Heuristic virus
Solved
fraggle559
Posted messages
335
Status
Member
-
Marc -
Marc -
Hello,
What is a Heuristic virus? Antivir found this today. I copied the following description:
HEUR/Exploit.HTML
I already received this message a few days ago. As a precaution, I ran a search with Malwarebytes in safe mode. It didn't find anything. I also did a scan with Antivir, which found nothing either.
I feel like this is more of a way to convince me to buy the paid version of Antivir.
In any case, everything is working on my computer.
Thank you for explaining what this message means.
Best regards
What is a Heuristic virus? Antivir found this today. I copied the following description:
HEUR/Exploit.HTML
I already received this message a few days ago. As a precaution, I ran a search with Malwarebytes in safe mode. It didn't find anything. I also did a scan with Antivir, which found nothing either.
I feel like this is more of a way to convince me to buy the paid version of Antivir.
In any case, everything is working on my computer.
Thank you for explaining what this message means.
Best regards
Configuration: Windows XP Firefox 3.5.7
46 answers
- 1
- 2
- 3
Next
A heuristic virus means that the antivirus does not recognize it in its database but finds it suspicious due to its behavior on the system
--
tic tac toe ie7 vs firefox which wins firefox of course
--
tic tac toe ie7 vs firefox which wins firefox of course
CE29
Thank you for the info.
Marc
Thank you, we learn something new every day!
Here it is, I updated and ran the scan
the report is as follows:
Malwarebytes' Anti-Malware 1.44
Database version: 3662
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
30/01/2010 16:35:08
mbam-log-2010-01-30 (16-35-08).txt
Scan type: Complete scan (C:\|G:\|)
Items examined: 218819
Elapsed time: 50 minute(s), 20 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 0
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 2
Infected memory process(es):
(No malicious items detected)
Infected memory module(s):
(No malicious items detected)
Infected Registry key(s):
(No malicious items detected)
Infected Registry value(s):
(No malicious items detected)
Infected Registry data item(s):
(No malicious items detected)
Infected folder(s):
(No malicious items detected)
Infected file(s):
C:\jacobin\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\jacobin\pv.cfexe (Trojan.Agent) -> Quarantined and deleted successfully.
The computer restarted showing that the disk had suffered damage and it ran a disk check before it could restart. I hope I haven't lost anything.
the report is as follows:
Malwarebytes' Anti-Malware 1.44
Database version: 3662
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
30/01/2010 16:35:08
mbam-log-2010-01-30 (16-35-08).txt
Scan type: Complete scan (C:\|G:\|)
Items examined: 218819
Elapsed time: 50 minute(s), 20 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 0
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 2
Infected memory process(es):
(No malicious items detected)
Infected memory module(s):
(No malicious items detected)
Infected Registry key(s):
(No malicious items detected)
Infected Registry value(s):
(No malicious items detected)
Infected Registry data item(s):
(No malicious items detected)
Infected folder(s):
(No malicious items detected)
Infected file(s):
C:\jacobin\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\jacobin\pv.cfexe (Trojan.Agent) -> Quarantined and deleted successfully.
The computer restarted showing that the disk had suffered damage and it ran a disk check before it could restart. I hope I haven't lost anything.
Here is the file log.txt. I do not have the info.txt file this time. Is that normal?
