View original (French)

Diagnosis

Solved
didis28 Posted messages 30 Status Member -  
didis28 Posted messages 30 Status Member -
Hello,
I would like a diagnosis of my PC following a crack installed by my brother-in-law.
I deleted it, but I'm not sure if it is uninstalled. Thank you.
Configuration: Windows Vista Firefox 3.0.16

37 answers

  • 1
  • 2
Answer 1 / 37
flo-91 Posted messages 5973 Status Security Contributor 1 120
 
Hello, :

>Download RSIT here and save it to your desktop:

http://images.malwareremoval.com/random/RSIT.exe

>Double-click on RSIT.exe that is on the desktop

>The program will launch, select "1month" and click on "continue"

>Let the tool run and post the report that appears.
--
 *>flo-91<*®

Feel free to check out the forum's FAQ (tips section),
there might already be a solution to your problem   =)
1
Answer 2 / 37
didis28 Posted messages 30 Status Member
 
Hello
here is the first report

Logfile of random's system information tool 1.06 (written by random/random)
Run by didi at 2009-12-20 20:18:02
Microsoft® Windows Vista™ Home Basic Edition Service Pack 2
System drive C: has 305 GB (66%) free of 465 GB
Total RAM: 1790 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:58, on 20/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\VM303_STI.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\didi\AppData\Roaming\Microsoft\MSN Gift Notification\lsnfier.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\didi\Downloads\RSIT.exe
C:\Program Files\trend micro\didi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nixud.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Help for Adobe PDF Reader Link - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live ID Sign-in Assistant Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (VC0303)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WebCallDirect] "C:\Program Files\WebCallDirect.com\WebCallDirect\WebCallDirect.exe" -nosplash -minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MSN Gift Notification.lnk = C:\Users\didi\AppData\Roaming\Microsoft\MSN Gift Notification\lsnfier.exe
O4 - Startup: OneNote 2007 - Screen Capture and Launch.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B720FB4-C1DD-4887-B9B0-D6CE3D8E3392}: NameServer = 212.27.40.240
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1ca0df7759577b4) (gupdate1ca0df7759577b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 11640 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleFordidi.job
C:\Windows\tasks\PCConfidential.job
C:\Windows\tasks\PCDRScheduledMaintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Help for Adobe PDF Reader Link - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-27 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Assistant Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-30 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-30 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-30 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE [2008-07-21 12288]
"NVRaidService"=C:\Windows\system32\nvraidservice.exe [2008-10-03 203296]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"UpdateP2GoShortCut"=c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePDIRShortCut"=c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePSTShortCut"=c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [2008-09-11 210216]
"TSMAgent"=c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2008-10-17 1152296]
"CLMLServer for HP TouchSmart"=c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2008-10-17 189736]
"DVDAgent"=c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2008-09-26 1148200]
"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2008-09-23 912688]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"DT HPW"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [2007-09-28 81920]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-02-27 198160]
"Uninstall_CToolbar"=C:\Windows\Temp\CTun.exe /remove []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"BigDog303"=C:\Windows\VM303_STI.EXE [2006-01-24 61440]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-27 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-27 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"EoEngine"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-08-05 1644088]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"WebCallDirect"=C:\Program Files\WebCallDirect.com\WebCallDirect\WebCallDirect.exe -nosplash -minimized []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-23 39408]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-03-17 2387968]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Users\didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSN Gift Notification.lnk - C:\Users\didi\AppData\Roaming\Microsoft\MSN Gift Notification\lsnfier.exe
OneNote 2007 - Screen Capture and Launch.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogoff"=0
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b3f3f6c-04cb-11de-b59a-002354f17d26}]
shell\AutoRun\command - J:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2aec99a-0506-11de-838f-002354f17d26}]
shell\AutoRun\command - J:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6f77646-c922-11de-b33d-002354f0543d}]
shell\AutoRun\command - J:\USBAutoRun.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-20 20:18:03 ----D---- C:\Program Files\trend micro
2009-12-20 20:18:02 ----D---- C:\rsit
2009-12-19 22:07:06 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2009-12-17 19:00:17 ----D---- C:\Users\didi\AppData\Roaming\vlc
2009-12-15 15:41:12 ----D---- C:\FreePack
2009-12-10 19:53:35 ----SHD---- C:\Windows\system32\%APPDATA%
2009-12-10 13:08:31 ----A---- C:\Windows\system32\winhttp.dll
2009-12-10 13:08:28 ----A---- C:\Windows\system32\mshtml.dll
2009-12-10 13:08:27 ----A---- C:\Windows\system32\iertutil.dll
2009-12-10 13:08:27 ----A---- C:\Windows\system32\ieframe.dll
2009-12-10 13:08:26 ----A---- C:\Windows\system32\wininet.dll
2009-12-10 13:08:26 ----A---- C:\Windows\system32\urlmon.dll
2009-12-10 13:08:26 ----A---- C:\Windows\system32\occache.dll
2009-12-10 13:08:26 ----A---- C:\Windows\system32\msfeeds.dll
0
Answer 3 / 37
didis28 Posted messages 30 Status Member
 
