in the box, below the "hello", clearly and precisely state your problem...
To post your question on the forum, all you have to do is click on "Add"...
Be patient and a helper will eventually take care of you ;)
Good luck =)
See you soon
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are out of trouble until it is
told to you!
BACARA,
you didn't install Hijackthis before running RSIT ...
so please redo the procedure and post me the new report "log.txt" obtained ....
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : do not think you are out of trouble until we tell you so!
you didn't install Hijackthis before running RSIT ...
so please redo the procedure and post me the new report "log.txt" obtained ....
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : do not think you are out of trouble until we tell you so!
Hello, sorry I'm not a pro, here is the new
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-15 19:01:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (27%) free of 31 GB
Total RAM: 503 MB (38% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:40, on 15/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = DED7AE736F93E5FF9AGF4367FE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Help for Adobe PDF Reader link - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menu item: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1c9fb51eec06ee2) (gupdate1c9fb51eec06ee2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 9465 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Help for Adobe PDF Reader link - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-25 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-22 17920]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-05-08 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 184320]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-05 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"cdoosoft"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe [2009-07-08 110096]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-25 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-09-17 210168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
AsWlnPkg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"BackupNoCDBurning"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Soulseek-Test\slsk.exe"="C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\86l2qw.bat
shell\open\command - F:\86l2qw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{031bb4bd-0cb1-11dd-9828-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06f8966e-f078-11dc-9816-001641bb2538}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f1408cf-e920-11dc-9808-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27ca3d06-97d6-11dd-987e-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d066f0e-d878-11dc-97f3-001641bb2538}]
shell\AutoRun\command - G:\3wcxx91.cmd
shell\explore\command - G:\3wcxx91.cmd
shell\open\command - G:\3wcxx91.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2de7ef00-9ad1-11dd-9883-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bcec8cc-3eac-11dd-9859-001641bb2538}]
shell\AutoRun\command - jfvkcsy.bat
shell\explore\command - jfvkcsy.bat
shell\open\command - jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cde993d-fa46-11db-9752-001641bb2538}]
shell\Auto\command - F:\bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b041f94-f4c9-11dc-981a-001641bb2538}]
shell\Auto\command - G:\bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c554e88-d40f-11db-9732-001641bb2538}]
shell\Auto\command - F:\bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97694884-e181-11dc-97fe-001641bb2538}]
shell\AutoRun\command - G:\3o.exe
shell\explore\command - G:\3o.exe
shell\open\command - G:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97694885-e181-11dc-97fe-001641bb2538}]
shell\AutoRun\command - H:\3o.exe
shell\explore\command - H:\3o.exe
shell\open\command - H:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4e7e55a-106c-11dd-982a-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab3583dc-91bc-11dc-97b5-001641bb2538}]
shell\Auto\command - bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcf813e3-107e-11dd-982c-001641bb2538}]
shell\Auto\command - F:\RavMonE.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcf813e4-107e-11dd-982c-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c616d7b4-eb95-11dc-980d-001641bb2538}]
shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c780ec37-15c7-11dc-9767-001641bb2538}]
shell\AutoRun\command - G:\3o.exe
shell\explore\command - G:\3o.exe
shell\open\command - G:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27424a-d5a4-11dd-98b4-001641bb2538}]
shell\AutoRun\command - G:\86l2qw.bat
shell\open\command - G:\86l2qw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edb260d8-ccf9-11db-972f-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f22c7444-ffc9-11dc-9821-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
======File associations======
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-15 19:01:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (27%) free of 31 GB
Total RAM: 503 MB (38% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:40, on 15/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = DED7AE736F93E5FF9AGF4367FE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Help for Adobe PDF Reader link - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menu item: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1c9fb51eec06ee2) (gupdate1c9fb51eec06ee2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 9465 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Help for Adobe PDF Reader link - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-25 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-22 17920]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-05-08 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 184320]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-05 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"cdoosoft"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe [2009-07-08 110096]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-25 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-09-17 210168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
AsWlnPkg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"BackupNoCDBurning"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Soulseek-Test\slsk.exe"="C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\86l2qw.bat
shell\open\command - F:\86l2qw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{031bb4bd-0cb1-11dd-9828-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06f8966e-f078-11dc-9816-001641bb2538}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f1408cf-e920-11dc-9808-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27ca3d06-97d6-11dd-987e-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d066f0e-d878-11dc-97f3-001641bb2538}]
shell\AutoRun\command - G:\3wcxx91.cmd
shell\explore\command - G:\3wcxx91.cmd
shell\open\command - G:\3wcxx91.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2de7ef00-9ad1-11dd-9883-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bcec8cc-3eac-11dd-9859-001641bb2538}]
shell\AutoRun\command - jfvkcsy.bat
shell\explore\command - jfvkcsy.bat
shell\open\command - jfvkcsy.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cde993d-fa46-11db-9752-001641bb2538}]
shell\Auto\command - F:\bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b041f94-f4c9-11dc-981a-001641bb2538}]
shell\Auto\command - G:\bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c554e88-d40f-11db-9732-001641bb2538}]
shell\Auto\command - F:\bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97694884-e181-11dc-97fe-001641bb2538}]
shell\AutoRun\command - G:\3o.exe
shell\explore\command - G:\3o.exe
shell\open\command - G:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97694885-e181-11dc-97fe-001641bb2538}]
shell\AutoRun\command - H:\3o.exe
shell\explore\command - H:\3o.exe
shell\open\command - H:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4e7e55a-106c-11dd-982a-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab3583dc-91bc-11dc-97b5-001641bb2538}]
shell\Auto\command - bittorrent.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcf813e3-107e-11dd-982c-001641bb2538}]
shell\Auto\command - F:\RavMonE.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcf813e4-107e-11dd-982c-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c616d7b4-eb95-11dc-980d-001641bb2538}]
shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c780ec37-15c7-11dc-9767-001641bb2538}]
shell\AutoRun\command - G:\3o.exe
shell\explore\command - G:\3o.exe
shell\open\command - G:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27424a-d5a4-11dd-98b4-001641bb2538}]
shell\AutoRun\command - G:\86l2qw.bat
shell\open\command - G:\86l2qw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edb260d8-ccf9-11db-972f-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f22c7444-ffc9-11dc-9821-001641bb2538}]
shell\AutoRun\command - F:\3o.exe
shell\explore\command - F:\3o.exe
shell\open\command - F:\3o.exe
======File associations======
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config
Sam Faishier,
It would be better if you wrote your personal message, it will make the posts more understandable and the response to your problem will be more effective.
Proceed like this:
*Click on this link -> http://www.commentcamarche.net/forum/forum 7#ecrire
*Then in the box, below the "hello", clearly and precisely state your problem ...
To post your question on the forum, you just have to click on "Add" ...
Be patient and a helper will eventually take care of you ;)
Good luck =)
A+
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : do not think you are off the hook until you are told so!
It would be better if you wrote your personal message, it will make the posts more understandable and the response to your problem will be more effective.
Proceed like this:
*Click on this link -> http://www.commentcamarche.net/forum/forum 7#ecrire
*Then in the box, below the "hello", clearly and precisely state your problem ...
To post your question on the forum, you just have to click on "Add" ...
Be patient and a helper will eventually take care of you ;)
Good luck =)
A+
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : do not think you are off the hook until you are told so!
info.txt logfile of random's system information tool 1.06 2009-07-15 19:34:00
======Uninstall list======
-->"C:\Program Files\Creative Professional\E-MU Xboard\Program\SETUP.EXE" /S /U /W /L:FRN
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42A85BB6-491C-418A-8FFC-F778FB7E618A}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42A85BB6-491C-418A-8FFC-F778FB7E618A}\setup.exe" -l0x40c /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Admiral Quality Poly-Ana 1.00-->C:\Program Files\VstPlugins\Admiral Quality\UninstallPolyAna.exe
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Reader 9 - Russian-->MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A90000000001}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Ant Renamer-->"C:\Program Files\Ant Renamer\unins000.exe"
Antares Autotune VST RTAS TDM v5.08-->"C:\Program Files\Antares Audio Technologies\unins000.exe"
Antares Filter VST DX v1.0-->C:\PROGRA~1\Antares\UNINST~1\UNWISE.EXE C:\PROGRA~1\Antares\UNINST~1\INSTALL.LOG
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8C3A9E8-07F4-4D44-BB9D-C4AE5D230468}\Setup.exe" -l0x40c
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASAPI Update-->C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -l0x9 -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bionic Commando Rearmed-->"C:\Program Files\InstallShield Installation Information\{DB219559-1F78-4343-9A6E-C2E987AD47A3}\setup.exe" -runfromtemp -l0x040c -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Camel Audio Cameleon 5000 v1.7 VSTi-->C:\PROGRA~1\VSTPLU~1\CAMELE~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\CAMELE~1\INSTALL.LOG
CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Disque de souvenirs HP-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DSound Stomp`n FX Vol.1 v1.5-->C:\audio\dsound\UNWISE.EXE C:\audio\dsound\INSTALL.LOG
DSound Stomp'n FX Vol.2 v1.0-->C:\audio\STOMPN~1\UNWISE.EXE C:\audio\STOMPN~1\INSTALL.LOG
DVD X Player 4.0 Professional-->"C:\Program Files\DVD X Studios\DVD X Player 4.0 Professional\unins000.exe"
East West EWQLSO Gold Edition-->C:\PROGRA~1\EASTWE~1\EWQLSO~1\UNWISE.EXE C:\PROGRA~1\EASTWE~1\EWQLSO~1\INSTALL.LOG
Edirol HQ Orchestral VSTi v1.03-->C:\PROGRA~1\EDIROL\ORCHES~1.03\UNWISE.EXE C:\PROGRA~1\EDIROL\ORCHES~1.03\INSTALL.LOG
Edirol SuperQuartet v1.02-->C:\PROGRA~1\EDIROL\SUPERQ~1\UNWISE.EXE C:\PROGRA~1\EDIROL\SUPERQ~1\INSTALL.LOG
E-MU Xboard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D925601D-25E3-4E95-A456-FBD8C2995289}\setup.exe" -l0x40c /remove
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EzCAP Video Grabber-->C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe -runfromtemp -l0x040c -removeonly
FileZilla Client 3.0.4.1-->C:\Program Files\FileZilla Client\uninstall.exe
Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FLOCK! Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/21650
Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe
Free FLV Converter V 6.2.0-->"C:\Program Files\Free FLV Converter\unins000.exe"
GForce impOSCar v1.10 VSTi RTAS-->C:\PROGRA~1\GForce\impOSCar\UNINST~1\UNWISE.EXE C:\PROGRA~1\GForce\impOSCar\UNINST~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
IK Multimedia Amplitube v1.3-->C:\PROGRA~1\IKMULT~1\AMPLIT~1\UNWISE.EXE C:\PROGRA~1\IKMULT~1\AMPLIT~1\INSTALL.LOG
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Image-Line PoiZone v2.1-->C:\PROGRA~1\IMAGE-~1\PoiZone\UNINST~1\UNWISE.EXE C:\PROGRA~1\IMAGE-~1\PoiZone\UNINST~1\INSTALL.LOG
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Left 4 Dead Authoring Tools Beta-->"C:\Program Files\Steam\steam.exe" steam://uninstall/513
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Logitech ImageStudio-->MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Lounge Lizard 1.0-->C:\PROGRA~1\Aas\LOUNGE~1.0\UNWISE.EXE C:\PROGRA~1\Aas\LOUNGE~1.0\INSTALL.LOG