Logfile of random's system information tool 1.06 (written by random/random)
Run by 13 at 2010-01-31 16:19:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (22%) free of 38 GB
Total RAM: 735 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:47, on 31/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\13\Desktop\RSIT(2).exe
C:\Program Files\trend micro\13.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/en-us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [BboxUpdate] C:\Program Files\BboxUpdate\BTLiveUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"http://www.funlabo.com/delirants-insolites/jeu-transport-de-whisky.htm"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add to Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Quick Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Open in a Background Tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?2a22063e1a6841fa860803837843fbd1
O8 - Extra context menu item: Open in a Foreground Tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?2a22063e1a6841fa860803837843fbd1
O9 - Extra button: Direct Add - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Direct Add in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Translation - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Customize Translation Options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: Note Organizer - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} (Snapfish Activia2) - http://www3.snapfish.fr/SnapfishActivia2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8245 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\User_Feed_Synchronization-{FF5DF99F-C204-45E8-9DC9-B60BD76EAA1D}.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-21 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-30 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-21 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-21 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-10-18 1315840]
"PROMT Integrator"=C:\Program Files\PROMT5\INTEGRAL\PinStart.exe [2001-09-03 49152]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX1000"=C:\WINDOWS\vVX1000.exe [2007-04-10 709992]
"BboxUpdate"=C:\Program Files\BboxUpdate\BTLiveUpdate.exe [2008-08-06 103936]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-05-14 67072]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-09-16 5724184]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-09 68856]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe [2009-06-05 468408]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoDriveAutoRun"=128
"HonorAutoRunSetting"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoLogOff"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\WINDOWS\System32\rtcshare.exe"="C:\WINDOWS\System32\rtcshare.exe:*:Disabled:RTC Application Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE"="C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bbox\eSKernel.exe"="C:\Program Files\Bbox\eSKernel.exe:*:Enabled:Bbox installation assistant"
"C:\Program Files\BboxUpdate\BTLiveUpdate.exe"="C:\Program Files\BboxUpdate\BTLiveUpdate.exe:*:Enabled:Bbox - Bouygues Telecom - Update Utility"
"C:\WINDOWS\System32\RUNDLL32.EXE"="C:\WINDOWS\System32\RUNDLL32.EXE:*:Enabled:Run a DLL as an application"
"C:\WINDOWS\System32\dpvsetup.exe"="C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE"="C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 2 months======
2010-01-31 11:31:09 ----D---- C:\Documents and Settings\13\Application Data\LEGO Company
2010-01-31 11:31:01 ----D---- C:\Program Files\LEGO Company
2010-01-30 23:13:52 ----RASHD---- C:\autorun.inf
2010-01-30 23:11:39 ----A---- C:\UsbFix.txt
2010-01-30 22:23:17 ----D---- C:\UsbFix
2010-01-30 18:28:05 ----D---- C:\rsit
2010-01-15 23:10:50 ----HD---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 13:28:28 ----D---- C:\Documents and Settings\13\Application Data\Apple Computer
2009-12-25 11:52:26 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom
2009-12-25 11:51:19 ----D---- C:\Documents and Settings\13\Application Data\TomTom
2009-12-25 11:51:11 ----D---- C:\Program Files\TomTom International B.V
2009-12-25 11:50:59 ----D---- C:\Program Files\TomTom HOME 2
2009-12-21 11:11:12 ----HD---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-20 13:33:03 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-12 23:49:20 ----HD---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-12 23:49:15 ----HD---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-12 23:48:36 ----HD---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-12 23:48:30 ----HD---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-12 23:48:23 ----HD---- C:\WINDOWS\$NtUninstallKB971737$
======List of files/folders modified in the last 2 months======
2010-01-31 12:57:52 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-30 23:10:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-15 23:10:56 ----A---- C:\WINDOWS\imsins.BAK
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-21 20:07:02 ----A---- C:\WINDOWS\system32\wininet.dll
2009-12-21 20:07:02 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-12-21 20:07:00 ----A---- C:\WINDOWS\system32\occache.dll
2009-12-21 20:07:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-12-21 20:06:58 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-12-21 20:06:58 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-12-21 20:06:58 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-12-21 20:06:58 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-12-21 20:06:56 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-12-21 20:06:56 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-12-21 20:06:52 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-12-21 14:20:16 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-12-12 23:52:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-07-04 43488]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-10-18 28928]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2004-10-18 27648]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-07-08 12416]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-18 28520]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-07-29 5632]
R1 WS2IFSL;Windows Sockets 2.0 Non-IFS Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]
R3 ALCXSENS;WDM 3D Audio Driver Service; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Realtek AC97 Audio (WDM) Service; C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-05-14 622172]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-04-18 6912]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-07-08 217600]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-02-28 32256]
R3 usbaudio;USB audio (WDM) Driver; C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft Generic USB Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-10-18 98048]
S1 kbdhid;HID Keyboard Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communication Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Personal Area Network Device; C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
S3 BTHUSB;Bluetooth Radio USB Driver;
Logfile of random's system information tool 1.06 (written by random/random)
Run by 13 at 2010-01-31 16:19:40