and the second info

info.txt logfile of random's system information tool 1.06 2009-12-20 20:19:07

======Uninstall list======

-->"C:\Program Files\eMachines Games\Kuros\Uninstall.exe"
-->"C:\Program Files\HP Games\10 Days Under The Sea\Uninstall.exe"
-->"C:\Program Files\HP Games\4 Elements\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders - Treasures of Seven\Uninstall.exe"
-->"C:\Program Files\HP Games\ABC Island\Uninstall.exe"
-->"C:\Program Files\HP Games\Adventure Chronicles\Uninstall.exe"
-->"C:\Program Files\HP Games\Agatha Christie - Dead Man's Folly\Uninstall.exe"
-->"C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe"
-->"C:\Program Files\HP Games\Agatha Christie - Peril at End House\Uninstall.exe"
-->"C:\Program Files\HP Games\Age of Oracles - Tara's Journey\Uninstall.exe"
-->"C:\Program Files\HP Games\Alabama Smith in the Quest of Fate\Uninstall.exe"
-->"C:\Program Files\HP Games\Alexandra Fortune - Mystery of the Lunar Archipelago\Uninstall.exe"
-->"C:\Program Files\HP Games\Amazing Adventures Around the World\Uninstall.exe"
-->"C:\Program Files\HP Games\Ancient Secrets\Uninstall.exe"
-->"C:\Program Files\HP Games\Annabel\Uninstall.exe"
-->"C:\Program Files\HP Games\Aveyond - Gates of Night\Uninstall.exe"
-->"C:\Program Files\HP Games\Azteca\Uninstall.exe"
-->"C:\Program Files\HP Games\Becky Brogan - The Mystery of Meane Manor\Uninstall.exe"
-->"C:\Program Files\HP Games\Book of Legends\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Adventures Volume 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Boulder Dash - Pirates Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Campfire Legends - The Hookman\Uninstall.exe"
-->"C:\Program Files\HP Games\Can You See What I See - Curfuffle's Collectibles\Uninstall.exe"
-->"C:\Program Files\HP Games\Can You See What I See - Dream Machine\Uninstall.exe"
-->"C:\Program Files\HP Games\Cate West - The Vanishing Files\Uninstall.exe"
-->"C:\Program Files\HP Games\Cate West - The Velvet Keys\Uninstall.exe"
-->"C:\Program Files\HP Games\City Sights - Hello Seattle!\Uninstall.exe"
-->"C:\Program Files\HP Games\CLUE Classic\Uninstall.exe"
-->"C:\Program Files\HP Games\Diego's Safari Adventure\Uninstall.exe"
-->"C:\Program Files\HP Games\Dream Chronicles - The Chosen Child\Uninstall.exe"
-->"C:\Program Files\HP Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Dream Chronicles\Uninstall.exe"
-->"C:\Program Files\HP Games\Dream Day First Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Dream Day Honeymoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Dream Day Wedding - Viva Las Vegas!\Uninstall.exe"
-->"C:\Program Files\HP Games\Dream Day Wedding 2 - Married in Manhattan\Uninstall.exe"
-->"C:\Program Files\HP Games\Dream Day Wedding\Uninstall.exe"
-->"C:\Program Files\HP Games\Fabulous Finds\Uninstall.exe"
-->"C:\Program Files\HP Games\Faerie Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Gardenscapes\Uninstall.exe"
-->"C:\Program Files\HP Games\Gemini Lost\Uninstall.exe"
-->"C:\Program Files\HP Games\Glyph 2\Uninstall.exe"
-->"C:\Program Files\HP Games\GO Diego GO! Dinosaur Rescue\Uninstall.exe"
-->"C:\Program Files\HP Games\Gold Rush - Treasure Hunt\Uninstall.exe"
-->"C:\Program Files\HP Games\Hidden Secrets - The Nightmare\Uninstall.exe"
-->"C:\Program Files\HP Games\Hidden World of Art\Uninstall.exe"
-->"C:\Program Files\HP Games\HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Hunting Unlimited 2008\Uninstall.exe"
-->"C:\Program Files\HP Games\Insider Tales - The Secret of Casanova\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest II\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Mysteries 2 Trail of the Midnight Heart\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Mysteries\Uninstall.exe"
-->"C:\Program Files\HP Games\Legacy - World Adventure\Uninstall.exe"
-->"C:\Program Files\HP Games\Liong - The Lost Amulets\Uninstall.exe"
-->"C:\Program Files\HP Games\Lost City of Aquatica\Uninstall.exe"
-->"C:\Program Files\HP Games\Lost Realms - Legacy of the Sun Princess\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Encyclopedia\Uninstall.exe"
-->"C:\Program Files\HP Games\Midnight Mysteries - The Edgar Allan Poe Conspiracy\Uninstall.exe"
-->"C:\Program Files\HP Games\Monopoly\Uninstall.exe"
-->"C:\Program Files\HP Games\Mortimer Beckett and the Secrets of Spooky Manor\Uninstall.exe"
-->"C:\Program Files\HP Games\Mortimer Beckett and the Time Paradox\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery Masterpiece - The Moonstone\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery of Shark Island\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery P.I. - Lost in Los Angeles\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"
-->"C:\Program Files\HP Games\Nancy Drew - Curse of Blackmoor Manor\Uninstall.exe"
-->"C:\Program Files\HP Games\Nancy Drew - Legend of the Crystal Skull\Uninstall.exe"
-->"C:\Program Files\HP Games\Nancy Drew - The Phantom of Venice\Uninstall.exe"
-->"C:\Program Files\HP Games\Nancy Drew Dossier - Lights, Camera, Curses\Uninstall.exe"
-->"C:\Program Files\HP Games\Nancy Drew Dossier - Resorting to Danger!\Uninstall.exe"
-->"C:\Program Files\HP Games\Natalie Brooks - The Treasures of the Lost Kingdom\Uninstall.exe"
-->"C:\Program Files\HP Games\Obulis\Uninstall.exe"