Ma-Config.com-->MsiExec.exe /X{E780E536-16CE-4CD1-8FE0-2D5E52FAA65B}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
MAGIX Films sur DVD 7 7.0.3.0 (F)-->C:\Program Files\MAGIX\Films_sur_DVD_7\unwise.exe
MAGIX Goya burnR 1.3.1.3 (F)-->C:\Program Files\MAGIX\Goya_burnR\unwise.exe
MAGIX Screenshare 4.3.6.1987 (F)-->C:\Program Files\MAGIX\PCVisit\unwise.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvel(TM) - Ultimate Alliance-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{932FB3F3-594D-4600-ABFA-F2DE80A14214} /l2057
marvell 61xx-->C:\Program Files\Marvell\61xx\uninst-61xx.exe
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
MixMeister BPM Analyzer 1.0-->"C:\Program Files\MixMeister BPM Analyzer\unins000.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Native Instruments FM8-->C:\PROGRA~1\NATIVE~1\FM8\UNWISE.EXE C:\PROGRA~1\NATIVE~1\FM8\INSTALL.LOG
Native Instruments Kontakt 2-->C:\PROGRA~1\NATIVE~1\KONTAK~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~1\INSTALL.LOG
Native Instruments Xpress Keyboards v1.0-->C:\PROGRA~1\NATIVE~1\XPRESS~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\XPRESS~1\INSTALL.LOG
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS-->C:\PROGRA~1\NATIVE~1\BATTER~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\BATTER~1\INSTALL.LOG
Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nomad Factory Rock Amp Legends VST v1.0-->C:\PROGRA~1\VSTPLU~1\NOMADF~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\NOMADF~1\INSTALL.LOG
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Novation Bass-Station VSTi v1.10-->C:\PROGRA~1\VSTPLU~1\BASS-S~1\BASS-S~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\BASS-S~1\BASS-S~1\INSTALL.LOG
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
Octopus-->C:\Program Files\VstPlugins\UninstalOctopus.exe
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - eMPIA Technology (USB28xxBGA) Media (07/20/2006 4.6.0720.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\embda_7386DDCD1C45FB20F93B0CAC58DCBCC5DA0A66B0\embda.inf
Package de pilotes Windows - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\emaudio_7386DDCD1C45FB20F93B0CAC58DCBCC5DA0A66B0\emaudio.inf
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.0-->MsiExec.exe /X{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Pianoteq v2.3.0-->"C:\Program Files\Pianoteq 2.3\uninstall.exe"
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
PSP 84 v1.1-->C:\PROGRA~1\PSP84~1\UNWISE.EXE C:\PROGRA~1\PSP84~1\INSTALL.LOG
PSP Audioware EasyVerb DX VST v1.0-->C:\PROGRA~1\PSPAUD~1\EasyVerb\UNWISE.EXE C:\PROGRA~1\PSPAUD~1\EasyVerb\INSTALL.LOG
PSP Audioware MasterQ DX VST v1.0-->C:\PROGRA~1\PSPAUD~1\MasterQ\UNWISE.EXE C:\PROGRA~1\PSPAUD~1\MasterQ\INSTALL.LOG
PSP Audioware MixPack DX VST v1.7-->C:\PROGRA~1\PSPAUD~1\MixPack\UNWISE.EXE C:\PROGRA~1\PSPAUD~1\MixPack\INSTALL.LOG
PSP Lexicon PSP 42 v1.2-->C:\PROGRA~1\LEXICO~1\UNWISE.EXE C:\PROGRA~1\LEXICO~1\INSTALL.LOG
PSP VintageWarmer v1.5d-->C:\PROGRA~1\PSPVIN~1\UNWISE.EXE C:\PROGRA~1\PSPVIN~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Ressources Windows Mobile-->C:\Program Files\Ressources Windows Mobile\Windows Mobile Device Handbook\Bin\DHUninstall.exe
ReValver-->C:\audio\ReValver\UNWISE.EXE C:\audio\ReValver\INSTALL.LOG
rgc:audio Triangle II-->"C:\Program Files\VstPlugins\unins001.exe"
rgcAudio Pentagon I VSTi v1.0-->"C:\Program Files\VstPlugins\Vstplugins\unins000.exe"
Rob Papen Albino 3-->C:\Program Files\VstPlugins\UninstalAlbino3.exe
Rob Papen and LinPlug Albino v1.0-->C:\PROGRA~1\VSTPLU~1\Albino\UNINST~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\Albino\UNINST~1\INSTALL.LOG
Rob Papen Blue VSTi v1.01 -->C:\PROGRA~1\VSTPLU~1\Blue\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\Blue\INSTALL.LOG
Rob Papen Predator V1.1.1-->"C:\Program Files\VstPlugins\unins000.exe"
Saints Row 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/9480
SampleTank 2-->C:\PROGRA~1\SAMPLE~1\UNWISE.EXE C:\PROGRA~1\SAMPLE~1\INSTALL.LOG
Scale Changer Pro v1.1e-->C:\PROGRA~1\VSTPLU~1\SCALEC~1.1E\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\SCALEC~1.1E\INSTALL.LOG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Seekapp 1.0 build 143-->C:\Program Files\SeekappSrch\uninstall.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Media Manager 2.2-->MsiExec.exe /X{38E1CA6C-2121-4B5C-A3A5-0B0003794EFF}
Sony Vegas 7.0-->MsiExec.exe /X{8411FA28-D32D-4518-92F0-3FBD80A702BC}
SP 1101 Randy Running Screen Saver-->C:\WINDOWS\system32\SP 1101 Randy Running.scr /u
SP Penis Mouse Screen Saver-->C:\WINDOWS\system32\SP Penis Mouse.scr /u
SpinAudio Roomverb M2 v1.0-->C:\PROGRA~1\SPINAU~1\ROOMVE~1\UNWISE.EXE C:\PROGRA~1\SPINAU~1\ROOMVE~1\INSTALL.LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steinberg HALion v2.0-->C:\PROGRA~1\VSTPLU~1\HALION~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\HALION~1\INSTALL.LOG
Steinberg WaveLab 5.01b-->C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove
======Uninstall list======
-->"C:\Program Files\Creative Professional\E-MU Xboard\Program\SETUP.EXE" /S /U /W /L:FRN
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42A85BB6-491C-418A-8FFC-F778FB7E618A}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42A85BB6-491C-418A-8FFC-F778FB7E618A}\setup.exe" -l0x40c /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Admiral Quality Poly-Ana 1.00-->C:\Program Files\VstPlugins\Admiral Quality\UninstallPolyAna.exe
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Reader 9 - Russian-->MsiExec.exe /I{AC76BA86-7AD7-1049-7B44-A90000000001}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Ant Renamer-->"C:\Program Files\Ant Renamer\unins000.exe"
Antares Autotune VST RTAS TDM v5.08-->"C:\Program Files\Antares Audio Technologies\unins000.exe"
Antares Filter VST DX v1.0-->C:\PROGRA~1\Antares\UNINST~1\UNWISE.EXE C:\PROGRA~1\Antares\UNINST~1\INSTALL.LOG
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8C3A9E8-07F4-4D44-BB9D-C4AE5D230468}\Setup.exe" -l0x40c
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASAPI Update-->C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -l0x9 -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bionic Commando Rearmed-->"C:\Program Files\InstallShield Installation Information\{DB219559-1F78-4343-9A6E-C2E987AD47A3}\setup.exe" -runfromtemp -l0x040c -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Camel Audio Cameleon 5000 v1.7 VSTi-->C:\PROGRA~1\VSTPLU~1\CAMELE~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\CAMELE~1\INSTALL.LOG
CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Disque de souvenirs HP-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DSound Stomp`n FX Vol.1 v1.5-->C:\audio\dsound\UNWISE.EXE C:\audio\dsound\INSTALL.LOG
DSound Stomp'n FX Vol.2 v1.0-->C:\audio\STOMPN~1\UNWISE.EXE C:\audio\STOMPN~1\INSTALL.LOG
DVD X Player 4.0 Professional-->"C:\Program Files\DVD X Studios\DVD X Player 4.0 Professional\unins000.exe"
East West EWQLSO Gold Edition-->C:\PROGRA~1\EASTWE~1\EWQLSO~1\UNWISE.EXE C:\PROGRA~1\EASTWE~1\EWQLSO~1\INSTALL.LOG
Edirol HQ Orchestral VSTi v1.03-->C:\PROGRA~1\EDIROL\ORCHES~1.03\UNWISE.EXE C:\PROGRA~1\EDIROL\ORCHES~1.03\INSTALL.LOG
Edirol SuperQuartet v1.02-->C:\PROGRA~1\EDIROL\SUPERQ~1\UNWISE.EXE C:\PROGRA~1\EDIROL\SUPERQ~1\INSTALL.LOG
E-MU Xboard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D925601D-25E3-4E95-A456-FBD8C2995289}\setup.exe" -l0x40c /remove
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EzCAP Video Grabber-->C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe -runfromtemp -l0x040c -removeonly
FileZilla Client 3.0.4.1-->C:\Program Files\FileZilla Client\uninstall.exe
Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FLOCK! Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/21650
Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe
Free FLV Converter V 6.2.0-->"C:\Program Files\Free FLV Converter\unins000.exe"
GForce impOSCar v1.10 VSTi RTAS-->C:\PROGRA~1\GForce\impOSCar\UNINST~1\UNWISE.EXE C:\PROGRA~1\GForce\impOSCar\UNINST~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
IK Multimedia Amplitube v1.3-->C:\PROGRA~1\IKMULT~1\AMPLIT~1\UNWISE.EXE C:\PROGRA~1\IKMULT~1\AMPLIT~1\INSTALL.LOG
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Image-Line PoiZone v2.1-->C:\PROGRA~1\IMAGE-~1\PoiZone\UNINST~1\UNWISE.EXE C:\PROGRA~1\IMAGE-~1\PoiZone\UNINST~1\INSTALL.LOG
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Left 4 Dead Authoring Tools Beta-->"C:\Program Files\Steam\steam.exe" steam://uninstall/513
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Logitech ImageStudio-->MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Lounge Lizard 1.0-->C:\PROGRA~1\Aas\LOUNGE~1.0\UNWISE.EXE C:\PROGRA~1\Aas\LOUNGE~1.0\INSTALL.LOG
Ma-Config.com-->MsiExec.exe /X{E780E536-16CE-4CD1-8FE0-2D5E52FAA65B}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
MAGIX Films sur DVD 7 7.0.3.0 (F)-->C:\Program Files\MAGIX\Films_sur_DVD_7\unwise.exe
MAGIX Goya burnR 1.3.1.3 (F)-->C:\Program Files\MAGIX\Goya_burnR\unwise.exe
MAGIX Screenshare 4.3.6.1987 (F)-->C:\Program Files\MAGIX\PCVisit\unwise.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvel(TM) - Ultimate Alliance-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{932FB3F3-594D-4600-ABFA-F2DE80A14214} /l2057
marvell 61xx-->C:\Program Files\Marvell\61xx\uninst-61xx.exe
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
MixMeister BPM Analyzer 1.0-->"C:\Program Files\MixMeister BPM Analyzer\unins000.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Native Instruments FM8-->C:\PROGRA~1\NATIVE~1\FM8\UNWISE.EXE C:\PROGRA~1\NATIVE~1\FM8\INSTALL.LOG
Native Instruments Kontakt 2-->C:\PROGRA~1\NATIVE~1\KONTAK~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~1\INSTALL.LOG
Native Instruments Xpress Keyboards v1.0-->C:\PROGRA~1\NATIVE~1\XPRESS~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\XPRESS~1\INSTALL.LOG
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS-->C:\PROGRA~1\NATIVE~1\BATTER~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\BATTER~1\INSTALL.LOG
Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nomad Factory Rock Amp Legends VST v1.0-->C:\PROGRA~1\VSTPLU~1\NOMADF~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\NOMADF~1\INSTALL.LOG
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Novation Bass-Station VSTi v1.10-->C:\PROGRA~1\VSTPLU~1\BASS-S~1\BASS-S~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\BASS-S~1\BASS-S~1\INSTALL.LOG
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
Octopus-->C:\Program Files\VstPlugins\UninstalOctopus.exe
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - eMPIA Technology (USB28xxBGA) Media (07/20/2006 4.6.0720.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\embda_7386DDCD1C45FB20F93B0CAC58DCBCC5DA0A66B0\embda.inf
Package de pilotes Windows - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\emaudio_7386DDCD1C45FB20F93B0CAC58DCBCC5DA0A66B0\emaudio.inf
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.0-->MsiExec.exe /X{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Pianoteq v2.3.0-->"C:\Program Files\Pianoteq 2.3\uninstall.exe"
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
PSP 84 v1.1-->C:\PROGRA~1\PSP84~1\UNWISE.EXE C:\PROGRA~1\PSP84~1\INSTALL.LOG
PSP Audioware EasyVerb DX VST v1.0-->C:\PROGRA~1\PSPAUD~1\EasyVerb\UNWISE.EXE C:\PROGRA~1\PSPAUD~1\EasyVerb\INSTALL.LOG
PSP Audioware MasterQ DX VST v1.0-->C:\PROGRA~1\PSPAUD~1\MasterQ\UNWISE.EXE C:\PROGRA~1\PSPAUD~1\MasterQ\INSTALL.LOG
PSP Audioware MixPack DX VST v1.7-->C:\PROGRA~1\PSPAUD~1\MixPack\UNWISE.EXE C:\PROGRA~1\PSPAUD~1\MixPack\INSTALL.LOG
PSP Lexicon PSP 42 v1.2-->C:\PROGRA~1\LEXICO~1\UNWISE.EXE C:\PROGRA~1\LEXICO~1\INSTALL.LOG
PSP VintageWarmer v1.5d-->C:\PROGRA~1\PSPVIN~1\UNWISE.EXE C:\PROGRA~1\PSPVIN~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Ressources Windows Mobile-->C:\Program Files\Ressources Windows Mobile\Windows Mobile Device Handbook\Bin\DHUninstall.exe
ReValver-->C:\audio\ReValver\UNWISE.EXE C:\audio\ReValver\INSTALL.LOG
rgc:audio Triangle II-->"C:\Program Files\VstPlugins\unins001.exe"
rgcAudio Pentagon I VSTi v1.0-->"C:\Program Files\VstPlugins\Vstplugins\unins000.exe"
Rob Papen Albino 3-->C:\Program Files\VstPlugins\UninstalAlbino3.exe
Rob Papen and LinPlug Albino v1.0-->C:\PROGRA~1\VSTPLU~1\Albino\UNINST~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\Albino\UNINST~1\INSTALL.LOG
Rob Papen Blue VSTi v1.01 -->C:\PROGRA~1\VSTPLU~1\Blue\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\Blue\INSTALL.LOG
Rob Papen Predator V1.1.1-->"C:\Program Files\VstPlugins\unins000.exe"
Saints Row 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/9480
SampleTank 2-->C:\PROGRA~1\SAMPLE~1\UNWISE.EXE C:\PROGRA~1\SAMPLE~1\INSTALL.LOG
Scale Changer Pro v1.1e-->C:\PROGRA~1\VSTPLU~1\SCALEC~1.1E\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\SCALEC~1.1E\INSTALL.LOG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Seekapp 1.0 build 143-->C:\Program Files\SeekappSrch\uninstall.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Media Manager 2.2-->MsiExec.exe /X{38E1CA6C-2121-4B5C-A3A5-0B0003794EFF}
Sony Vegas 7.0-->MsiExec.exe /X{8411FA28-D32D-4518-92F0-3FBD80A702BC}
SP 1101 Randy Running Screen Saver-->C:\WINDOWS\system32\SP 1101 Randy Running.scr /u
SP Penis Mouse Screen Saver-->C:\WINDOWS\system32\SP Penis Mouse.scr /u
SpinAudio Roomverb M2 v1.0-->C:\PROGRA~1\SPINAU~1\ROOMVE~1\UNWISE.EXE C:\PROGRA~1\SPINAU~1\ROOMVE~1\INSTALL.LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steinberg HALion v2.0-->C:\PROGRA~1\VSTPLU~1\HALION~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\HALION~1\INSTALL.LOG
Steinberg WaveLab 5.01b-->C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove
re,
> http://www.commentcamarche.net/forum/affich 13356991 win32 kamso puis detection d un rootkit?#14
^^'
--
"Bébé, je suis en train de monter dans un avion, et je ne sais pas si je reviendrai un jour"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne vous l'a pas dit !
> http://www.commentcamarche.net/forum/affich 13356991 win32 kamso puis detection d un rootkit?#14
^^'
--
"Bébé, je suis en train de monter dans un avion, et je ne sais pas si je reviendrai un jour"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne vous l'a pas dit !
Thank you for the manipulation!
Here is what FindyKill shows on my side.