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (22%) free of 38 GB
Total RAM: 735 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:47, on 31/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\13\Desktop\RSIT(2).exe
C:\Program Files\trend micro\13.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/en-us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [BboxUpdate] C:\Program Files\BboxUpdate\BTLiveUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"http://www.funlabo.com/delirants-insolites/jeu-transport-de-whisky.htm"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add to Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Quick Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Open in a Background Tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?2a22063e1a6841fa860803837843fbd1
O8 - Extra context menu item: Open in a Foreground Tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?2a22063e1a6841fa860803837843fbd1
O9 - Extra button: Direct Add - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Direct Add in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Translation - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Customize Translation Options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: Note Organizer - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} (Snapfish Activia2) - http://www3.snapfish.fr/SnapfishActivia2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8245 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\User_Feed_Synchronization-{FF5DF99F-C204-45E8-9DC9-B60BD76EAA1D}.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-21 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-30 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-21 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-21 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-10-18 1315840]
"PROMT Integrator"=C:\Program Files\PROMT5\INTEGRAL\PinStart.exe [2001-09-03 49152]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX1000"=C:\WINDOWS\vVX1000.exe [2007-04-10 709992]
"BboxUpdate"=C:\Program Files\BboxUpdate\BTLiveUpdate.exe [2008-08-06 103936]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-05-14 67072]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-09-16 5724184]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-09 68856]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe [2009-06-05 468408]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoDriveAutoRun"=128
"HonorAutoRunSetting"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoLogOff"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\WINDOWS\System32\rtcshare.exe"="C:\WINDOWS\System32\rtcshare.exe:*:Disabled:RTC Application Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE"="C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bbox\eSKernel.exe"="C:\Program Files\Bbox\eSKernel.exe:*:Enabled:Bbox installation assistant"
"C:\Program Files\BboxUpdate\BTLiveUpdate.exe"="C:\Program Files\BboxUpdate\BTLiveUpdate.exe:*:Enabled:Bbox - Bouygues Telecom - Update Utility"
"C:\WINDOWS\System32\RUNDLL32.EXE"="C:\WINDOWS\System32\RUNDLL32.EXE:*:Enabled:Run a DLL as an application"
"C:\WINDOWS\System32\dpvsetup.exe"="C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE"="C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 2 months======
2010-01-31 11:31:09 ----D---- C:\Documents and Settings\13\Application Data\LEGO Company
2010-01-31 11:31:01 ----D---- C:\Program Files\LEGO Company
2010-01-30 23:13:52 ----RASHD---- C:\autorun.inf
2010-01-30 23:11:39 ----A---- C:\UsbFix.txt
2010-01-30 22:23:17 ----D---- C:\UsbFix
2010-01-30 18:28:05 ----D---- C:\rsit
2010-01-15 23:10:50 ----HD---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 13:28:28 ----D---- C:\Documents and Settings\13\Application Data\Apple Computer
2009-12-25 11:52:26 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom
2009-12-25 11:51:19 ----D---- C:\Documents and Settings\13\Application Data\TomTom
2009-12-25 11:51:11 ----D---- C:\Program Files\TomTom International B.V
2009-12-25 11:50:59 ----D---- C:\Program Files\TomTom HOME 2
2009-12-21 11:11:12 ----HD---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-20 13:33:03 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-12 23:49:20 ----HD---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-12 23:49:15 ----HD---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-12 23:48:36 ----HD---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-12 23:48:30 ----HD---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-12 23:48:23 ----HD---- C:\WINDOWS\$NtUninstallKB971737$
======List of files/folders modified in the last 2 months======
2010-01-31 12:57:52 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-30 23:10:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-15 23:10:56 ----A---- C:\WINDOWS\imsins.BAK
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-21 20:07:02 ----A---- C:\WINDOWS\system32\wininet.dll
2009-12-21 20:07:02 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-12-21 20:07:00 ----A---- C:\WINDOWS\system32\occache.dll
2009-12-21 20:07:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-12-21 20:06:58 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-12-21 20:06:58 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-12-21 20:06:58 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-12-21 20:06:58 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-12-21 20:06:56 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-12-21 20:06:56 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-12-21 20:06:52 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-12-21 14:20:16 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-12-12 23:52:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-07-04 43488]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-10-18 28928]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2004-10-18 27648]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-07-08 12416]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-18 28520]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-07-29 5632]
R1 WS2IFSL;Windows Sockets 2.0 Non-IFS Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]
R3 ALCXSENS;WDM 3D Audio Driver Service; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Realtek AC97 Audio (WDM) Service; C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-05-14 622172]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-04-18 6912]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-07-08 217600]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-02-28 32256]
R3 usbaudio;USB audio (WDM) Driver; C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft Generic USB Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-10-18 98048]
S1 kbdhid;HID Keyboard Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communication Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Personal Area Network Device; C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]
S3 BTHUSB;Bluetooth Radio USB Driver;
it's fine
we're going to do one last cleanup
Disable your antivirus while doing this as well as your firewall if present
▶ Download List&Kill'em and save it to your desktop
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip
▶ unzip it, (right-click/extract.....)