-->"C:\Program Files\HP Games\Pahelika - Secret Legends\Uninstall.exe"
-->"C:\Program Files\HP Games\Paparazzi\Uninstall.exe"
-->"C:\Program Files\HP Games\Paranormal Agency\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Pocahontas - Princess of the Powhatan\Uninstall.exe"
-->"C:\Program Files\HP Games\Princess Isabella - A Witch's Curse\Uninstall.exe"
-->"C:\Program Files\HP Games\Profitville\Uninstall.exe"
-->"C:\Program Files\HP Games\Samantha Swift and the Golden Touch\Uninstall.exe"
-->"C:\Program Files\HP Games\Save Our Spirit\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Mystery - Whos Gold\Uninstall.exe"
-->"C:\Program Files\HP Games\StoneLoops of Jurassica\Uninstall.exe"
-->"C:\Program Files\HP Games\The Ancient Quest of Saqqarah\Uninstall.exe"
-->"C:\Program Files\HP Games\The Clumsys\Uninstall.exe"
-->"C:\Program Files\HP Games\The Count of Monte Cristo\Uninstall.exe"
-->"C:\Program Files\HP Games\The Legend of Crystal Valley\Uninstall.exe"
-->"C:\Program Files\HP Games\The Lost Cases of Sherlock Holmes\Uninstall.exe"
-->"C:\Program Files\HP Games\The Lost Inca Prophecy\Uninstall.exe"
-->"C:\Program Files\HP Games\The Mushroom Age\Uninstall.exe"
-->"C:\Program Files\HP Games\The Nightshift Code\Uninstall.exe"
-->"C:\Program Files\HP Games\The Secret of Margrave Manor 2\Uninstall.exe"
-->"C:\Program Files\HP Games\The Wizard's Pen\Uninstall.exe"
-->"C:\Program Files\HP Games\TikiBar\Uninstall.exe"
-->"C:\Program Files\HP Games\Torchlight\Uninstall.exe"
-->"C:\Program Files\HP Games\Totem Tribe\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds Odyssey\Uninstall.exe"
-->"C:\Program Files\HP Games\Trapped - The Abduction\Uninstall.exe"
-->"C:\Program Files\HP Games\Treasures of the Serengeti\Uninstall.exe"
-->"C:\Program Files\HP Games\Undiscovered World - The Incan Sun\Uninstall.exe"
-->"C:\Program Files\HP Games\Wandering Willows\Uninstall.exe"
-->"C:\Program Files\HP Games\Wild West Quest 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Women's Murder Club - A Darker Shade of Grey\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma's Revenge\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.5 - French-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
adsl TV-->"C:\Program Files\adslTV\Uninstal.exe"
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Windows Live Connection Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Big Fish Games Client-->"C:\Program Files\bfgclient\Uninstall.exe"
Brutal Chess-->"C:\Program Files\Brutal Chess\uninstall.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Celestia 1.5.1-->"C:\Program Files\Celestia\unins000.exe"
Windows 7 Upgrade Advisor-->MsiExec.exe /I{9D10CB57-B085-44c3-B435-2D193BA153F0}
CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dream Aquarium-->"C:\Program Files\Dream Aquarium\UnInstall.exe"
eMachines Games-->"C:\Program Files\eMachines Games\Uninstall.exe"
FreePack-->c:\FreePack\Uninstal.exe
Freeplayer-->"C:\Program Files\Freeplayer\Uninstall.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{9074AFC0-CFDA-11DE-B484-005056806466}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658}
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64B9E2F5-558E-4C56-B419-A1679518F6E7}\setup.exe" -l0x9 -removeonly
HP Demo-->MsiExec.exe /X{97ABD26A-3249-46CB-B2E2-F66E64B2E480}
HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS
HP MediaSmart SmartMenu-->MsiExec.exe /I{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}
HP My Display-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15733AD1-1CEF-459A-9245-0924FC63BDD5}\setup.exe" -l0x40c -removeonly
HP Picasso Media Center Add-In-->MsiExec.exe /X{03BF5CB1-B72E-4CA6-A278-F65680F05420}
HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}
HP Total Care Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38058455-8C21-4C2F-B2F6-14ED166039CB}\setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Windows Live Installation-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Installation-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kuros-->"C:\Program Files\Kuros\Uninstall.exe"
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
LightScribe System Software-->MsiExec.exe /X{7F10292C-A190-4176-A665-A1ED3478DF86}
MaxTV-->"C:\Windows\MaxTV\uninstall_maxtv.exe" "/U:C:\Program Files\DMV\MaxTV4\Uninstall\MaxTV\uninstall_maxtv.xml"
McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee VirusScan Enterprise-->MsiExec.exe /X{35C03C04-3F1F-42C2-A989-A757EE691F65}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Compatibility Module for Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Microsoft .NET Framework 3.5 SP1 Language Pack - fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.16)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee Reveal-->MsiExec.exe /X{19506BDB-4EA7-491F-E8AB-E97109FDB296}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Google Update Tool-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Windows Live Download Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor for Windows\uninst.exe
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
Real Chess-->"C:\Program Files\GameTop.com\Real Chess\unins000.exe"
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update
0
Answer 4 / 37
flo-91 Posted messages 5973 Status Security Contributor 1 120
 