Is it serious doc? :)
############################## | FindyKill V6.006 |
# User : Killian (Administrators) # K-E28DB6CA3AD64
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 20:03:40 | 15/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Processor Intel Pentium III Xeon
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090715-0] 4.8.1335 [ (!) Disabled | Updated ]
# C:\ # Local hard drive # 244.14 Go (113.06 Go free) # NTFS
# D:\ # Local hard drive # 465.65 Go (438.73 Go free) [VERBATIM] # FAT32
# E:\ # Local hard drive # 221.62 Go (147.01 Go free) [Local drive 2] # NTFS
# F:\ # CD-ROM drive
# G:\ # CD-ROM drive
# H:\ # Local hard drive # 465.64 Go (311.97 Mo free) [Elements] # FAT32
# I:\ # Local hard drive # 465.64 Go (137.52 Go free) [Elements] # FAT32
# J:\ # CD-ROM drive
# P:\ # CD-ROM drive
############################## | Active processes |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Startup Registry |
R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
R1 - HKCU\..\Main: "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
R1 - HKCU\..\Main: "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
R1 - HKCU\..\Main: "Start Page Redirect Cache_TIMESTAMP"=hex:6a,42,e1,10,2c,e2,c9,01
R1 - HKCU\..\Main: "Start Page Redirect Cache AcceptLangs"="fr"
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="Killian"
F2 - HKLM\..\logon:"AltDefaultUserName"="Killian"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\Run: nwiz=nwiz.exe /install
04 - HKLM\..\Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\Run: RTHDCPL=RTHDCPL.EXE
04 - HKLM\..\Run: Alcmtr=ALCMTR.EXE
04 - HKLM\..\Run: LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
04 - HKLM\..\Run: SearchSettings=C:\Program Files\pdfforge Toolbar\SearchSettings.exe
04 - HKLM\..\Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run: UpdReg=C:\WINDOWS\UpdReg.EXE
04 - HKLM\..\Run: ISUSPM="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
04 - HKLM\..\Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKCU\..\Run: CTFMON.EXE#C:\WINDOWS\system32\ctfmon.exe#
04 - HKCU\..\Run: H/PC Connection Agent#"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"#
04 - HKCU\..\Run: SUPERAntiSpyware#C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe#
04 - HKCU\..\Run: cdoosoft#C:\WINDOWS\system32\olhrwef.exe#
04 - HKCU\..\Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater##
################## | Files # Infected folders |
################## | C:\Documents and Settings\Killian\Temporary Internet Files |
Present! C:\DOCUME~1\Killian\LOCALS~1\Temp\ildownloader_install.exe
################## | All Drives ... |
C:\autorun.inf # -> file called : "C:\nkbd1v.exe" ( Missing ! )
Present! C:\autorun.inf
D:\autorun.inf # -> file called : "D:\nkbd1v.exe" ( Present ! )
Present! D:\i6g6x.cmd
Present! D:\autorun.inf
Present! "D:\resycled"
E:\autorun.inf # -> file called : "E:\nkbd1v.exe" ( Missing ! )
Present! E:\resycled\boot.com
Present! E:\autorun.inf
Present! "E:\resycled"
H:\autorun.inf # -> file called : "H:\nkbd1v.exe" ( Present ! )
Present! H:\i6g6x.cmd
Present! H:\resycled\boot.com
Present! H:\autorun.inf
Present! "H:\resycled"
I:\autorun.inf # -> file called : "I:\nkbd1v.exe" ( Present ! )
Present! I:\i6g6x.cmd
Present! I:\resycled\boot.com
Present! I:\autorun.inf
Present! "I:\resycled"
################## | Registry # Infectious Run keys |
Present! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Present! HKU\S-1-5-21-839522115-1202660629-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Present! HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
Present! HKLM\SYSTEM\ControlSet001\Services\AVPsys
Present! HKLM\SYSTEM\ControlSet002\Services\AVPsys
################## | Registry # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\H
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:
HKCU\..\..\Explorer\MountPoints2\{37735dce-fd51-11dd-82de-0007cb0000ff}
Shell\AutoRun\command =I:\nkbd1v.exe
Shell\open\Command =I:\nkbd1v.exe
HKCU\..\..\Explorer\MountPoints2\{37735dcf-fd51-11dd-82de-0007cb0000ff}
Shell\AutoRun\command =nkbd1v.exe
Shell\open\Command =nkbd1v.exe
HKCU\..\..\Explorer\MountPoints2\{47edd2d8-fdb7-11dd-82e2-0007cb0000ff}
Shell\AutoRun\command =D:\nkbd1v.exe
Shell\open\Command =D:\nkbd1v.exe
HKCU\..\..\Explorer\MountPoints2\{b572cd8c-01a5-11de-82f1-0007cb0000ff}
Shell\AutoRun\command =K:\nkbd1v.exe
Shell\open\Command =K:\nkbd1v.exe
HKCU\..\..\Explorer\MountPoints2\{fd91c32a-fd2a-11dd-9e0d-806d6172696f}
Shell\AutoRun\command =nkbd1v.exe
Shell\open\Command =nkbd1v.exe
HKCU\..\..\Explorer\MountPoints2\{fd91c32b-fd2a-11dd-9e0d-806d6172696f}
Shell\AutoRun\command =nkbd1v.exe
Shell\open\Command =nkbd1v.exe
################## | Status / Services / Information |
# Display hidden files : OK
# Safe mode : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! End of report # FindyKill V6.006 ! |
Here is what FindyKill shows on my side.
Is it serious doc? :)
############################## | FindyKill V6.006 |
# User : Killian (Administrators) # K-E28DB6CA3AD64
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 20:03:40 | 15/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Processor Intel Pentium III Xeon
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090715-0] 4.8.1335 [ (!) Disabled | Updated ]
# C:\ # Local hard drive # 244.14 Go (113.06 Go free) # NTFS
# D:\ # Local hard drive # 465.65 Go (438.73 Go free) [VERBATIM] # FAT32
# E:\ # Local hard drive # 221.62 Go (147.01 Go free) [Local drive 2] # NTFS
# F:\ # CD-ROM drive
# G:\ # CD-ROM drive
# H:\ # Local hard drive # 465.64 Go (311.97 Mo free) [Elements] # FAT32
# I:\ # Local hard drive # 465.64 Go (137.52 Go free) [Elements] # FAT32
# J:\ # CD-ROM drive
# P:\ # CD-ROM drive
############################## | Active processes |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Startup Registry |
R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
R1 - HKCU\..\Main: "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
R1 - HKCU\..\Main: "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
R1 - HKCU\..\Main: "Start Page Redirect Cache_TIMESTAMP"=hex:6a,42,e1,10,2c,e2,c9,01
R1 - HKCU\..\Main: "Start Page Redirect Cache AcceptLangs"="fr"
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="Killian"
F2 - HKLM\..\logon:"AltDefaultUserName"="Killian"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\Run: nwiz=nwiz.exe /install
04 - HKLM\..\Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\Run: RTHDCPL=RTHDCPL.EXE
04 - HKLM\..\Run: Alcmtr=ALCMTR.EXE
04 - HKLM\..\Run: LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
04 - HKLM\..\Run: SearchSettings=C:\Program Files\pdfforge Toolbar\SearchSettings.exe
04 - HKLM\..\Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run: UpdReg=C:\WINDOWS\UpdReg.EXE
04 - HKLM\..\Run: ISUSPM="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
04 - HKLM\..\Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKCU\..\Run: CTFMON.EXE#C:\WINDOWS\system32\ctfmon.exe#
04 - HKCU\..\Run: H/PC Connection Agent#"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"#
04 - HKCU\..\Run: SUPERAntiSpyware#C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe#
04 - HKCU\..\Run: cdoosoft#C:\WINDOWS\system32\olhrwef.exe#
04 - HKCU\..\Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater##
################## | Files # Infected folders |
################## | C:\Documents and Settings\Killian\Temporary Internet Files |
Present! C:\DOCUME~1\Killian\LOCALS~1\Temp\ildownloader_install.exe
################## | All Drives ... |
C:\autorun.inf # -> file called : "C:\nkbd1v.exe" ( Missing ! )
Present! C:\autorun.inf
D:\autorun.inf # -> file called : "D:\nkbd1v.exe" ( Present ! )
Present! D:\i6g6x.cmd
Present! D:\autorun.inf
Present! "D:\resycled"
E:\autorun.inf # -> file called : "E:\nkbd1v.exe" ( Missing ! )
Present! E:\resycled\boot.com
Present! E:\autorun.inf
Present! "E:\resycled"
H:\autorun.inf # -> file called : "H:\nkbd1v.exe" ( Present ! )
Present! H:\i6g6x.cmd
Present! H:\resycled\boot.com
Present! H:\autorun.inf
Present! "H:\resycled"
I:\autorun.inf # -> file called : "I:\nkbd1v.exe" ( Present ! )
Present! I:\i6g6x.cmd
Present! I:\resycled\boot.com
Present! I:\autorun.inf
Present! "I:\resycled"
################## | Registry # Infectious Run keys |
Present! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Present! HKU\S-1-5-21-839522115-1202660629-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Present! HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
Present! HKLM\SYSTEM\ControlSet001\Services\AVPsys
Present! HKLM\SYSTEM\ControlSet002\Services\AVPsys
################## | Registry # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\H
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com h:
HKCU\..\..\Explorer\MountPoints2\{37735dce-fd51-11dd-82de-0007cb0000ff}
Shell\AutoRun\command =I:\nkbd1v.exe
Shell\open\Command =I:\nkbd1v.exe
HKCU\..\..\Explorer\MountPoints2\{37735dcf-fd51-11dd-82de-0007cb0000ff}
Shell\AutoRun\command =nkbd1v.exe
Shell\open\Command =nkbd1v.exe
HKCU\..\..\Explorer\MountPoints2\{47edd2d8-fdb7-11dd-82e2-0007cb0000ff}
Shell\AutoRun\command =D:\nkbd1v.exe
Shell\open\Command =D:\nkbd1v.exe
HKCU\..\..\Explorer\MountPoints2\{b572cd8c-01a5-11de-82f1-0007cb0000ff}
Shell\AutoRun\command =K:\nkbd1v.exe
Shell\open\Command =K:\nkbd1v.exe
HKCU\..\..\Explorer\MountPoints2\{fd91c32a-fd2a-11dd-9e0d-806d6172696f}
Shell\AutoRun\command =nkbd1v.exe
Shell\open\Command =nkbd1v.exe
HKCU\..\..\Explorer\MountPoints2\{fd91c32b-fd2a-11dd-9e0d-806d6172696f}
Shell\AutoRun\command =nkbd1v.exe
Shell\open\Command =nkbd1v.exe
################## | Status / Services / Information |
# Display hidden files : OK
# Safe mode : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! End of report # FindyKill V6.006 ! |
heu ...
tell me Sam Faishier, can't you read????
here > http://www.commentcamarche.net/forum/affich 13356991 win32 kamso puis detection d un rootkit?#14
create your own topic!!! .... this is not your thread here and your problem is slightly different! ...
thank you ... -_-
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : don't think you're out of the woods until someone tells you you are!
tell me Sam Faishier, can't you read????
here > http://www.commentcamarche.net/forum/affich 13356991 win32 kamso puis detection d un rootkit?#14
create your own topic!!! .... this is not your thread here and your problem is slightly different! ...
thank you ... -_-
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : don't think you're out of the woods until someone tells you you are!
baraca,
the rest here > http://www.commentcamarche.net/forum/affich 13356991 win32 kamso puis detection d un rootkit?#16
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : don't think you're out of the woods until they've told you!
the rest here > http://www.commentcamarche.net/forum/affich 13356991 win32 kamso puis detection d un rootkit?#16
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : don't think you're out of the woods until they've told you!
Hello,
here's the continuation:
1- ! Disconnect from the internet, disable your antivirus, and close all running applications !
Imperative:
Connect all your external units to your PC (USB flash drive, external hard drive, flash disk, MP3 player, SD card, etc...) that may have been infected (but do not open them!).
# Double click on the FindyKill shortcut on your desktop to launch the tool.
# This time, choose option 2 (Removal).
> Your desktop will disappear and the PC will restart (this is normal).
# Upon restarting, Findykill will scan your PC, let the tool work and do not touch anything.
# Once finished, post the new report Findykill.txt that will appear with the desktop.
(The report is also saved at the root of the main drive > C:\Findykill.txt).
Note:
If the desktop does not reappear, press Ctrl + Alt + Delete, Tab "File"-> "New Task":
type explorer.exe and confirm.
=====================
2- Run an RSIT scan again, post the new "log.txt" obtained for analysis and wait for the next steps....
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are out of trouble until you have been told so!
here's the continuation:
1- ! Disconnect from the internet, disable your antivirus, and close all running applications !
Imperative:
Connect all your external units to your PC (USB flash drive, external hard drive, flash disk, MP3 player, SD card, etc...) that may have been infected (but do not open them!).
# Double click on the FindyKill shortcut on your desktop to launch the tool.
# This time, choose option 2 (Removal).
> Your desktop will disappear and the PC will restart (this is normal).
# Upon restarting, Findykill will scan your PC, let the tool work and do not touch anything.
# Once finished, post the new report Findykill.txt that will appear with the desktop.
(The report is also saved at the root of the main drive > C:\Findykill.txt).
Note:
If the desktop does not reappear, press Ctrl + Alt + Delete, Tab "File"-> "New Task":
type explorer.exe and confirm.
=====================
2- Run an RSIT scan again, post the new "log.txt" obtained for analysis and wait for the next steps....
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are out of trouble until you have been told so!
here are the new FindyKill:
############################## | FindyKill V6.006 |
# User : Administrator (Administrators) # PC270908708179
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 19:15:38 | 16/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1296 [VPS 090714-0] 4.8.1296 [ (!) Disabled | Updated ]
# C:\ # Local hard drive # 29.89 Go (8.09 Go free) # NTFS
# D:\ # CD-ROM
# E:\ # Local hard drive # 7.38 Go (438.36 Mo free) [HP_RECOVERY] # NTFS
# F:\ # Removable drive # 981.05 Mo (978.48 Mo free) # FAT32
# G:\ # Removable drive # 1.88 Go (1.87 Go free) # FAT
############################## | Active Processes |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Infected Files # Folders |
Deleted! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmdfgds0.dll
Deleted! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmdfgds1.dll
Deleted! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe
################## | C:\Documents and Settings\Administrator\Temporary Internet Files |
Deleted! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eauninstall.exe
################## | All Drives ... |
C:\autorun.inf # -> file called : "C:\86l2qw.bat" ( Absent ! )
Deleted! C:\autorun.inf
E:\autorun.inf # -> file called : "E:\86l2qw.bat" ( Absent ! )
Deleted! E:\autorun.inf
F:\autorun.inf # -> file called : "F:\86l2qw.bat" ( Present ! )
Deleted! -> F:\86l2qw.bat
Deleted! F:\autorun.inf
G:\autorun.inf # -> file called : "G:\86l2qw.bat" ( Present ! )
Deleted! -> G:\86l2qw.bat
Deleted! G:\autorun.inf
################## | Others ... |
################## | Registry # Infected Run Keys |
Deleted! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Deleted! HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