It does not require installation
▶ double-click (right-click "run as administrator" for Vista) to start the scan
choose the language then select option 1 = Search Mode
▶ let the tool work
a report named catchme will appear on your desktop, ignore it, but do not delete it for now
▶ Post the content of the report that opens
we're going to do one last cleanup
Disable your antivirus while doing this as well as your firewall if present
▶ Download List&Kill'em and save it to your desktop
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip
▶ unzip it, (right-click/extract.....)
It does not require installation
▶ double-click (right-click "run as administrator" for Vista) to start the scan
choose the language then select option 1 = Search Mode
▶ let the tool work
a report named catchme will appear on your desktop, ignore it, but do not delete it for now
▶ Post the content of the report that opens
Here is the ToolCleaner report, but I still have icons on the desktop for Rsit and list kill'em.
[ ToolCleaner Report version 2.3.11 (by A.Rothstein & dj QUIOU) ]
--> Search:
C:\UsbFix.txt: found!
C:\UsbFix: found!
C:\Rsit: found!
C:\Documents and Settings\13\Local Settings\temp\27.tmp\catchme.exe: found!
C:\Documents and Settings\13\Local Settings\temp\27.tmp\mbr.log: found!
C:\Documents and Settings\13\Local Settings\temp\27.tmp\mbr.exe: found!
C:\Documents and Settings\13\Local Settings\temp\48.tmp\catchme.exe: found!
C:\Documents and Settings\13\Local Settings\temp\48.tmp\mbr.exe: found!
C:\Documents and Settings\13\Desktop\UsbFix.exe: found!
C:\Documents and Settings\13\Desktop\UsbFix.txt: found!
C:\Documents and Settings\13\Desktop\Rsit.exe: found!
C:\Documents and Settings\13\Desktop\catchme.log: found!
C:\Program Files\Trend Micro\HijackThis.exe: found!
C:\Program Files\Trend Micro\hijackthis.log: found!
C:\Backups\catchme.log: found!
---------------------------------
--> Deletion:
C:\Documents and Settings\13\Local Settings\temp\27.tmp\catchme.exe: deleted!
C:\Documents and Settings\13\Local Settings\temp\48.tmp\catchme.exe: deleted!
C:\Program Files\Trend Micro\HijackThis.exe: deleted!
C:\UsbFix.txt: deleted!
C:\Documents and Settings\13\Local Settings\temp\27.tmp\mbr.log: deleted!
C:\Documents and Settings\13\Local Settings\temp\27.tmp\mbr.exe: deleted!
C:\Documents and Settings\13\Local Settings\temp\48.tmp\mbr.exe: deleted!
C:\Documents and Settings\13\Desktop\UsbFix.exe: deleted!
C:\Documents and Settings\13\Desktop\UsbFix.txt: deleted!
C:\Documents and Settings\13\Desktop\Rsit.exe: deleted!
C:\Documents and Settings\13\Desktop\catchme.log: deleted!
C:\Program Files\Trend Micro\hijackthis.log: deleted!
C:\Backups\catchme.log: deleted!
C:\UsbFix: deleted!
C:\Rsit: deleted!
Recycle Bin emptied!
[ ToolCleaner Report version 2.3.11 (by A.Rothstein & dj QUIOU) ]
--> Search:
C:\UsbFix.txt: found!
C:\UsbFix: found!
C:\Rsit: found!
C:\Documents and Settings\13\Local Settings\temp\27.tmp\catchme.exe: found!
C:\Documents and Settings\13\Local Settings\temp\27.tmp\mbr.log: found!
C:\Documents and Settings\13\Local Settings\temp\27.tmp\mbr.exe: found!
C:\Documents and Settings\13\Local Settings\temp\48.tmp\catchme.exe: found!
C:\Documents and Settings\13\Local Settings\temp\48.tmp\mbr.exe: found!