Ok, :

For computers running Windows Vista and Windows 7, disabling User Account Control is mandatory
otherwise, the tool may not function properly.
Tutorial: https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

>Ad-Remover<

>Download Ad-Remover and save it to your desktop:

https://www.commentcamarche.net/telecharger/securite/2547-ad-remover/

>Disable your antivirus during the process
>Disconnect from the Internet and close all running applications
>Double-click on the installer, install it in its default location (C:\Program Files).
>In the main menu, choose the C (Cleanup) option
>Post the generated report (C:\Ad-Report-CLEAN.log).
>Don't forget to reactivate your antivirus
--
 *>flo-91<*®

Feel free to check out the FAQ section of the forum (tips section),
you might already find the solution to your problem =)
0
Answer 5 / 37
didis28 Posted messages 30 Status Member
 
hello;
here is the report

.
======= AD-REMOVER REPORT 1.1.4.6_F | WINDOWS XP/VISTA/7 ONLY =======
.
Updated by C_XX on 20.12.2009 at 18:16
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Started at: 12:15:24, 21/12/2009 | Normal Mode | Option: CLEAN
Executed from: C:\Program Files\Ad-Remover\
Operating System: Microsoft® Windows Vista™ Home Basic Service Pack 2 v6.0.6002
PC Name: PC-DE-DIDI | Current User: didi
.
============== NEUTRALIZED ITEM(S) ==============
.