Deleted! HKLM\SYSTEM\ControlSet001\Services\AVPsys
Deleted! HKLM\SYSTEM\ControlSet004\Services\AVPsys
# HKLM\software\microsoft\security center "AntiVirusDisableNotify" # -> Reset successfully!
# HKLM\software\microsoft\security center "FirewallDisableNotify" # -> Reset successfully!
################## | Registry # Mountpoints2 |
Deleted! HKCU\...\Explorer\MountPoints2\F\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{031bb4bd-0cb1-11dd-9828-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{0f1408cf-e920-11dc-9808-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{27ca3d06-97d6-11dd-987e-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{2d066f0e-d878-11dc-97f3-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{2de7ef00-9ad1-11dd-9883-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{3bcec8cc-3eac-11dd-9859-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{3cde993d-fa46-11db-9752-001641bb2538}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{4b041f94-f4c9-11dc-981a-001641bb2538}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{7c554e88-d40f-11db-9732-001641bb2538}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{97694884-e181-11dc-97fe-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{97694885-e181-11dc-97fe-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{a4e7e55a-106c-11dd-982a-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{ab3583dc-91bc-11dc-97b5-001641bb2538}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{bcf813e3-107e-11dd-982c-001641bb2538}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{bcf813e4-107e-11dd-982c-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{c616d7b4-eb95-11dc-980d-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{c780ec37-15c7-11dc-9767-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{edb260d8-ccf9-11db-972f-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{f22c7444-ffc9-11dc-9821-001641bb2538}\Shell\AutoRun\Command
################## | Listing of present files |
[24/12/2006 10:24|-rahs----|212] - C:\boot.ini
[05/08/2004 10:00|-rahs----|4952] - C:\Bootfont.bin
[16/07/2009 19:28|--a------|6024] - C:\FindyKill.txt
[?|?|?] - C:\hiberfil.sys
[24/12/2006 11:09|-rahs----|0] - C:\IO.SYS
[24/12/2006 11:09|-rahs----|0] - C:\MSDOS.SYS
[05/08/2004 10:00|--ahs----|47564] - C:\NTDETECT.COM
[29/12/2008 19:13|--ahs----|252240] - C:\NTLDR
[29/02/2004 17:44|--a------|52576] - C:\orange.bmp
[?|?|?] - C:\pagefile.sys
[04/12/2008 10:54|--a------|432] - C:\Shortcut to Shared Documents.lnk
[24/05/2001 12:59|--a------|162304] - C:\UNWISE.EXE
[28/07/2001 01:07|---hs----|0] - E:\AUTOEXEC.BAT
[09/01/2002 14:52|---hs----|244] - E:\BOOT.INI
[17/08/2001 04:26|---hs----|237728] - E:\CMLDR
[28/07/2001 01:07|---hs----|0] - E:\CONFIG.SYS
[01/07/2005 15:16|---hs----|102] - E:\Desktop.ini
[22/11/2004 19:28|---hs----|8130] - E:\Folder.htt
[30/11/2004 15:01|---hs----|73728] - E:\Info.exe
[28/07/2001 01:07|---hs----|0] - E:\IO.SYS
[31/12/2006 14:49|--ahs----|1724] - E:\MASTER.LOG
[21/06/2005 21:22|---hs----|0] - E:\MENUND
[28/07/2001 01:07|---hs----|0] - E:\MSDOS.SYS
[25/07/2001 17:00|---hs----|45124] - E:\NTDETECT.COM
[19/06/2001 02:53|---hs----|0] - E:\NTFS
[18/05/2005 17:24|---hs----|245920] - E:\NTLDR
[10/09/2002 13:58|---hs----|181616] - E:\protect.ed
[31/12/2006 14:52|-r-hs----|0] - E:\RCBoot.sys
[28/07/2005 23:09|---hs----|36] - E:\SAVEFILE.DIR
[04/08/2004 00:55|--a------|28672] - E:\setupSNK.exe
[21/10/2005 13:12|---hs----|42] - E:\st_log.ini
[08/02/2002 19:44|---hs----|88038] - E:\Warning.bmp
[18/08/2001 12:00|---hs----|10] - E:\WIN51
[22/01/2001 12:00|---hs----|11] - E:\WIN51.B2
[25/07/2001 12:00|---hs----|11] - E:\WIN51.RC1
[25/07/2001 17:47|---hs----|11] - E:\WIN51.RC2
[18/08/2001 12:00|---hs----|10] - E:\WIN51IC
[20/03/2001 12:00|---hs----|11] - E:\WIN51IC.B2
[25/07/2001 12:00|---hs----|11] - E:\WIN51IC.RC1
[25/07/2001 12:00|---hs----|11] - E:\WIN51IC.RC2
[17/08/2001 12:00|---hs----|10] - E:\WIN51IP
[22/01/2001 12:00|---hs----|11] - E:\WIN51IP.B2
[25/07/2001 17:47|---hs----|11] - E:\WIN51IP.RC2
[17/08/2001 10:17|---hs----|184] - E:\WINBOM.INI
[24/05/2001 06:19|---hs----|0] - E:\XGA
[03/04/2008 16:40|--a------|180635] - F:\photo id.pdf
[08/06/2008 16:22|--a------|1184158] - F:\DSCN1483.JPG
[08/07/2009 18:50|--a------|246784] - F:\cv.doc
[29/01/2008 14:22|--a------|573568] - F:\Saisonkalender_f.pdf
[11/05/2000 12:21|--a------|377344] - F:\ut_Fichiers.exe
[08/07/2009 18:30|--a------|1519616] - G:\CV July 2009.doc
[09/07/2009 16:41|--a------|673609] - G:\EVENT_FILE_DEEST.pdf
[09/07/2009 13:14|-r-hs----|110593] - G:\r6d0.bat
################## | Vaccination |
# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# E:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# F:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# G:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
################## | Status / Services / Information |
# Safe mode : OK
# Displaying hidden files : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! End of report # FindyKill V6.006 ! |
############################## | FindyKill V6.006 |
# User : Administrator (Administrators) # PC270908708179
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 19:15:38 | 16/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1296 [VPS 090714-0] 4.8.1296 [ (!) Disabled | Updated ]
# C:\ # Local hard drive # 29.89 Go (8.09 Go free) # NTFS
# D:\ # CD-ROM
# E:\ # Local hard drive # 7.38 Go (438.36 Mo free) [HP_RECOVERY] # NTFS
# F:\ # Removable drive # 981.05 Mo (978.48 Mo free) # FAT32
# G:\ # Removable drive # 1.88 Go (1.87 Go free) # FAT
############################## | Active Processes |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Infected Files # Folders |
Deleted! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmdfgds0.dll
Deleted! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nmdfgds1.dll
Deleted! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe
################## | C:\Documents and Settings\Administrator\Temporary Internet Files |
Deleted! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eauninstall.exe
################## | All Drives ... |
C:\autorun.inf # -> file called : "C:\86l2qw.bat" ( Absent ! )
Deleted! C:\autorun.inf
E:\autorun.inf # -> file called : "E:\86l2qw.bat" ( Absent ! )
Deleted! E:\autorun.inf
F:\autorun.inf # -> file called : "F:\86l2qw.bat" ( Present ! )
Deleted! -> F:\86l2qw.bat
Deleted! F:\autorun.inf
G:\autorun.inf # -> file called : "G:\86l2qw.bat" ( Present ! )
Deleted! -> G:\86l2qw.bat
Deleted! G:\autorun.inf
################## | Others ... |
################## | Registry # Infected Run Keys |
Deleted! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Deleted! HKLM\SYSTEM\CurrentControlSet\Services\AVPsys
Deleted! HKLM\SYSTEM\ControlSet001\Services\AVPsys
Deleted! HKLM\SYSTEM\ControlSet004\Services\AVPsys
# HKLM\software\microsoft\security center "AntiVirusDisableNotify" # -> Reset successfully!
# HKLM\software\microsoft\security center "FirewallDisableNotify" # -> Reset successfully!
################## | Registry # Mountpoints2 |
Deleted! HKCU\...\Explorer\MountPoints2\F\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{031bb4bd-0cb1-11dd-9828-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{0f1408cf-e920-11dc-9808-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{27ca3d06-97d6-11dd-987e-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{2d066f0e-d878-11dc-97f3-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{2de7ef00-9ad1-11dd-9883-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{3bcec8cc-3eac-11dd-9859-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{3cde993d-fa46-11db-9752-001641bb2538}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{4b041f94-f4c9-11dc-981a-001641bb2538}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{7c554e88-d40f-11db-9732-001641bb2538}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{97694884-e181-11dc-97fe-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{97694885-e181-11dc-97fe-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{a4e7e55a-106c-11dd-982a-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{ab3583dc-91bc-11dc-97b5-001641bb2538}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{bcf813e3-107e-11dd-982c-001641bb2538}\Shell\Auto\Command
Deleted! HKCU\...\Explorer\MountPoints2\{bcf813e4-107e-11dd-982c-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{c616d7b4-eb95-11dc-980d-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{c780ec37-15c7-11dc-9767-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{edb260d8-ccf9-11db-972f-001641bb2538}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{f22c7444-ffc9-11dc-9821-001641bb2538}\Shell\AutoRun\Command
################## | Listing of present files |
[24/12/2006 10:24|-rahs----|212] - C:\boot.ini
[05/08/2004 10:00|-rahs----|4952] - C:\Bootfont.bin
[16/07/2009 19:28|--a------|6024] - C:\FindyKill.txt
[?|?|?] - C:\hiberfil.sys
[24/12/2006 11:09|-rahs----|0] - C:\IO.SYS
[24/12/2006 11:09|-rahs----|0] - C:\MSDOS.SYS
[05/08/2004 10:00|--ahs----|47564] - C:\NTDETECT.COM
[29/12/2008 19:13|--ahs----|252240] - C:\NTLDR
[29/02/2004 17:44|--a------|52576] - C:\orange.bmp
[?|?|?] - C:\pagefile.sys
[04/12/2008 10:54|--a------|432] - C:\Shortcut to Shared Documents.lnk
[24/05/2001 12:59|--a------|162304] - C:\UNWISE.EXE
[28/07/2001 01:07|---hs----|0] - E:\AUTOEXEC.BAT
[09/01/2002 14:52|---hs----|244] - E:\BOOT.INI
[17/08/2001 04:26|---hs----|237728] - E:\CMLDR
[28/07/2001 01:07|---hs----|0] - E:\CONFIG.SYS
[01/07/2005 15:16|---hs----|102] - E:\Desktop.ini
[22/11/2004 19:28|---hs----|8130] - E:\Folder.htt
[30/11/2004 15:01|---hs----|73728] - E:\Info.exe
[28/07/2001 01:07|---hs----|0] - E:\IO.SYS
[31/12/2006 14:49|--ahs----|1724] - E:\MASTER.LOG
[21/06/2005 21:22|---hs----|0] - E:\MENUND
[28/07/2001 01:07|---hs----|0] - E:\MSDOS.SYS
[25/07/2001 17:00|---hs----|45124] - E:\NTDETECT.COM
[19/06/2001 02:53|---hs----|0] - E:\NTFS
[18/05/2005 17:24|---hs----|245920] - E:\NTLDR
[10/09/2002 13:58|---hs----|181616] - E:\protect.ed
[31/12/2006 14:52|-r-hs----|0] - E:\RCBoot.sys
[28/07/2005 23:09|---hs----|36] - E:\SAVEFILE.DIR
[04/08/2004 00:55|--a------|28672] - E:\setupSNK.exe
[21/10/2005 13:12|---hs----|42] - E:\st_log.ini
[08/02/2002 19:44|---hs----|88038] - E:\Warning.bmp
[18/08/2001 12:00|---hs----|10] - E:\WIN51
[22/01/2001 12:00|---hs----|11] - E:\WIN51.B2
[25/07/2001 12:00|---hs----|11] - E:\WIN51.RC1
[25/07/2001 17:47|---hs----|11] - E:\WIN51.RC2
[18/08/2001 12:00|---hs----|10] - E:\WIN51IC
[20/03/2001 12:00|---hs----|11] - E:\WIN51IC.B2
[25/07/2001 12:00|---hs----|11] - E:\WIN51IC.RC1
[25/07/2001 12:00|---hs----|11] - E:\WIN51IC.RC2
[17/08/2001 12:00|---hs----|10] - E:\WIN51IP
[22/01/2001 12:00|---hs----|11] - E:\WIN51IP.B2
[25/07/2001 17:47|---hs----|11] - E:\WIN51IP.RC2
[17/08/2001 10:17|---hs----|184] - E:\WINBOM.INI
[24/05/2001 06:19|---hs----|0] - E:\XGA
[03/04/2008 16:40|--a------|180635] - F:\photo id.pdf
[08/06/2008 16:22|--a------|1184158] - F:\DSCN1483.JPG
[08/07/2009 18:50|--a------|246784] - F:\cv.doc
[29/01/2008 14:22|--a------|573568] - F:\Saisonkalender_f.pdf
[11/05/2000 12:21|--a------|377344] - F:\ut_Fichiers.exe
[08/07/2009 18:30|--a------|1519616] - G:\CV July 2009.doc
[09/07/2009 16:41|--a------|673609] - G:\EVENT_FILE_DEEST.pdf
[09/07/2009 13:14|-r-hs----|110593] - G:\r6d0.bat
################## | Vaccination |
# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# E:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# F:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# G:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
################## | Status / Services / Information |
# Safe mode : OK
# Displaying hidden files : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! End of report # FindyKill V6.006 ! |
Et maintenant le nouveau log :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-16 19:32:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (29%) free of 31 GB
Total RAM: 503 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:17, on 16/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = DED7AE736F93E5FF9AGF4367FE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1c9fb51eec06ee2) (gupdate1c9fb51eec06ee2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8419 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-25 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-22 17920]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-05-08 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 184320]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-05 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-25 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-09-17 210168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
AsWlnPkg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=FFFFFFFF
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"BackupNoCDBurning"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Soulseek-Test\slsk.exe"="C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 2 months======
2009-07-16 19:28:41 ----RASHD---- C:\autorun.inf
2009-07-16 19:15:36 ----A---- C:\FindyKill.txt
2009-07-16 18:09:42 ----D---- C:\FindyKill
2009-07-16 18:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 18:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 18:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-15 18:59:36 ----D---- C:\Program Files\Trend Micro
2009-07-15 13:50:54 ----D---- C:\rsit
2009-07-14 16:02:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-07-14 16:01:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-14 16:01:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-02 22:15:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-11 17:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 17:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 17:10:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 17:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
======List of files/folders modified in the last 2 months======
2009-07-16 19:32:06 ----D---- C:\WINDOWS\system32
2009-07-16 19:32:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-16 19:31:07 ----D---- C:\WINDOWS\Prefetch
2009-07-16 19:28:56 ----SHD---- C:\RECYCLER
2009-07-16 19:28:43 ----D---- C:\WINDOWS\Temp
2009-07-16 19:15:34 ----SD---- C:\WINDOWS\Tasks
2009-07-16 19:14:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-16 19:12:07 ----D---- C:\WINDOWS
2009-07-16 19:11:34 ----D---- C:\WINDOWS\SMINST
2009-07-16 18:21:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-16 18:08:06 ----HD---- C:\WINDOWS\inf
2009-07-16 18:07:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-16 18:07:50 ----A---- C:\WINDOWS\imsins.BAK
2009-07-16 18:07:46 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-15 18:59:36 ----RD---- C:\Program Files
2009-07-14 16:01:35 ----D---- C:\WINDOWS\system32\drivers
2009-07-14 15:33:48 ----D---- C:\WINDOWS\Minidump
2009-07-08 18:42:33 ----SHD---- C:\WINDOWS\Installer
2009-07-08 18:42:33 ----HD---- C:\Config.Msi
2009-07-08 18:42:28 ----D---- C:\Program Files\Google
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-03 17:54:46 ----D---- C:\Program Files\eMule
2009-07-03 00:03:26 ----D---- C:\Program Files\Soulseek
2009-07-02 22:17:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Google
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-11 17:10:39 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-11 17:10:39 ----D---- C:\Program Files\Internet Explorer
2009-06-11 17:10:28 ----D---- C:\WINDOWS\ie7updates
2009-06-03 21:10:33 ----A---- C:\WINDOWS\system32\quartz.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;HID Keyboard Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-31 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-31 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-31 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-31 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-31 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-31 87036]
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-16 19:32:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (29%) free of 31 GB
Total RAM: 503 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:17, on 16/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = DED7AE736F93E5FF9AGF4367FE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1c9fb51eec06ee2) (gupdate1c9fb51eec06ee2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8419 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-25 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-22 17920]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-05-08 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 184320]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-05 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-25 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-09-17 210168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
AsWlnPkg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=FFFFFFFF
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"BackupNoCDBurning"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Soulseek-Test\slsk.exe"="C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 2 months======
2009-07-16 19:28:41 ----RASHD---- C:\autorun.inf
2009-07-16 19:15:36 ----A---- C:\FindyKill.txt
2009-07-16 18:09:42 ----D---- C:\FindyKill
2009-07-16 18:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 18:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 18:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-15 18:59:36 ----D---- C:\Program Files\Trend Micro
2009-07-15 13:50:54 ----D---- C:\rsit
2009-07-14 16:02:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-07-14 16:01:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-14 16:01:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-02 22:15:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-11 17:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 17:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 17:10:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 17:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
======List of files/folders modified in the last 2 months======
2009-07-16 19:32:06 ----D---- C:\WINDOWS\system32
2009-07-16 19:32:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-16 19:31:07 ----D---- C:\WINDOWS\Prefetch
2009-07-16 19:28:56 ----SHD---- C:\RECYCLER
2009-07-16 19:28:43 ----D---- C:\WINDOWS\Temp
2009-07-16 19:15:34 ----SD---- C:\WINDOWS\Tasks
2009-07-16 19:14:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-16 19:12:07 ----D---- C:\WINDOWS
2009-07-16 19:11:34 ----D---- C:\WINDOWS\SMINST
2009-07-16 18:21:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-16 18:08:06 ----HD---- C:\WINDOWS\inf
2009-07-16 18:07:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-16 18:07:50 ----A---- C:\WINDOWS\imsins.BAK
2009-07-16 18:07:46 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-15 18:59:36 ----RD---- C:\Program Files
2009-07-14 16:01:35 ----D---- C:\WINDOWS\system32\drivers
2009-07-14 15:33:48 ----D---- C:\WINDOWS\Minidump
2009-07-08 18:42:33 ----SHD---- C:\WINDOWS\Installer
2009-07-08 18:42:33 ----HD---- C:\Config.Msi
2009-07-08 18:42:28 ----D---- C:\Program Files\Google
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-03 17:54:46 ----D---- C:\Program Files\eMule
2009-07-03 00:03:26 ----D---- C:\Program Files\Soulseek
2009-07-02 22:17:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Google
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-11 17:10:39 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-11 17:10:39 ----D---- C:\Program Files\Internet Explorer
2009-06-11 17:10:28 ----D---- C:\WINDOWS\ie7updates
2009-06-03 21:10:33 ----A---- C:\WINDOWS\system32\quartz.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;HID Keyboard Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-31 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-31 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-31 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-31 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-31 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-31 87036]
well ...