C:\Documents and Settings\13\Desktop\UsbFix.exe: found!
C:\Documents and Settings\13\Desktop\UsbFix.txt: found!
C:\Documents and Settings\13\Desktop\Rsit.exe: found!
C:\Documents and Settings\13\Desktop\catchme.log: found!
C:\Program Files\Trend Micro\HijackThis.exe: found!
C:\Program Files\Trend Micro\hijackthis.log: found!
C:\Backups\catchme.log: found!
---------------------------------
--> Deletion:
C:\Documents and Settings\13\Local Settings\temp\27.tmp\catchme.exe: deleted!
C:\Documents and Settings\13\Local Settings\temp\48.tmp\catchme.exe: deleted!
C:\Program Files\Trend Micro\HijackThis.exe: deleted!
C:\UsbFix.txt: deleted!
C:\Documents and Settings\13\Local Settings\temp\27.tmp\mbr.log: deleted!
C:\Documents and Settings\13\Local Settings\temp\27.tmp\mbr.exe: deleted!
C:\Documents and Settings\13\Local Settings\temp\48.tmp\mbr.exe: deleted!
C:\Documents and Settings\13\Desktop\UsbFix.exe: deleted!
C:\Documents and Settings\13\Desktop\UsbFix.txt: deleted!
C:\Documents and Settings\13\Desktop\Rsit.exe: deleted!
C:\Documents and Settings\13\Desktop\catchme.log: deleted!
C:\Program Files\Trend Micro\hijackthis.log: deleted!
C:\Backups\catchme.log: deleted!
C:\UsbFix: deleted!
C:\Rsit: deleted!
Recycle Bin emptied!
I have to leave the computer now. I will resume the cleaning with CCleaner later.
I also still need to recreate a restore point.
Thank you.
I also still need to recreate a restore point.
Thank you.
Hello,
I have finished the cleaning.
I loaded FileHippo. I had it on my computer for a while but I noticed that it always downloaded original versions where I couldn't choose French, which is why I removed it. I then had programs all in English that I had to uninstall to reinstall in French. Not great.
Is there a French version available?
Thank you for your valuable help.
I have finished the cleaning.
I loaded FileHippo. I had it on my computer for a while but I noticed that it always downloaded original versions where I couldn't choose French, which is why I removed it. I then had programs all in English that I had to uninstall to reinstall in French. Not great.
Is there a French version available?
Thank you for your valuable help.
I just emptied the malware quarantine. I was trying to look at my documents but if I have to do them one by one it will take a long time!!
What do you mean by regularly backing up documents? How do we do that?
I run scans with Malwarebytes from time to time and Antivir.
There was a cleanup via this forum in May I believe and that’s it. By the way, ComboFix is one of the cleaning tools and it shouldn’t be on the computer anymore.
What do you mean by regularly backing up documents? How do we do that?
I run scans with Malwarebytes from time to time and Antivir.
There was a cleanup via this forum in May I believe and that’s it. By the way, ComboFix is one of the cleaning tools and it shouldn’t be on the computer anymore.
I understand.
Unfortunately, I don't have any installation software because I bought the computer second-hand and received it without the CDs.
Unfortunately, I don't have any installation software because I bought the computer second-hand and received it without the CDs.
We will check for other infections on the PC
Download Random's System Information Tool (RSIT) from random/random and save the executable on your Desktop.
- http://images.malwareremoval.com/random/RSIT.exe
! Disconnect and close all your running applications!
* Double-click on RSIT.exe to launch it.
* A first window opens with the title: Disclaimer of warranty.
* In front of the option List files/folders created ..., select 2 months
* Then click on Continue to start the scan...
* Let the scan run and don’t touch the PC...
* When the scan is finished, two text files will open (probably with Notepad).
* Upload the content of log.txt (the one that appears on the screen), as well as info.txt here.
Click on browse
Once you have found the reports to upload, click on open
Click on Click here to upload the file, then provide the link
that appears like this http:/www.cijoint.fr/cjlink.php?file=cj200911/cijgAdC3Ch.txt
Note: the reports will also be saved in this folder C:\rsit
You will need to create a Windows recovery CD.
Download Random's System Information Tool (RSIT) from random/random and save the executable on your Desktop.
- http://images.malwareremoval.com/random/RSIT.exe
! Disconnect and close all your running applications!
* Double-click on RSIT.exe to launch it.