C:\Program Files\AGI
C:\Program Files\Crawler
C:\Users\didi\AppData\Roaming\EoRezo
C:\Users\didi\AppData\Local\Kiwee Toolbar
C:\Windows\System32\config\systemprofile\AppData\Roaming\agi

(!) -- Temporary files deleted.

.
HKCU\software\EoRezo
HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
HKLM\software\EoRezo
HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
.
============== Additional Scan ==============
.
.
* Mozilla FireFox Version 3.0.16 [en] *
.
Profile Name: bksrjkxg.default (didi)
.
(didi, prefs.js) Browser.download.dir, C:\Users\didi\Downloads
(didi, prefs.js) Browser.search.defaultenginename, MyStart Search
(didi, prefs.js) Browser.search.selectedEngine, MyStart Search
(didi, prefs.js) Browser.startup.homepage, hxxp://y.lo.st
(didi, prefs.js) Extensions.enabledItems, illimitux@illimitux.net:3.4,{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.16
(didi, prefs.js) Keyword.URL, hxxp://mystart.magentic.com/?loc=FF_Magentic_AddressBar&search=
.
(didi, prefs.js) DELETE - Browser.startup.homepage, hxxp://y.lo.st
.
.
.
* Internet Explorer Version 8.0.6001.18865 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Use Search Asst: no
Enable Browser Extensions: yes
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
3188 Byte(s) - C:\Ad-Report-CLEAN[1].log
.
1 File(s) - C:\Users\didi\AppData\Local\Temp
0 File(s) - C:\Windows\Temp
0 File(s) - C:\Windows\Prefetch
.
21 File(s) - C:\Program Files\Ad-Remover\BACKUP
15 File(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Finished at: 12:24:42 | 21/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.
0
Answer 6 / 37
flo-91 Posted messages 5973 Status Security Contributor 1 120
 
For those who have Vista or Windows 7, disable UAC:
Tutorial: https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

>Toolbar S&D<

>Download Toolbar S&D here

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

>Save the software to the desktop
>Double-click on the icon "ToolBarSD.exe"
>Accept the installation

>Once the installation is complete, double-click on the new icon with "Toolbar S&D" written in black on your desktop
>Press "F" to choose the French language
>Choose option 1 "search", the Start menu and icons will disappear, this is normal.
>Let the tool run, do not touch anything
>Once the scan is finished, the search report will open in Notepad. (In case the report does not open, it can be found at C:\TB.txt)

>Post the report
--
*>flo-91<*®

Feel free to take a look at the forum FAQ (tips section),
there may already be a solution to your problem =)
0
Answer 7 / 37
didis28 Posted messages 30 Status Member
 
the link doesn't work
0
Answer 8 / 37
flo-91 Posted messages 5973 Status Security Contributor 1 120
 
Ok, :

>Download Malwarebytes here:

https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

. On the page, click on Download Malwarebytes Anti-Malware
. Save it to the desktop
/!\Vista users: Right-click on the Malwarebytes Anti-Malware logo, “Run as Administrator”

. Double-click on the downloaded file to start the installation process.
. In the "Update" tab, click on the Check for Updates button
. If the firewall asks for permission to connect for Malwarebytes, accept
. Once the update is complete
. go to the "Scan" tab
. Select Run a Complete Scan
. Click on Scan
. The scan starts.
. At the end of the scan, a message displays: The scan completed normally. Click on 'Show Results' to display all found items.
. Click on Ok to proceed.
. If malware has been detected, click on Show Results
. Select all (or leave checked) and click on Remove the selection Malwarebytes will destroy the files and registry keys and place a copy in quarantine.
. Malwarebytes will open Notepad and copy the scan report there.
. Go to the report/log tab
. click on it to display it once displayed
. click on edit at the top of Notepad, then on select all
. click on edit again and then on copy and go back to the forum and in your reply
. right-click in the reply box and paste

If you need help, check out this tutorial:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
--
 *>flo-91<*®

Feel free to take a look at the forum's FAQ (tips section),
there might already be a solution to your problem =)
0
Answer 9 / 37
didis28 Posted messages 30 Status Member
 
here is the report

Malwarebytes' Anti-Malware 1.42
Database version: 3402
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/21/2009 06:04:44 PM
mbam-log-2009-12-21 (06-04-44).txt

Search type: Full scan (C:\|D:\|)
Items examined: 488040
Elapsed time: 2 hour(s), 48 minute(s), 13 second(s)

Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 0
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 0