the next step, always keep your removable units connected to the PC:
1- Access hidden files:
Go to Start Menu -> My Computer -> Tools -> Folder Options... -> View
* "Show hidden files and folders" ---> checked
* "Hide extensions for known file types" ---> unchecked
* "Hide protected operating system files" ---> unchecked
-> confirm the changes ("apply" then "ok").
( you will revert to the initial settings once the disinfection is complete, not before... )
2- Go to this site:
https://www.virustotal.com/gui/
Copy the following and paste it into the search box (or click "browse" and go to the requested file):
G:\r6d0.bat
Click on Send File ( = "Send file").
A report will be created line by line.
Wait for it to finish... It should include the size of the sent file.
Save the report using Notepad.
Copy it into your next response...
( If VirusTotal indicates that the file has already been analyzed, click the Reanalyze file now button )
Do the same for:
E:\Info.exe
So send me these 2 reports (especially the beginning with the AV listing, and clearly specify at the top of each which file they correspond to) and wait for the next steps...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are in the clear until we tell you so!
the next step, always keep your removable units connected to the PC:
1- Access hidden files:
Go to Start Menu -> My Computer -> Tools -> Folder Options... -> View
* "Show hidden files and folders" ---> checked
* "Hide extensions for known file types" ---> unchecked
* "Hide protected operating system files" ---> unchecked
-> confirm the changes ("apply" then "ok").
( you will revert to the initial settings once the disinfection is complete, not before... )
2- Go to this site:
https://www.virustotal.com/gui/
Copy the following and paste it into the search box (or click "browse" and go to the requested file):
G:\r6d0.bat
Click on Send File ( = "Send file").
A report will be created line by line.
Wait for it to finish... It should include the size of the sent file.
Save the report using Notepad.
Copy it into your next response...
( If VirusTotal indicates that the file has already been analyzed, click the Reanalyze file now button )
Do the same for:
E:\Info.exe
So send me these 2 reports (especially the beginning with the AV listing, and clearly specify at the top of each which file they correspond to) and wait for the next steps...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: do not think you are in the clear until we tell you so!
Hello, gr6d0:
File r6d0.bat received on 2009.07.18 12:10:31 (UTC)
Current status: loading ... queued waiting for analysis completed NOT FOUND STOPPED
Result: 32/40 (80%)
loading server information...
Your file is in the queue, in position: 2.
The estimated start time is between 50 and 71 seconds.
Do not close the window until the analysis is complete.
The analyzer that was processing your file is currently stopped, we will wait a few seconds to try to retrieve your results.
If you have been waiting for more than five minutes, you need to resend your file.
Your file is currently being analyzed by VirusTotal,
results will be displayed as they are generated.
Formatted Print results
Your file has expired or does not exist.
The service is currently stopped, your file has been waiting to be analyzed (position: ) for an indefinite period.
You can wait for a response from the web (automatic reloading) or enter your email in the form below and click "Request" so that the system can send you a notification when the analysis is complete.
Email:
Antivirus Version Last update Result
a-squared 4.5.0.24 2009.07.18 Trojan-Downloader.Win32.Frethog!IK
AhnLab-V3 5.0.0.2 2009.07.18 -
AntiVir 7.9.0.220 2009.07.17 TR/Drop.Agent.ahdz
Antiy-AVL 2.0.3.7 2009.07.17 Trojan/Win32.Magania.gen
Authentium 5.1.2.4 2009.07.18 W32/Onlinegames.CCE
Avast 4.8.1335.0 2009.07.17 Win32:Kamso
AVG 8.5.0.387 2009.07.18 Worm/AutoRun.GV
BitDefender 7.2 2009.07.18 Trojan.PWS.OnlineGames.KCPX
CAT-QuickHeal 10.00 2009.07.17 TrojanGameThief.Magania.bmfg
ClamAV 0.94.1 2009.07.18 -
Comodo 1690 2009.07.18 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.07.18 Trojan.MulDrop.32563
eTrust-Vet 31.6.6623 2009.07.18 Win32/VMalum.FRSR
F-Prot 4.4.4.56 2009.07.17 W32/Onlinegames.CCE
F-Secure 8.0.14470.0 2009.07.17 Trojan-GameThief.Win32.Magania.bmfg
Fortinet 3.120.0.0 2009.07.18 SPY/Magania
GData 19 2009.07.18 Trojan.PWS.OnlineGames.KCPX
Ikarus T3.1.1.64.0 2009.07.18 Trojan-Downloader.Win32.Frethog
Jiangmin 11.0.800 2009.07.18 -
K7AntiVirus 7.10.794 2009.07.16 -
Kaspersky 7.0.0.125 2009.07.18 Trojan-GameThief.Win32.Magania.bmfg
McAfee 5679 2009.07.17 Generic PWS.ak
McAfee+Artemis 5679 2009.07.17 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.07.18 Heuristic.BehavesLike.Packed.B
Microsoft 1.4803 2009.07.18 Worm:Win32/Taterf.B
NOD32 4256 2009.07.18 -
Norman 6.01.09 2009.07.17 OnLineGames.IAPV
nProtect 2009.1.8.0 2009.07.18 Trojan-PWS/W32.WebGame.110593
Panda 10.0.0.14 2009.07.17 W32/Lineage.LAH
PCTools 4.4.2.0 2009.07.18 -
Prevx 3.0 2009.07.18 Medium Risk Malware
Rising 21.38.52.00 2009.07.18 Trojan.PSW.Win32.GameOnline.ebg
Sophos 4.43.0 2009.07.18 W32/Autorun-ALN
Sunbelt 3.2.1858.2 2009.07.18 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.07.18 Trojan Horse
TheHacker 6.3.4.3.370 2009.07.17 -
TrendMicro 8.950.0.1094 2009.07.17 Cryp_Krap
VBA32 3.12.10.8 2009.07.17 Trojan-GameThief.Win32.Magania.bmfg
ViRobot 2009.7.17.1841 2009.07.17 -
VirusBuster 4.6.5.0 2009.07.16 Trojan.PWS.Magania.QKR
Additional information
File size: 110593 bytes
MD5...: e5bbe23a831694f560f27b66619a86ef
SHA1..: f5074725c44470af226d7897f34e2dfce1b78d96
SHA256: a766f3ba2d13f96c61e172d06ed4233510a2f1c04a856f7a7863ccd114496e13
ssdeep: 3072:YLxS47M+2hrHDX+Y7J5dD7LtGmoFV+zrDVb8j:YLxSUM+EDDuQ5LAmorurD
t8
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x36656
timedatestamp.....: 0x4a4d8633 (Fri Jul 03 04:16:51 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1d000 0x481 7.84 1b254cd183e6830df86c8d8212581149
.data 0x1e000 0x19000 0x19000 7.96 52799512e32a1396234311c89df1127c
.rsrc 0x37000 0xc5cb 0x1601 0.00 bf5e570e96d4a97639e9f9a7a361c924
.rdata 0x44000 0x4b0b 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 1 imports )
> KERNEL32.DLL: CreateDirectoryW, GlobalDeleteAtom, GetCurrentProcessId, GlobalFree, GetLogicalDrives, LoadLibraryA, IsBadReadPtr, CreateDirectoryW, GetProcessVersion
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=4EB5192D0161BB07B0A7019C1ECF040093664F3E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=4EB5192D0161BB07B0A7019C1ECF040093664F3E</a>
File r6d0.bat received on 2009.07.18 12:10:31 (UTC)
Current status: loading ... queued waiting for analysis completed NOT FOUND STOPPED
Result: 32/40 (80%)
loading server information...
Your file is in the queue, in position: 2.
The estimated start time is between 50 and 71 seconds.
Do not close the window until the analysis is complete.
The analyzer that was processing your file is currently stopped, we will wait a few seconds to try to retrieve your results.
If you have been waiting for more than five minutes, you need to resend your file.
Your file is currently being analyzed by VirusTotal,
results will be displayed as they are generated.
Formatted Print results
Your file has expired or does not exist.
The service is currently stopped, your file has been waiting to be analyzed (position: ) for an indefinite period.
You can wait for a response from the web (automatic reloading) or enter your email in the form below and click "Request" so that the system can send you a notification when the analysis is complete.
Email:
Antivirus Version Last update Result
a-squared 4.5.0.24 2009.07.18 Trojan-Downloader.Win32.Frethog!IK
AhnLab-V3 5.0.0.2 2009.07.18 -
AntiVir 7.9.0.220 2009.07.17 TR/Drop.Agent.ahdz
Antiy-AVL 2.0.3.7 2009.07.17 Trojan/Win32.Magania.gen
Authentium 5.1.2.4 2009.07.18 W32/Onlinegames.CCE
Avast 4.8.1335.0 2009.07.17 Win32:Kamso
AVG 8.5.0.387 2009.07.18 Worm/AutoRun.GV
BitDefender 7.2 2009.07.18 Trojan.PWS.OnlineGames.KCPX
CAT-QuickHeal 10.00 2009.07.17 TrojanGameThief.Magania.bmfg
ClamAV 0.94.1 2009.07.18 -
Comodo 1690 2009.07.18 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.07.18 Trojan.MulDrop.32563
eTrust-Vet 31.6.6623 2009.07.18 Win32/VMalum.FRSR
F-Prot 4.4.4.56 2009.07.17 W32/Onlinegames.CCE
F-Secure 8.0.14470.0 2009.07.17 Trojan-GameThief.Win32.Magania.bmfg
Fortinet 3.120.0.0 2009.07.18 SPY/Magania
GData 19 2009.07.18 Trojan.PWS.OnlineGames.KCPX
Ikarus T3.1.1.64.0 2009.07.18 Trojan-Downloader.Win32.Frethog
Jiangmin 11.0.800 2009.07.18 -
K7AntiVirus 7.10.794 2009.07.16 -
Kaspersky 7.0.0.125 2009.07.18 Trojan-GameThief.Win32.Magania.bmfg
McAfee 5679 2009.07.17 Generic PWS.ak
McAfee+Artemis 5679 2009.07.17 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.07.18 Heuristic.BehavesLike.Packed.B
Microsoft 1.4803 2009.07.18 Worm:Win32/Taterf.B
NOD32 4256 2009.07.18 -
Norman 6.01.09 2009.07.17 OnLineGames.IAPV
nProtect 2009.1.8.0 2009.07.18 Trojan-PWS/W32.WebGame.110593
Panda 10.0.0.14 2009.07.17 W32/Lineage.LAH
PCTools 4.4.2.0 2009.07.18 -
Prevx 3.0 2009.07.18 Medium Risk Malware
Rising 21.38.52.00 2009.07.18 Trojan.PSW.Win32.GameOnline.ebg
Sophos 4.43.0 2009.07.18 W32/Autorun-ALN
Sunbelt 3.2.1858.2 2009.07.18 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.07.18 Trojan Horse
TheHacker 6.3.4.3.370 2009.07.17 -
TrendMicro 8.950.0.1094 2009.07.17 Cryp_Krap
VBA32 3.12.10.8 2009.07.17 Trojan-GameThief.Win32.Magania.bmfg
ViRobot 2009.7.17.1841 2009.07.17 -
VirusBuster 4.6.5.0 2009.07.16 Trojan.PWS.Magania.QKR
Additional information
File size: 110593 bytes
MD5...: e5bbe23a831694f560f27b66619a86ef
SHA1..: f5074725c44470af226d7897f34e2dfce1b78d96
SHA256: a766f3ba2d13f96c61e172d06ed4233510a2f1c04a856f7a7863ccd114496e13
ssdeep: 3072:YLxS47M+2hrHDX+Y7J5dD7LtGmoFV+zrDVb8j:YLxSUM+EDDuQ5LAmorurD
t8
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x36656
timedatestamp.....: 0x4a4d8633 (Fri Jul 03 04:16:51 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1d000 0x481 7.84 1b254cd183e6830df86c8d8212581149
.data 0x1e000 0x19000 0x19000 7.96 52799512e32a1396234311c89df1127c
.rsrc 0x37000 0xc5cb 0x1601 0.00 bf5e570e96d4a97639e9f9a7a361c924
.rdata 0x44000 0x4b0b 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 1 imports )
> KERNEL32.DLL: CreateDirectoryW, GlobalDeleteAtom, GetCurrentProcessId, GlobalFree, GetLogicalDrives, LoadLibraryA, IsBadReadPtr, CreateDirectoryW, GetProcessVersion
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=4EB5192D0161BB07B0A7019C1ECF040093664F3E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=4EB5192D0161BB07B0A7019C1ECF040093664F3E</a>
Et inf.exe:
File Info.exe received on 2009.07.18 12:15:37 (UTC)
Current status: loading ... queued awaiting analysis completed NOT FOUND STOPPED
Result: 1/41 (2.44%)
loading information from the server...