* A first window opens with the title: Disclaimer of warranty.
* In front of the option List files/folders created ..., select 2 months
* Then click on Continue to start the scan...
* Let the scan run and don’t touch the PC...
* When the scan is finished, two text files will open (probably with Notepad).
* Upload the content of log.txt (the one that appears on the screen), as well as info.txt here.
Click on browse
Once you have found the reports to upload, click on open
Click on Click here to upload the file, then provide the link
that appears like this http:/www.cijoint.fr/cjlink.php?file=cj200911/cijgAdC3Ch.txt
Note: the reports will also be saved in this folder C:\rsit
You will need to create a Windows recovery CD.
Here it is. I couldn't install the program on the desktop. I can't find it. I re-registered it and started it from the "finished files" box that the computer displays at the end of each download. Tell me how to find it to install it on the desktop.
Here are the links to the 2 reports that I saved on my desktop for easy access.
http://www.cijoint.fr/cjlink.php?file=cj201001/cijhcPU6x6.txt
http://www.cijoint.fr/cjlink.php?file=cj201001/cijEODitmi.txt
Here are the links to the 2 reports that I saved on my desktop for easy access.
http://www.cijoint.fr/cjlink.php?file=cj201001/cijhcPU6x6.txt
http://www.cijoint.fr/cjlink.php?file=cj201001/cijEODitmi.txt
Download USBFix (by El Desaparecido, C_XX, and Chimay8) to your desktop
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
or
https://www.ionos.fr/?affiliate_id=77097
Connect your external data sources to your PC (USB flash drive, external hard drive, etc.) that may have been infected without opening them
# Double-click on the UsbFix shortcut on your desktop.
# Select option 1 (Search)
# Let the tool work.
# Then post the UsbFix.txt report that will appear.
# Note: The UsbFix.txt report is saved at the root of the drive. ( C:\UsbFix.txt )
( CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste )
# Note: "Process.exe," a component of the tool, is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus, but a utility designed to terminate processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
or
https://www.ionos.fr/?affiliate_id=77097
Connect your external data sources to your PC (USB flash drive, external hard drive, etc.) that may have been infected without opening them
# Double-click on the UsbFix shortcut on your desktop.
# Select option 1 (Search)
# Let the tool work.
# Then post the UsbFix.txt report that will appear.
# Note: The UsbFix.txt report is saved at the root of the drive. ( C:\UsbFix.txt )
( CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste )
# Note: "Process.exe," a component of the tool, is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus, but a utility designed to terminate processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.
############################## | UsbFix V6.083 |
User : 13 (Administrators) # LAURA
Update on 30/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 22:25:26 | 30/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Sempron(tm) 2800+
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
C:\ -> Local disk # 37.26 Go (7.64 Go free) [ACER] # FAT32
D:\ -> CD-ROM drive
E:\ -> CD-ROM drive
F:\ -> Removable drive
G:\ -> Removable drive # 7.45 Go (2.75 Go free) [8 GB USB] # FAT32
I:\ -> Removable drive
J:\ -> Removable drive
K:\ -> Removable drive
############################## | Active Processes |
C:\WINDOWS\System32\smss.exe 436
C:\WINDOWS\system32\csrss.exe 524
C:\WINDOWS\system32\winlogon.exe 548
C:\WINDOWS\system32\services.exe 592
C:\WINDOWS\system32\lsass.exe 604
C:\WINDOWS\system32\svchost.exe 764
C:\WINDOWS\system32\svchost.exe 824
C:\WINDOWS\System32\svchost.exe 932
C:\Program Files\Ahead\InCD\InCDsrv.exe 956
C:\WINDOWS\system32\svchost.exe 1124
C:\WINDOWS\system32\svchost.exe 1208
C:\WINDOWS\system32\spoolsv.exe 1316
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1364
C:\WINDOWS\Explorer.EXE 1544
C:\WINDOWS\system32\svchost.exe 1748
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 204
C:\WINDOWS\system32\svchost.exe 200
C:\Program Files\Microsoft LifeCam\MSCamS32.exe 264
C:\WINDOWS\system32\svchost.exe 408