Infected memory process(es):
(No harmful items detected)

Infected memory module(s):
(No harmful items detected)

Infected Registry key(s):
(No harmful items detected)

Infected Registry value(s):
(No harmful items detected)

Infected Registry data item(s):
(No harmful items detected)

Infected folder(s):
(No harmful items detected)

Infected file(s):
(No harmful items detected)
0
Answer 10 / 37
flo-91 Posted messages 5973 Status Security Contributor 1 120
 
Ok, :

/!\ Users of VISTA and SEVEN: you should disable UAC just for the time needed to disinfect your PC, you will reactivate it later:

Tutorial: https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac


>Navilog<

>Download and install Navilog1 here:

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

>Double-click on navilog1.exe present on your desktop

>Select the desired language from the menu and confirm your choice by pressing the "enter" key

>A small warning message, press a key to proceed

>A new warning, press a key to continue

>Verification of the installation of Navilog1: if everything is good, press a key to continue

>Choose option 1: automatic scan/disinfection

>The scan will start automatically and may take a few minutes, please be patient

>Once the scan is complete, press a key for your PC to reboot

>Upon rebooting your PC, Navilog will remove what it found, please be patient for a moment.

>A report is generated by the tool. It is located at this location:

XP: start/my computer/c:/cleannavi.txt
Vista: start logo/computer/c:/cleannavi.txt

>Post the report
--
*>flo-91<*®

Feel free to check the FAQ of the forum (tips section),
there may already be a solution to your problem =)
0
Answer 11 / 37
didis28 Posted messages 30 Status Member
 
Here is the report

Fix Navipromo version 4.0.5 started on 21/12/2009 18:50:17.62

!!! Attention, this report may indicate legitimate files/programs!!!
!!! Post this report on the forum for analysis!!!

Tool executed from C:\Program Files\navilog1

Updated on 10.11.2009 at 18:00 by IL-MAFIOSO

Microsoft® Windows Vista™ Home Basic Edition ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) Dual Core Processor 4450e )
BIOS : BIOS Date: 11/05/08 15:51:14 Ver: 5.03
USER : didi ( Not Administrator ! )
BOOT : Normal boot

Antivirus : VirusScan Enterprise + AntiSpyware Enterprise 8.5.0.781 (Activated)

C:\ (Local Disk) - NTFS - Total:454 Go (Free:300 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

Search executed in normal mode

Cleaning performed at computer restart

C:\Windows\prefetch\GAMECONSOLE-WT.EXE-1C8C5C08.pf deleted!
C:\Users\didi\AppData\Local\tmp0253564763_navi.JPG deleted!

Cleaning of C:\Windows\Temp completed!
Cleaning of C:\Users\didi\AppData\Local\Temp completed!

*** Registry Backup to Safebackup folder ***

Registry backup completed successfully!

*** Registry Cleaning ***

Registry cleaning Ok

*** Scan finished 21/12/2009 18:56:20.46 ***
0
Answer 12 / 37
flo-91 Posted messages 5973 Status Security Contributor 1 120
 
> SuperAntiSpyware <

> Download SuperAntiSpyware here:

http://cdn.superantispyware.com/SUPERAntiSpyware.exe

> Install it with the default settings.

> At the end of the installation, it will launch and ask you to choose the program language, select French.

> The program will then prompt you to update it, do so.

> A configuration wizard will open, click next while leaving the default settings

> SuperAntiSpyware will open. Click on "Scan your computer."

> Check "Run a full scan" and click on "Next."

> Let the scan proceed.

> At the end of the scan, check that everything is checked and then click "Next."

> Then click on finish, and then click on "Preferences."

> Go to the "Statistics/Log Files" tab, select the one dated today and then click on "View Log."

> Copy/Paste its content into your next message.

> Note: you can empty the quarantine ( "Quarantine Management" in the main menu )
--
*>flo-91<*®

Feel free to take a look at the forum FAQ (tips section),
there may already be a solution to your problem =)
0
Answer 13 / 37
didis28 Posted messages 30 Status Member
 
Here is the report

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 12/21/2009 at 08:53 PM

Application Version : 4.32.1000

Core Rules Database Version : 4398
Trace Rules Database Version: 2232

Scan type : Complete Scan
Total Scan Time : 00:59:56

Memory items scanned : 809
Memory threats detected : 0
Registry items scanned : 7642
Registry threats detected : 0
File items scanned : 35732
File threats detected : 50