Your file is in the queue, in position: ___.
The estimated start time is between ___ and ___.
Please do not close the window until the analysis is complete.
The analyzer processing your file is currently stopped, we will wait a few seconds to try to retrieve your results.
If you have been waiting for more than five minutes, you need to resend your file.
Your file is currently being analyzed by VirusTotal,
results will be displayed as they are generated.
Formatted Print results
Your file has expired or does not exist.
The service is currently stopped, your file has been waiting to be analyzed (position: ) for an indefinite time.
You can wait for a response from the Web (automatic reload) or enter your email in the form below and click "Request" for the system to send you a notification when the analysis is complete.
Email:
Antivirus Version Last updated Result
a-squared 4.5.0.24 2009.07.18 -
AhnLab-V3 5.0.0.2 2009.07.18 -
AntiVir 7.9.0.220 2009.07.17 -
Antiy-AVL 2.0.3.7 2009.07.17 -
Authentium 5.1.2.4 2009.07.18 -
Avast 4.8.1335.0 2009.07.17 -
AVG 8.5.0.387 2009.07.18 -
BitDefender 7.2 2009.07.18 -
CAT-QuickHeal 10.00 2009.07.17 -
ClamAV 0.94.1 2009.07.18 -
Comodo 1690 2009.07.18 -
DrWeb 5.0.0.12182 2009.07.18 -
eSafe 7.0.17.0 2009.07.16 -
eTrust-Vet 31.6.6623 2009.07.18 -
F-Prot 4.4.4.56 2009.07.17 -
F-Secure 8.0.14470.0 2009.07.17 -
Fortinet 3.120.0.0 2009.07.18 -
GData 19 2009.07.18 -
Ikarus T3.1.1.64.0 2009.07.18 -
Jiangmin 11.0.800 2009.07.18 -
K7AntiVirus 7.10.794 2009.07.16 -
Kaspersky 7.0.0.125 2009.07.18 -
McAfee 5679 2009.07.17 -
McAfee+Artemis 5679 2009.07.17 -
McAfee-GW-Edition 6.8.5 2009.07.18 -
Microsoft 1.4803 2009.07.18 -
NOD32 4256 2009.07.18 -
Norman 6.01.09 2009.07.17 -
nProtect 2009.1.8.0 2009.07.18 -
Panda 10.0.0.14 2009.07.17 -
PCTools 4.4.2.0 2009.07.18 -
Prevx 3.0 2009.07.18 -
Rising 21.38.52.00 2009.07.18 -
Sophos 4.43.0 2009.07.18 -
Sunbelt 3.2.1858.2 2009.07.18 -
Symantec 1.4.4.12 2009.07.18 -
TheHacker 6.3.4.3.370 2009.07.17 -
TrendMicro 8.950.0.1094 2009.07.17 -
VBA32 3.12.10.8 2009.07.17 -
ViRobot 2009.7.17.1841 2009.07.17 Trojan.Win32.Autorun.73728.E
VirusBuster 4.6.5.0 2009.07.16 -
Additional information
File size: 73728 bytes
MD5...: 6c487182578d1253831725a7cdc606c3
SHA1..: b1bc21a4c05a12ec624f0d500aa678b702de6acd
SHA256: ee578cb48d8d03e74f1188fbecd68badc6088f5adf61a2feffa352c152c216e1
ssdeep: 768:TM4GmjjcjWFXd5/XSj7wlOE1CVG9nAc76BWU4:TzqUN5/BlOSCVBKA4
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2031
timedatestamp.....: 0x41ac531c (Tue Nov 30 11:01:48 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44fa 0x5000 6.07 598683178b3435efe7815bf8bb7c6e70
.rdata 0x6000 0xc9c 0x1000 4.52 07c5e6545f3db748f5816a82c4d47853
.data 0x7000 0x2afc 0x3000 0.56 1d27cd815188a048381f6b278a327a5c
.rsrc 0xa000 0x7dc8 0x8000 4.78 2ab8be94e1623347f338bc43a46654a6
( 5 imports )
> KERNEL32.dll: GetVersionExA, GetProcAddress, GetModuleHandleA, FreeLibrary, LoadLibraryA, GetModuleFileNameA, LCMapStringA, GetOEMCP, GetACP, GetCPInfo, GetStringTypeW, GetStringTypeA, MultiByteToWideChar, HeapReAlloc, VirtualAlloc, ReadFile, RtlUnwind, CreateFileA, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapAlloc, HeapFree, GetVersion, lstrlenA, WriteFile, lstrcpyA, LCMapStringW, GetCommandLineA, GetStartupInfoA, GetCurrentProcess, TerminateProcess, VirtualFree, CloseHandle, ExitProcess
> USER32.dll: SendMessageA, GetClientRect, CopyAcceleratorTableA, BeginPaint, EndPaint, DefWindowProcA, DestroyWindow, PostQuitMessage, MoveWindow, LoadIconA, LoadCursorA, RegisterClassExA, CreateWindowExA, ShowWindow, UpdateWindow, GetMessageA, TranslateMessage, DispatchMessageA, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetSystemMetrics
> ole32.dll: CoUninitialize, CoInitialize, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal
> COMCTL32.dll: -
> SHLWAPI.dll: PathAppendA, PathRemoveFileSpecA
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=6c487182578d1253831725a7cdc606c3' target='_blank'>https://www.symantec.com?md5=6c487182578d1253831725a7cdc606c3</a>
File Info.exe received on 2009.07.18 12:15:37 (UTC)
Current status: loading ... queued awaiting analysis completed NOT FOUND STOPPED
Result: 1/41 (2.44%)
loading information from the server...
Your file is in the queue, in position: ___.
The estimated start time is between ___ and ___.
Please do not close the window until the analysis is complete.
The analyzer processing your file is currently stopped, we will wait a few seconds to try to retrieve your results.
If you have been waiting for more than five minutes, you need to resend your file.
Your file is currently being analyzed by VirusTotal,
results will be displayed as they are generated.
Formatted Print results
Your file has expired or does not exist.
The service is currently stopped, your file has been waiting to be analyzed (position: ) for an indefinite time.
You can wait for a response from the Web (automatic reload) or enter your email in the form below and click "Request" for the system to send you a notification when the analysis is complete.
Email:
Antivirus Version Last updated Result
a-squared 4.5.0.24 2009.07.18 -
AhnLab-V3 5.0.0.2 2009.07.18 -
AntiVir 7.9.0.220 2009.07.17 -
Antiy-AVL 2.0.3.7 2009.07.17 -
Authentium 5.1.2.4 2009.07.18 -
Avast 4.8.1335.0 2009.07.17 -
AVG 8.5.0.387 2009.07.18 -
BitDefender 7.2 2009.07.18 -
CAT-QuickHeal 10.00 2009.07.17 -
ClamAV 0.94.1 2009.07.18 -
Comodo 1690 2009.07.18 -
DrWeb 5.0.0.12182 2009.07.18 -
eSafe 7.0.17.0 2009.07.16 -
eTrust-Vet 31.6.6623 2009.07.18 -
F-Prot 4.4.4.56 2009.07.17 -
F-Secure 8.0.14470.0 2009.07.17 -
Fortinet 3.120.0.0 2009.07.18 -
GData 19 2009.07.18 -
Ikarus T3.1.1.64.0 2009.07.18 -
Jiangmin 11.0.800 2009.07.18 -
K7AntiVirus 7.10.794 2009.07.16 -
Kaspersky 7.0.0.125 2009.07.18 -
McAfee 5679 2009.07.17 -
McAfee+Artemis 5679 2009.07.17 -
McAfee-GW-Edition 6.8.5 2009.07.18 -
Microsoft 1.4803 2009.07.18 -
NOD32 4256 2009.07.18 -
Norman 6.01.09 2009.07.17 -
nProtect 2009.1.8.0 2009.07.18 -
Panda 10.0.0.14 2009.07.17 -
PCTools 4.4.2.0 2009.07.18 -
Prevx 3.0 2009.07.18 -
Rising 21.38.52.00 2009.07.18 -
Sophos 4.43.0 2009.07.18 -
Sunbelt 3.2.1858.2 2009.07.18 -
Symantec 1.4.4.12 2009.07.18 -
TheHacker 6.3.4.3.370 2009.07.17 -
TrendMicro 8.950.0.1094 2009.07.17 -
VBA32 3.12.10.8 2009.07.17 -
ViRobot 2009.7.17.1841 2009.07.17 Trojan.Win32.Autorun.73728.E
VirusBuster 4.6.5.0 2009.07.16 -
Additional information
File size: 73728 bytes
MD5...: 6c487182578d1253831725a7cdc606c3
SHA1..: b1bc21a4c05a12ec624f0d500aa678b702de6acd
SHA256: ee578cb48d8d03e74f1188fbecd68badc6088f5adf61a2feffa352c152c216e1
ssdeep: 768:TM4GmjjcjWFXd5/XSj7wlOE1CVG9nAc76BWU4:TzqUN5/BlOSCVBKA4
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2031
timedatestamp.....: 0x41ac531c (Tue Nov 30 11:01:48 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44fa 0x5000 6.07 598683178b3435efe7815bf8bb7c6e70
.rdata 0x6000 0xc9c 0x1000 4.52 07c5e6545f3db748f5816a82c4d47853
.data 0x7000 0x2afc 0x3000 0.56 1d27cd815188a048381f6b278a327a5c
.rsrc 0xa000 0x7dc8 0x8000 4.78 2ab8be94e1623347f338bc43a46654a6
( 5 imports )
> KERNEL32.dll: GetVersionExA, GetProcAddress, GetModuleHandleA, FreeLibrary, LoadLibraryA, GetModuleFileNameA, LCMapStringA, GetOEMCP, GetACP, GetCPInfo, GetStringTypeW, GetStringTypeA, MultiByteToWideChar, HeapReAlloc, VirtualAlloc, ReadFile, RtlUnwind, CreateFileA, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapAlloc, HeapFree, GetVersion, lstrlenA, WriteFile, lstrcpyA, LCMapStringW, GetCommandLineA, GetStartupInfoA, GetCurrentProcess, TerminateProcess, VirtualFree, CloseHandle, ExitProcess
> USER32.dll: SendMessageA, GetClientRect, CopyAcceleratorTableA, BeginPaint, EndPaint, DefWindowProcA, DestroyWindow, PostQuitMessage, MoveWindow, LoadIconA, LoadCursorA, RegisterClassExA, CreateWindowExA, ShowWindow, UpdateWindow, GetMessageA, TranslateMessage, DispatchMessageA, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetSystemMetrics
> ole32.dll: CoUninitialize, CoInitialize, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal
> COMCTL32.dll: -
> SHLWAPI.dll: PathAppendA, PathRemoveFileSpecA
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=6c487182578d1253831725a7cdc606c3' target='_blank'>https://www.symantec.com?md5=6c487182578d1253831725a7cdc606c3</a>
Hi,
back from the weekend ... =)
the first file to analyze is a nice piece of junk ...
do the following in order:
! always keep your external units connected to the PC!
1- Download OTM (by Old_Timer) to your Desktop.
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
! Disconnect and close all your open applications!
Double click on "OTM.exe" to open the program.
Then copy what is in quotes below,
:Files
G:\r6d0.bat
:Commands
[purity]
[emptytemp]
[Reboot]
and paste it into the left pane of OTM:
Paste Instructions for items to be moved.
(do not touch anything else!)
-> click on MoveIt! to start the deletion.
-> let the tool work ...
-> once finished, a small window opens: click on "Yes".
Your PC will restart by itself to finish the deletion ...
During the restart, if you're asked to allow OTM to run, accept (so that the tool can finish its job ...).
--> Post the content of the report found in the folder "C:\_OTM\MovedFiles"
( "xxxx2009_xxxxxx.log" where the "x" corresponds to the day and time of use).
once this report is posted, you move on ...
================
2- Download MalwareByte's:
here http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
or here: http://www.malwarebytes.org/mbam.php
* Install it (make sure to choose "French"; do not modify the installation settings) and update it.
(NB: If you are missing "COMCTL32.OCX" during installation, then download it here: https://www.malekal.com/tutorial-aboutbuster/)
* Study the tutorial to familiarize yourself with the program:
https://forum.pcastuces.com/sujet.asp?f=31&s=3
(that said, it's very easy to use).
! Disconnect and close all applications!
* Launch Malwarebyte's.
Do a scan called "Quick".
--> Let the program work (and do nothing else with the PC during the scan).
--> at the end click on "results".
--> Ensure that all infected items are checked, then click on "delete".
Note: if you need to restart your PC to finish the cleanup, do it!
Post the saved report after the deletion of infected items (in the "report/log" tab of Malwarebytes, the most recent one),
along with a new RSIT report (log.txt) for analysis ...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don't think you're in the clear until we
tell you so!
back from the weekend ... =)
the first file to analyze is a nice piece of junk ...
do the following in order:
! always keep your external units connected to the PC!