C:\Program Files\Ahead\InCD\InCD.exe 968
C:\WINDOWS\system32\rundll32.exe 972
C:\WINDOWS\vVX1000.exe 1160
C:\Program Files\BboxUpdate\BTLiveUpdate.exe 1204
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1376
C:\WINDOWS\SOUNDMAN.EXE 1456
C:\Program Files\PROMT5\INTEGRAL\pinmenu.exe 1476
C:\Program Files\Messenger\msmsgs.exe 1504
C:\WINDOWS\system32\ctfmon.exe 1512
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 1612
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe 1636
C:\Program Files\Logitech\SetPoint\SetPoint.exe 1728
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE 112
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe 1948
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe 1956
C:\WINDOWS\System32\alg.exe 2408
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2960
C:\WINDOWS\system32\wbem\wmiprvse.exe 3132
################## | Infectious Elements |
################## | Registry |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{442fa552-f13b-11de-b723-000fead631fe}
Shell\AutoRun\command =H:\InstallTomTomHOME.exe
HKCU\..\..\Explorer\MountPoints2\{5c4563d0-e49e-11dd-b57f-000fead631fe}
Shell\Auto\command =cmd /C launch.bat
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
HKCU\..\..\Explorer\MountPoints2\{e6168d5c-db36-11dd-b56c-000fead631fe}
Shell\AutoRun\command =H:\LaunchU3.exe -a
################## | ! End of report # UsbFix V6.083 ! |
User : 13 (Administrators) # LAURA
Update on 30/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 22:25:26 | 30/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Sempron(tm) 2800+
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
C:\ -> Local disk # 37.26 Go (7.64 Go free) [ACER] # FAT32
D:\ -> CD-ROM drive
E:\ -> CD-ROM drive
F:\ -> Removable drive
G:\ -> Removable drive # 7.45 Go (2.75 Go free) [8 GB USB] # FAT32
I:\ -> Removable drive
J:\ -> Removable drive
K:\ -> Removable drive
############################## | Active Processes |
C:\WINDOWS\System32\smss.exe 436
C:\WINDOWS\system32\csrss.exe 524
C:\WINDOWS\system32\winlogon.exe 548
C:\WINDOWS\system32\services.exe 592
C:\WINDOWS\system32\lsass.exe 604
C:\WINDOWS\system32\svchost.exe 764
C:\WINDOWS\system32\svchost.exe 824
C:\WINDOWS\System32\svchost.exe 932
C:\Program Files\Ahead\InCD\InCDsrv.exe 956
C:\WINDOWS\system32\svchost.exe 1124
C:\WINDOWS\system32\svchost.exe 1208
C:\WINDOWS\system32\spoolsv.exe 1316
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1364
C:\WINDOWS\Explorer.EXE 1544
C:\WINDOWS\system32\svchost.exe 1748
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 204
C:\WINDOWS\system32\svchost.exe 200
C:\Program Files\Microsoft LifeCam\MSCamS32.exe 264
C:\WINDOWS\system32\svchost.exe 408
C:\Program Files\Ahead\InCD\InCD.exe 968
C:\WINDOWS\system32\rundll32.exe 972
C:\WINDOWS\vVX1000.exe 1160
C:\Program Files\BboxUpdate\BTLiveUpdate.exe 1204
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1376
C:\WINDOWS\SOUNDMAN.EXE 1456
C:\Program Files\PROMT5\INTEGRAL\pinmenu.exe 1476
C:\Program Files\Messenger\msmsgs.exe 1504
C:\WINDOWS\system32\ctfmon.exe 1512
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 1612
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe 1636
C:\Program Files\Logitech\SetPoint\SetPoint.exe 1728
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE 112
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe 1948
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe 1956
C:\WINDOWS\System32\alg.exe 2408
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2960
C:\WINDOWS\system32\wbem\wmiprvse.exe 3132
################## | Infectious Elements |
################## | Registry |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{442fa552-f13b-11de-b723-000fead631fe}
Shell\AutoRun\command =H:\InstallTomTomHOME.exe
HKCU\..\..\Explorer\MountPoints2\{5c4563d0-e49e-11dd-b57f-000fead631fe}
Shell\Auto\command =cmd /C launch.bat
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
HKCU\..\..\Explorer\MountPoints2\{e6168d5c-db36-11dd-b56c-000fead631fe}
Shell\AutoRun\command =H:\LaunchU3.exe -a
################## | ! End of report # UsbFix V6.083 ! |
By opening the Downloads folder, I find the programs. Can I drag them to the desktop to install them there?
- 1
- 2
- 3
Next