Adware.Tracking Cookie
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\didi@atdmt[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\didi@bs.serving-sys[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\didi@serving-sys[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\didi@aimfar.solution.weborama[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\didi@boursoramabanque.solution.weborama[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\didi@msnportal.112.2o7[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\didi@smartadserver[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\didi@weborama[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\didi@xiti[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@mmedia.t134[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@weborama[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@cdn5.specificclick[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@www5.addfreestats[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@adbrite[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@specificclick[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@advertstream[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@tacoda[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@ad.zanox[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@www.pxtrack[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@cyberwarez[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@ad.yieldmanager[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@www.warezrocker[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@tracking.publicidees[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@smartadserver[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@boursoramabanque.solution.weborama[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@ads.ad4game[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@cyberwarez[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@content.yieldmanager[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@content.yieldmanager[3].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@www2.online-media24[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@t.bbtrack[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@media6degrees[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@adtech[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@clicksor[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@warezrocker[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@myroitracking[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@aimfar.solution.weborama[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@at.atwola[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@bouyguestelecom.solution.weborama[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@chitika[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@msnportal.112.2o7[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@kontera[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@track.effiliation[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@tribalfusion[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@virginmobile.solution.weborama[2].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@xiti[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@yadro[1].txt
C:\Users\didi\AppData\Roaming\Microsoft\Windows\Cookies\Low\didi@zanox[2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@2o7[2].txt

Adware.Vundo/Variant-MSFake
C:\PROGRAM FILES\NAVILOG1\REG.EXE
0
Answer 14 / 37
flo-91 Posted messages 5973 Status Security Contributor 1 120
 
How's the PC?

Please repost an RSIT report.
--
 *>flo-91<*®

Feel free to check the forum's FAQ (tips section),
there might already be a solution to your problem =)
0
Answer 15 / 37
didis28 Posted messages 30 Status Member
 
okay, it seems to be going well but I still have this damn crack that I can't
get rid of
do you have any idea?

here is the RSIT report

Logfile of random's system information tool 1.06 (written by random/random)
Run by didi at 2009-12-21 21:25:56
Microsoft® Windows Vista™ Home Basic Edition Service Pack 2
System drive C: has 306 GB (66%) free of 465 GB
Total RAM: 1790 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:17, on 21/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\VM303_STI.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\didi\AppData\Roaming\Microsoft\Gift notifications MSN\lsnfier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\didi\Downloads\RSIT.exe
C:\Program Files\trend micro\didi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Help for the Adobe PDF Reader link - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live ID Sign-in Assistant Help Program - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (VC0303)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Gift notifications MSN.lnk = C:\Users\didi\AppData\Roaming\Microsoft\Gift notifications MSN\lsnfier.exe
O4 - Startup: OneNote 2007 - Screen Capture and Launch.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B720FB4-C1DD-4887-B9B0-D6CE3D8E3392}: NameServer = 212.27.40.240
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Update Service (gupdate1ca0df7759577b4) (gupdate1ca0df7759577b4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 10931 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleFordidi.job
C:\Windows\tasks\PCConfidential.job
C:\Windows\tasks\PCDRScheduledMaintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Help for the Adobe PDF Reader link - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-27 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Assistant Help Program - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-30 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-30 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-30 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE [2008-07-21 12288]
"NVRaidService"=C:\Windows\system32\nvraidservice.exe [2008-10-03 203296]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"UpdateP2GoShortCut"=c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePDIRShortCut"=c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePSTShortCut"=c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [2008-09-11 210216]
"TSMAgent"=c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2008-10-17 1152296]
"CLMLServer for HP TouchSmart"=c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2008-10-17 189736]
"DVDAgent"=c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2008-09-26 1148200]
"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2008-09-23 912688]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"DT HPW"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [2007-09-28 81920]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-02-27 198160]
"Uninstall_CToolbar"=C:\Windows\Temp\CTun.exe /remove []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"BigDog303"=C:\Windows\VM303_STI.EXE [2006-01-24 61440]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-27 13539872]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-27 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-08-05 1644088]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-23 39408]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-03-17 2387968]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-12-16 2002160]