1- Download OTM (by Old_Timer) to your Desktop.
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
! Disconnect and close all your open applications!
Double click on "OTM.exe" to open the program.
Then copy what is in quotes below,
:Files
G:\r6d0.bat
:Commands
[purity]
[emptytemp]
[Reboot]
and paste it into the left pane of OTM:
Paste Instructions for items to be moved.
(do not touch anything else!)
-> click on MoveIt! to start the deletion.
-> let the tool work ...
-> once finished, a small window opens: click on "Yes".
Your PC will restart by itself to finish the deletion ...
During the restart, if you're asked to allow OTM to run, accept (so that the tool can finish its job ...).
--> Post the content of the report found in the folder "C:\_OTM\MovedFiles"
( "xxxx2009_xxxxxx.log" where the "x" corresponds to the day and time of use).
once this report is posted, you move on ...
================
2- Download MalwareByte's:
here http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
or here: http://www.malwarebytes.org/mbam.php
* Install it (make sure to choose "French"; do not modify the installation settings) and update it.
(NB: If you are missing "COMCTL32.OCX" during installation, then download it here: https://www.malekal.com/tutorial-aboutbuster/)
* Study the tutorial to familiarize yourself with the program:
https://forum.pcastuces.com/sujet.asp?f=31&s=3
(that said, it's very easy to use).
! Disconnect and close all applications!
* Launch Malwarebyte's.
Do a scan called "Quick".
--> Let the program work (and do nothing else with the PC during the scan).
--> at the end click on "results".
--> Ensure that all infected items are checked, then click on "delete".
Note: if you need to restart your PC to finish the cleanup, do it!
Post the saved report after the deletion of infected items (in the "report/log" tab of Malwarebytes, the most recent one),
along with a new RSIT report (log.txt) for analysis ...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don't think you're in the clear until we
tell you so!
Hello, thank you for taking the time to dedicate to me:
OTM report:
All processes killed
========== FILES ==========
G:\r6d0.bat moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 206 bytes
->Temporary Internet Files folder emptied: 5312394 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 7353164 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3787264 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_674.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 66019 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 15.90 mb
OTM by OldTimer - Version 3.0.0.5 log created on 07202009_125653
Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_674.dat moved successfully.
Registry entries deleted on Reboot...
OTM report:
All processes killed
========== FILES ==========
G:\r6d0.bat moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 206 bytes
->Temporary Internet Files folder emptied: 5312394 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 7353164 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3787264 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_674.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 66019 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 15.90 mb
OTM by OldTimer - Version 3.0.0.5 log created on 07202009_125653
Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_674.dat moved successfully.
Registry entries deleted on Reboot...
MBAM REPORT:
Malwarebytes' Anti-Malware 1.39
Database version: 2426
Windows 5.1.2600 Service Pack 3
07/20/2009 13:09:34
mbam-log-2009-07-20 (13-09-34).txt
Scan type: Quick scan
Items scanned: 87911
Elapsed time: 4 minute(s), 16 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 2
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 0
Infected memory process(es):
(No harmful item detected)
Infected memory module(s):
(No harmful item detected)
Infected Registry key(s):
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
Infected Registry value(s):
(No harmful item detected)
Infected Registry data item(s):
(No harmful item detected)
Infected folder(s):
(No harmful item detected)
Infected file(s):
(No harmful item detected)
Malwarebytes' Anti-Malware 1.39
Database version: 2426
Windows 5.1.2600 Service Pack 3
07/20/2009 13:09:34
mbam-log-2009-07-20 (13-09-34).txt
Scan type: Quick scan
Items scanned: 87911
Elapsed time: 4 minute(s), 16 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 2
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 0
Infected memory process(es):
(No harmful item detected)
Infected memory module(s):
(No harmful item detected)
Infected Registry key(s):
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
Infected Registry value(s):
(No harmful item detected)
Infected Registry data item(s):
(No harmful item detected)
Infected folder(s):
(No harmful item detected)
Infected file(s):
(No harmful item detected)
New RSIT report:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-20 13:10:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (29%) free of 31 GB
Total RAM: 503 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:29, on 20/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = DED7AE736F93E5FF9AGF4367FE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menu item: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1c9fb51eec06ee2) (gupdate1c9fb51eec06ee2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 9342 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-25 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-22 17920]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-05-08 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 184320]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-05 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-25 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-09-17 210168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
AsWlnPkg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=FFFFFFFF
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"BackupNoCDBurning"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Soulseek-Test\slsk.exe"="C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 2 months======
2009-07-20 12:56:53 ----D---- C:\_OTM
2009-07-16 19:28:41 ----RASHD---- C:\autorun.inf
2009-07-16 19:15:36 ----A---- C:\FindyKill.txt
2009-07-16 18:09:42 ----D---- C:\FindyKill
2009-07-16 18:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 18:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 18:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-15 18:59:36 ----D---- C:\Program Files\Trend Micro
2009-07-15 13:50:54 ----D---- C:\rsit
2009-07-14 16:02:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-07-14 16:01:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-14 16:01:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-02 22:15:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-11 17:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 17:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 17:10:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 17:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
======List of files/folders modified in the last 2 months======
2009-07-20 13:09:33 ----D---- C:\WINDOWS\Prefetch
2009-07-20 13:03:12 ----D---- C:\WINDOWS\Temp
2009-07-20 12:59:06 ----SD---- C:\WINDOWS\Tasks
2009-07-20 12:58:59 ----D---- C:\WINDOWS\SMINST
2009-07-20 12:58:57 ----D---- C:\WINDOWS\system32
2009-07-20 12:57:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-20 12:57:02 ----D---- C:\WINDOWS
2009-07-16 19:32:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-16 19:28:56 ----SHD---- C:\RECYCLER
2009-07-16 18:21:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-16 18:08:06 ----HD---- C:\WINDOWS\inf
2009-07-16 18:07:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-16 18:07:50 ----A---- C:\WINDOWS\imsins.BAK
2009-07-16 18:07:46 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-15 18:59:36 ----RD---- C:\Program Files
2009-07-14 16:01:35 ----D---- C:\WINDOWS\system32\drivers
2009-07-14 15:33:48 ----D---- C:\WINDOWS\Minidump
2009-07-08 18:42:33 ----SHD---- C:\WINDOWS\Installer
2009-07-08 18:42:33 ----HD---- C:\Config.Msi
2009-07-08 18:42:28 ----D---- C:\Program Files\Google
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-03 17:54:46 ----D---- C:\Program Files\eMule
2009-07-03 00:03:26 ----D---- C:\Program Files\Soulseek
2009-07-02 22:17:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Google
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-11 17:10:39 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-11 17:10:39 ----D---- C:\Program Files\Internet Explorer
2009-06-11 17:10:28 ----D---- C:\WINDOWS\ie7updates
2009-06-03 21:10:33 ----A---- C:\WINDOWS\system32\quartz.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2005-08-25 80012]
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-20 13:10:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (29%) free of 31 GB
Total RAM: 503 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:29, on 20/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = DED7AE736F93E5FF9AGF4367FE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menu item: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1c9fb51eec06ee2) (gupdate1c9fb51eec06ee2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 9342 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-25 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-08 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-22 17920]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-05-08 131072]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 184320]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-05 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-25 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-09-17 210168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
AsWlnPkg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=FFFFFFFF
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"BackupNoCDBurning"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Soulseek-Test\slsk.exe"="C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 2 months======
2009-07-20 12:56:53 ----D---- C:\_OTM
2009-07-16 19:28:41 ----RASHD---- C:\autorun.inf
2009-07-16 19:15:36 ----A---- C:\FindyKill.txt
2009-07-16 18:09:42 ----D---- C:\FindyKill
2009-07-16 18:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 18:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 18:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-15 18:59:36 ----D---- C:\Program Files\Trend Micro
2009-07-15 13:50:54 ----D---- C:\rsit
2009-07-14 16:02:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-07-14 16:01:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-14 16:01:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-02 22:15:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-11 17:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 17:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 17:10:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 17:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
======List of files/folders modified in the last 2 months======
2009-07-20 13:09:33 ----D---- C:\WINDOWS\Prefetch
2009-07-20 13:03:12 ----D---- C:\WINDOWS\Temp
2009-07-20 12:59:06 ----SD---- C:\WINDOWS\Tasks
2009-07-20 12:58:59 ----D---- C:\WINDOWS\SMINST
2009-07-20 12:58:57 ----D---- C:\WINDOWS\system32
2009-07-20 12:57:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-20 12:57:02 ----D---- C:\WINDOWS
2009-07-16 19:32:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-16 19:28:56 ----SHD---- C:\RECYCLER
2009-07-16 18:21:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-16 18:08:06 ----HD---- C:\WINDOWS\inf
2009-07-16 18:07:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-16 18:07:50 ----A---- C:\WINDOWS\imsins.BAK
2009-07-16 18:07:46 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-15 18:59:36 ----RD---- C:\Program Files
2009-07-14 16:01:35 ----D---- C:\WINDOWS\system32\drivers
2009-07-14 15:33:48 ----D---- C:\WINDOWS\Minidump
2009-07-08 18:42:33 ----SHD---- C:\WINDOWS\Installer
2009-07-08 18:42:33 ----HD---- C:\Config.Msi
2009-07-08 18:42:28 ----D---- C:\Program Files\Google
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-03 17:54:46 ----D---- C:\Program Files\eMule
2009-07-03 00:03:26 ----D---- C:\Program Files\Soulseek
2009-07-02 22:17:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Google
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-11 17:10:39 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-11 17:10:39 ----D---- C:\Program Files\Internet Explorer
2009-06-11 17:10:28 ----D---- C:\WINDOWS\ie7updates
2009-06-03 21:10:33 ----A---- C:\WINDOWS\system32\quartz.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2005-08-25 80012]
well ...
1- Download CCleaner:
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
or https://www.pcastuces.com/logitheque/ccleaner.htm
This software will help you remove all temporary files and fix your registry.
During installation:
- make sure to choose "French" as the language.
- before clicking the "install" button, uncheck all "additional options" except for the first two.
A tutorial (help):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
---> Usage:
* Uncheck in the Options menu - Advanced submenu:
Only delete files from the Windows temp folder that are older than 48 hours.
! disconnect and close all running applications!
* go to "cleaner": do -analyze- then -clean-
* go to "registry": do -search for issues- and -fix all issues-
( several times until there are no more errors).
( CCleaner: software to keep on your PC, super useful for good cleanups ... )
===========================
2- Download GenProc (by Jean-Chretien1 and Narco4) to your desktop (and not elsewhere!):
http://www.genproc.com/GenProc.exe
!! close your running applications !!
* double-click on GenProc.exe to start the scan and let it run ...
* When asked "do you get help on a forum..." > click "yes".
-> post the content of the report that opens ...
Help with images here: http://www.alt-shift-return.org/Info/GenProc-HowTo.html
IMPORTANT: post the report and do nothing else for now (often you need to add instructions to the indicated process for it to work perfectly).
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don’t think you’re out of the woods until we
tell you so!
1- Download CCleaner:
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
or https://www.pcastuces.com/logitheque/ccleaner.htm
This software will help you remove all temporary files and fix your registry.
During installation:
- make sure to choose "French" as the language.
- before clicking the "install" button, uncheck all "additional options" except for the first two.
A tutorial (help):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
---> Usage:
* Uncheck in the Options menu - Advanced submenu:
Only delete files from the Windows temp folder that are older than 48 hours.
! disconnect and close all running applications!
* go to "cleaner": do -analyze- then -clean-
* go to "registry": do -search for issues- and -fix all issues-
( several times until there are no more errors).
( CCleaner: software to keep on your PC, super useful for good cleanups ... )
===========================
2- Download GenProc (by Jean-Chretien1 and Narco4) to your desktop (and not elsewhere!):
http://www.genproc.com/GenProc.exe
!! close your running applications !!
* double-click on GenProc.exe to start the scan and let it run ...
* When asked "do you get help on a forum..." > click "yes".
-> post the content of the report that opens ...
Help with images here: http://www.alt-shift-return.org/Info/GenProc-HowTo.html
IMPORTANT: post the report and do nothing else for now (often you need to add instructions to the indicated process for it to work perfectly).
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don’t think you’re out of the woods until we
tell you so!
Here is the GenProc report:
GenProc Report 2.606 [1] - 07/20/2009 at 17:02:52
@ Windows XP Service Pack 3 - Normal mode
@ Internet Explorer (7.0.5730.13) [Default browser]
~~ DOWNLOAD FAILURE OF MBR.EXE ~~
~~ DOWNLOAD FAILURE OF HIJACKTHIS ~~
GenProc has not detected any characteristic infection and suggests following the procedure below:
Post a Nod32 report https://www.eset.com/ (you must use Internet Explorer)
- check all boxes each time, and when finished, paste the report:
- C:\Program Files\EsetOnlineScanner\log.txt
----------------------------------------------------------------------
Official GenProc sites: www.alt-shift-return.org and www.genproc.com
----------------------------------------------------------------------
~~ End at 17:04:00 ~~
GenProc Report 2.606 [1] - 07/20/2009 at 17:02:52
@ Windows XP Service Pack 3 - Normal mode
@ Internet Explorer (7.0.5730.13) [Default browser]
~~ DOWNLOAD FAILURE OF MBR.EXE ~~
~~ DOWNLOAD FAILURE OF HIJACKTHIS ~~
GenProc has not detected any characteristic infection and suggests following the procedure below:
Post a Nod32 report https://www.eset.com/ (you must use Internet Explorer)
- check all boxes each time, and when finished, paste the report:
- C:\Program Files\EsetOnlineScanner\log.txt
----------------------------------------------------------------------
Official GenProc sites: www.alt-shift-return.org and www.genproc.com
----------------------------------------------------------------------
~~ End at 17:04:00 ~~
Well ...
Tell me how the PC is doing ... better?
Then do this in order (if the last report is clean, we will finalize afterwards):
(Don't skip any steps! If you encounter an issue during this process, stop and let me know)
1-Download ToolsCleaner (by A.Rothstein) to your Desktop.
http://pc-system.fr/
Disconnect and make sure to close all your running applications.
Launch it.
*Click on Search and let the scan finish (this may take a while).
*Click on Delete to finalize.
*Click on "quit" to generate a report (not on the red cross!):
--> Post this report: it is located at the root of your hard drive -> C:\TCleaner.txt .
Note: This little tool will clean up all the stuff we used for disinfecting.
Delete all tools, folders, or reports related to the disinfection that Toolscleaner2 did not delete.
(Keep CCleaner and Malwarebytes: very useful!)
======================================
2- Do another run of CCleaner (including the registry).
======================================
3- Redownload and reinstall hijackthis (as it was removed by Toolscleaner2),
Download and install the HijackThis software:
here http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
or here http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
or here https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-> Click on the setup to start the installation: follow the prompts and do not change the installation settings.
At the end of the installation, the program will launch automatically: close it by clicking on the red cross.
In the end, you should have a shortcut on your desktop and also a path like:
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe ".
(Do not scan for the moment)
======================================
4- Important:
System restore purge
*Disable your restore:
Right-click on My Computer/properties/System Restore/check the box to disable restoration, apply, OK
---> Restart your PC ...
*Re-enable your restore:
Right-click on My Computer/properties/System Restore/uncheck the box to disable restoration, apply, OK
--->Restart your PC ...
(Note: you can also access it via Control Panel->" System "->" System Restore ").
======================================
5- Run an online scan with Kaspersky:
Follow the instructions in this tutorial > http://www.commentcamarche.net/faq/sujet 17751 online scanner with kaspersky
Be sure to save the report in ".txt" format and post its contents in your next response ...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don't think you're out of trouble until we tell you!
Tell me how the PC is doing ... better?
Then do this in order (if the last report is clean, we will finalize afterwards):
(Don't skip any steps! If you encounter an issue during this process, stop and let me know)
1-Download ToolsCleaner (by A.Rothstein) to your Desktop.
http://pc-system.fr/
Disconnect and make sure to close all your running applications.
Launch it.
*Click on Search and let the scan finish (this may take a while).
*Click on Delete to finalize.
*Click on "quit" to generate a report (not on the red cross!):
--> Post this report: it is located at the root of your hard drive -> C:\TCleaner.txt .
Note: This little tool will clean up all the stuff we used for disinfecting.
Delete all tools, folders, or reports related to the disinfection that Toolscleaner2 did not delete.
(Keep CCleaner and Malwarebytes: very useful!)
======================================
2- Do another run of CCleaner (including the registry).
======================================
3- Redownload and reinstall hijackthis (as it was removed by Toolscleaner2),
Download and install the HijackThis software:
here http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
or here http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
or here https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-> Click on the setup to start the installation: follow the prompts and do not change the installation settings.
At the end of the installation, the program will launch automatically: close it by clicking on the red cross.
In the end, you should have a shortcut on your desktop and also a path like:
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe ".
(Do not scan for the moment)
======================================
4- Important:
System restore purge
*Disable your restore:
Right-click on My Computer/properties/System Restore/check the box to disable restoration, apply, OK
---> Restart your PC ...
*Re-enable your restore:
Right-click on My Computer/properties/System Restore/uncheck the box to disable restoration, apply, OK
--->Restart your PC ...
(Note: you can also access it via Control Panel->" System "->" System Restore ").
======================================
5- Run an online scan with Kaspersky:
Follow the instructions in this tutorial > http://www.commentcamarche.net/faq/sujet 17751 online scanner with kaspersky
Be sure to save the report in ".txt" format and post its contents in your next response ...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT: don't think you're out of trouble until we tell you!
Listen, the PC seems to be doing better but I'm only turning it on to do the tasks you give me.
Avast has stayed disconnected so it's no longer harassing me with its detections.
I'm giving you the result of the first part.
the tcleaner.txt:
[ Report ToolsCleaner version 2.3.7 (by A.Rothstein & dj QUIOU) ]
--> Search:
C:\FindyKill.txt: found!
C:\GenProc: found!
C:\_OTM: found!
C:\FindyKill: found!
C:\Rsit: found!
C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk: found!
C:\Documents and Settings\Administrator\Desktop\OTM.exe: found!
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe: found!
C:\Documents and Settings\Administrator\Desktop\hijackthis.log: found!
C:\Documents and Settings\Administrator\Desktop\FindyKill.txt: found!
C:\Documents and Settings\Administrator\Desktop\Rsit.exe: found!
C:\Documents and Settings\Administrator\Start Menu\Programs\FindyKill: found!
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: found!
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: found!
C:\GenProc\Page\GenProc[*].html: found!
C:\Program Files\Trend Micro\HijackThis: found!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: found!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: found!
C:\System.sav\util\mbr.log: found!
---------------------------------
--> Deletion:
C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk: deleted!
C:\Documents and Settings\Administrator\Desktop\OTM.exe: deleted!
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe: deleted!
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: deleted!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: deleted!
C:\FindyKill.txt: deleted!
C:\Documents and Settings\Administrator\Desktop\hijackthis.log: deleted!
C:\Documents and Settings\Administrator\Desktop\FindyKill.txt: deleted!
C:\Documents and Settings\Administrator\Desktop\Rsit.exe: deleted!
C:\GenProc\Page\GenProc[*].html: DELETION ERROR!!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: deleted!
C:\System.sav\util\mbr.log: deleted!
C:\GenProc: deleted!
C:\_OTM: deleted!
C:\FindyKill: deleted!
C:\Rsit: deleted!
C:\Documents and Settings\Administrator\Start Menu\Programs\FindyKill: deleted!
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: deleted!
C:\Program Files\Trend Micro\HijackThis: deleted!
Avast has stayed disconnected so it's no longer harassing me with its detections.
I'm giving you the result of the first part.
the tcleaner.txt:
[ Report ToolsCleaner version 2.3.7 (by A.Rothstein & dj QUIOU) ]
--> Search:
C:\FindyKill.txt: found!
C:\GenProc: found!
C:\_OTM: found!
C:\FindyKill: found!
C:\Rsit: found!
C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk: found!
C:\Documents and Settings\Administrator\Desktop\OTM.exe: found!
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe: found!
C:\Documents and Settings\Administrator\Desktop\hijackthis.log: found!
C:\Documents and Settings\Administrator\Desktop\FindyKill.txt: found!
C:\Documents and Settings\Administrator\Desktop\Rsit.exe: found!
C:\Documents and Settings\Administrator\Start Menu\Programs\FindyKill: found!
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: found!
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: found!
C:\GenProc\Page\GenProc[*].html: found!
C:\Program Files\Trend Micro\HijackThis: found!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: found!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: found!
C:\System.sav\util\mbr.log: found!
---------------------------------
--> Deletion:
C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk: deleted!
C:\Documents and Settings\Administrator\Desktop\OTM.exe: deleted!
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe: deleted!
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: deleted!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: deleted!
C:\FindyKill.txt: deleted!
C:\Documents and Settings\Administrator\Desktop\hijackthis.log: deleted!
C:\Documents and Settings\Administrator\Desktop\FindyKill.txt: deleted!
C:\Documents and Settings\Administrator\Desktop\Rsit.exe: deleted!
C:\GenProc\Page\GenProc[*].html: DELETION ERROR!!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: deleted!
C:\System.sav\util\mbr.log: deleted!
C:\GenProc: deleted!
C:\_OTM: deleted!
C:\FindyKill: deleted!
C:\Rsit: deleted!
C:\Documents and Settings\Administrator\Start Menu\Programs\FindyKill: deleted!
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: deleted!
C:\Program Files\Trend Micro\HijackThis: deleted!
very well ... ^^
continue ...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : don't think you're off the hook until we've
told you so!
continue ...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : don't think you're off the hook until we've
told you so!
and unfortunately here is the Kaspersky report:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: analysis report
Monday, July 20, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Version of Kaspersky Online Scanner: 7.0.26.13
Last database update: Monday, July 20, 2009 17:27:05
Records in the database: 2500458
--------------------------------------------------------------------------------
Analysis parameters:
scan using the following database: scope
Scan archives: yes
Scan mail databases: yes
Analysis zone - Workstation:
C:\
D:\
E:\
F:\
G:\
Analysis statistics:
Objects scanned: 70624
Threats found: 1
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 02:41:04
File name / Threat / Threat counter
F:\ut_Fichiers.exe Infected: Worm.Win32.Delf.dw 1
G:\.Trashes\.Trashes.exe Infected: Worm.Win32.Delf.dw 1
G:\.Spotlight-V100\.Spotlight-V100.exe Infected: Worm.Win32.Delf.dw 1
G:\.TemporaryItems\.TemporaryItems.exe Infected: Worm.Win32.Delf.dw 1
G:\Photos Appart\Photos Appart.exe Infected: Worm.Win32.Delf.dw 1
The selected zone has been scanned.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: analysis report
Monday, July 20, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Version of Kaspersky Online Scanner: 7.0.26.13
Last database update: Monday, July 20, 2009 17:27:05
Records in the database: 2500458
--------------------------------------------------------------------------------
Analysis parameters:
scan using the following database: scope
Scan archives: yes
Scan mail databases: yes
Analysis zone - Workstation:
C:\
D:\
E:\
F:\
G:\
Analysis statistics:
Objects scanned: 70624
Threats found: 1
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 02:41:04
File name / Threat / Threat counter
F:\ut_Fichiers.exe Infected: Worm.Win32.Delf.dw 1
G:\.Trashes\.Trashes.exe Infected: Worm.Win32.Delf.dw 1
G:\.Spotlight-V100\.Spotlight-V100.exe Infected: Worm.Win32.Delf.dw 1
G:\.TemporaryItems\.TemporaryItems.exe Infected: Worm.Win32.Delf.dw 1
G:\Photos Appart\Photos Appart.exe Infected: Worm.Win32.Delf.dw 1
The selected zone has been scanned.
et beh .... still infected ....
! still have your external drives connected to the PC !
do the following in order :
1- Download OTM (by Old_Timer) to your Desktop.
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
! Log off and close all your running applications !
Double click on "OTM.exe" to open the program.
Then copy what is in the quote below,
:Files
F:\ut_Fichiers.exe
G:\.Trashes\.Trashes.exe
G:\.Spotlight-V100\.Spotlight-V100.exe
G:\.TemporaryItems\.TemporaryItems.exe
G:\Photos Appart\Photos Appart.exe
:Commands
[emptytemp]
[Reboot]
and paste it into the left box of OTM :
Paste Instructions for items to be moved.
(do not touch anything else!)
-> click on MoveIt! to start the deletion.
-> let the tool work ...
-> once finished, a small window will open: click on " Yes " .
Your PC will restart by itself to finish the deletion ...
Upon restarting, if you are asked to allow OTM to run, accept (so that the tool can finish its job ...).
--> Post the content of the report found in the folder "C:\_OTM\MovedFiles"
(" xxxx2009_xxxxxx.log " where the "x" correspond to the day and time of use).
======================
2- Download ComboFix (by sUBs) to your Desktop (and not elsewhere!):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------- [ ! WARNING ! ] ------------------------------------------
!! Log off, close your running applications (as well as your browser) and DISABLE ALL YOUR DEFENSES (antivirus, anti-spyware guard, firewall) during the process:
indeed, if activated, they could significantly interfere with the search and cleaning procedure of the tool (and potentially crash the PC)... You will reactivate them afterwards !!
--->Important : if you encounter difficulties at this stage, let me know before proceeding ...
Tutorial (help) here: https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note: for XP, make sure to install the Recovery Console of Windows as indicated in the tutorial above ...
--------------------------------------------------------------------------------------------
Then:
double-click on the "combofix.exe" icon to start the tool.
-- For XP > let yourself be guided to install the recovery console. reconnect only for the duration of this manipulation. once the console is installed, log off again before proceeding --
Press the Y (Yes) key to start the scan.
Important notes :
-> do not use your mouse or keyboard (or any other pointing device) while the program is running. This could freeze the computer.
-> The PC may restart by itself (to finalize the cleaning), let it do so.
-> If the tool notifies you: "combofix has detected the presence of a rootkit and needs to restart your machine", you accept ...
-> if a Windows error message appears at any time: click the red cross in the upper right corner of the window to close it (and not on anything else! Otherwise, no report ...)
The report will be created here: C:\Combofix.txt
Be sure to reactivate your defenses .
Post the Combofix report for analysis ...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : do not consider yourself out of the woods until you are told so!
! still have your external drives connected to the PC !
do the following in order :
1- Download OTM (by Old_Timer) to your Desktop.
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
! Log off and close all your running applications !
Double click on "OTM.exe" to open the program.
Then copy what is in the quote below,
:Files
F:\ut_Fichiers.exe
G:\.Trashes\.Trashes.exe
G:\.Spotlight-V100\.Spotlight-V100.exe
G:\.TemporaryItems\.TemporaryItems.exe
G:\Photos Appart\Photos Appart.exe
:Commands
[emptytemp]
[Reboot]
and paste it into the left box of OTM :
Paste Instructions for items to be moved.
(do not touch anything else!)
-> click on MoveIt! to start the deletion.
-> let the tool work ...
-> once finished, a small window will open: click on " Yes " .
Your PC will restart by itself to finish the deletion ...
Upon restarting, if you are asked to allow OTM to run, accept (so that the tool can finish its job ...).
--> Post the content of the report found in the folder "C:\_OTM\MovedFiles"
(" xxxx2009_xxxxxx.log " where the "x" correspond to the day and time of use).
======================
2- Download ComboFix (by sUBs) to your Desktop (and not elsewhere!):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------- [ ! WARNING ! ] ------------------------------------------
!! Log off, close your running applications (as well as your browser) and DISABLE ALL YOUR DEFENSES (antivirus, anti-spyware guard, firewall) during the process:
indeed, if activated, they could significantly interfere with the search and cleaning procedure of the tool (and potentially crash the PC)... You will reactivate them afterwards !!
--->Important : if you encounter difficulties at this stage, let me know before proceeding ...
Tutorial (help) here: https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note: for XP, make sure to install the Recovery Console of Windows as indicated in the tutorial above ...
--------------------------------------------------------------------------------------------
Then:
double-click on the "combofix.exe" icon to start the tool.
-- For XP > let yourself be guided to install the recovery console. reconnect only for the duration of this manipulation. once the console is installed, log off again before proceeding --
Press the Y (Yes) key to start the scan.
Important notes :
-> do not use your mouse or keyboard (or any other pointing device) while the program is running. This could freeze the computer.
-> The PC may restart by itself (to finalize the cleaning), let it do so.
-> If the tool notifies you: "combofix has detected the presence of a rootkit and needs to restart your machine", you accept ...
-> if a Windows error message appears at any time: click the red cross in the upper right corner of the window to close it (and not on anything else! Otherwise, no report ...)
The report will be created here: C:\Combofix.txt
Be sure to reactivate your defenses .
Post the Combofix report for analysis ...
--
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : do not consider yourself out of the woods until you are told so!
Ske, I did what you asked. I now have the combo report in front of me and only my desktop background has tripled in size. What freaks me out is that the report states that I don't have the recovery console installed. I did follow the tutorial and combo skipped the step where it should have offered to install it (the console). So, I'm hesitant to touch anything because my desktop was supposedly supposed to return to normal after the report.
What should I do?
What should I do?
- 1
- 2
Suivant
Just one more question, it can't be more serious, just recovering my online game codes, I'm thinking about the email and other sites?
Happy July 14th