C:\Users\didi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Gift notifications MSN.lnk - C:\Users\didi\AppData\Roaming\Microsoft\Gift notifications MSN\lsnfier.exe
OneNote 2007 - Screen Capture and Launch.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogoff"=0
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b3f3f6c-04cb-11de-b59a-002354f17d26}]
shell\AutoRun\command - J:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2aec99a-0506-11de-838f-002354f17d26}]
shell\AutoRun\command - J:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6f77646-c922-11de-b33d-002354f0543d}]
shell\AutoRun\command - J:\USBAutoRun.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-21 19:45:27 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-12-21 19:44:08 ----D---- C:\Users\didi\AppData\Roaming\SUPERAntiSpyware.com
2009-12-21 19:44:08 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-21 19:42:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-21 18:50:17 ----A---- C:\cleannavi.txt
2009-12-21 18:49:25 ----D---- C:\Program Files\Navilog1
2009-12-21 12:57:09 ----D---- C:\Users\didi\AppData\Roaming\Malwarebytes
2009-12-21 12:57:03 ----D---- C:\ProgramData\Malwarebytes
2009-12-21 12:57:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-21 12:14:56 ----D---- C:\Program Files\Ad-Remover
2009-12-20 20:18:03 ----D---- C:\Program Files\trend micro
2009-12-20 20:18:02 ----D---- C:\rsit
2009-12-19 22:07:06 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2009-12-17 19:00:17 ----D---- C:\Users\didi\AppData\Roaming\vlc
2009-12-15 15:41:12 ----D---- C:\FreePack
2009-12-10 19:53:35 ----SHD---- C:\Windows\system32\%APPDATA%
2009-12-10 13:08:31 ----A---- C:\Windows\system32\winhttp.dll
2009-12-10 13:08:28 ----A---- C:\Windows\system32\mshtml.dll
2009-12-10 13:08:27 ----A---- C:\Windows\system32\iertutil.dll
2009-12-10 13:08:27 ----A---- C:\Windows\system32\ieframe.dll
2009-12-10 13:08:26 ----A---- C:\Windows\system32\wininet.dll
2009-12-10 13:08:26 ----A---- C:\Windows\system32\urlmon.dll
2009-12-10 13:08:26 ----A---- C:\Windows\system32\occache.dll
2009-12-10 13:08:26 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-10 13:08:26 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-10 13:08:24 ----A---- C:\Windows\system32\ieui.dll
2009-12-10 13:08:24 ----A---- C:\Windows\system32\iepeers.dll
2009-12-10 13:08:23 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-10 13:08:23 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-10
0
Answer 16 / 37
flo-91 Posted messages 5973 Status Security Contributor 1 120
 
Can you try to make me the toolbar s&d post 6 please?
--
*>flo-91<*®

Feel free to take a look in the forum's FAQ (tips section),
you might already find the solution to your problem =)
0
Answer 17 / 37
didis28 Posted messages 30 Status Member
 
Hi, I succeeded by disabling the antivirus

here it is

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Home Basic Edition ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) Dual Core Processor 4450e )
BIOS : BIOS Date: 11/05/08 15:51:14 Ver: 5.03
USER : didi ( Not Administrator ! )
BOOT : Normal boot
Antivirus : VirusScan Enterprise + AntiSpyware Enterprise 8.5.0.781 (Not Activated)
C:\ (Local Disk) - NTFS - Total:454 Go (Free:298 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( LAST UPDATE : 22-08-2009|18:42 )
Option : [1] ( 21/12/2009|21:38 )

[ UAC => 1 ]

-----------\\ Searching for Files / Folders ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\System32\\blank.htm"
"Search bar"="http://www.bing.com/spresults.aspx"

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\Users\didi\AppData\Local\VirtualStore\Program Files\Agatha Christie - Death on the Nile\gameres\images\bonus_rosary\bead_crack.png

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 21/12/2009|21:39 - Option : [1]

-----------\\ End of the report at 21:39:11,85
0
Answer 18 / 37
flo-91 Posted messages 5973 Status Security Contributor 1 120
 
Ok, did you disable UAC to perform the operation??

And is it indeed this crack that you can't delete:

C:\Users\didi\AppData\Local\VirtualStore\Program Files\Agatha Christie - Death on the Nile\gameres\images\bonus_rosary\bead_crack.png
--
*>flo-91<*®

Feel free to check out the forum FAQ (tips section),
there might already be a solution to your problem =)
0
Answer 19 / 37
didis28 Posted messages 30 Status Member
 
no, why does it change anything?
0
Answer 20 / 37
didis28 Posted messages 30 Status Member
 
no, the crack that I can't remove is vista7 slic 1.9.1.0
I don't know what it is, I posted on the Windows forum and they told me it was a crack. It doesn't appear in uninstall a program.
0
  • 1
  • 2