Hello, I'm presenting the problem. So, as soon as I open a program (like Firefox, iTunes, or any game), my CPU usage shoots up to 100%. Before, it was svchost that was consuming a lot, now it's any program. The program's consumption skyrockets until the CPU reaches 100% as soon as I start it. I've searched everywhere for a solution but found nothing, so I'm now asking for help. I don't know if it has anything to do with the fact that this started happening after I uninstalled Vista. Thank you in advance for helping me because right now, I really can't do anything with my PC.

100% CPU Usage : CCM

Answer 1 / 22

Anonymous user

Good evening everyone,
Rhakzi, you need to activate Kaspersky....

So,
activate Kaspersky and run a scan. Post its report at the end of the analysis.

Then,
> Download MalwareBytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- Install the program and then run it please.
Note: If you are missing COMCTL32.OCX, download it here: https://www.malekal.com/tutorial-aboutbuster/
- Update it (click on "Updates" then "Check for Updates")
- Start in safe mode (image). If there's a problem: tutorial here
- Launch MalwareBytes Anti-Malware, then click "Run a full scan," then "Scan" and select all your hard drives => the scan begins....please wait...
- At the end of the scan, click "remove" (If some items are difficult to remove, a message will ask you to restart: click "Yes" then)
- A report will be generated (the last one after removing the infections): save it and post it on the forum please.

Finally,
please post a new HiJackT report to see if the crap is gone.

Good luck,

See you soon

--
Fire Walk with Me ~~~~~~~~~~> o_Ö

Rhakzi Posted messages 36 Status Member

So, I'm putting the final report from Kaspersky

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 250987 0 0 0 0 719 193
My documents 37 0 0 0 0 0 0
Mail databases 2 0 0 0 0 1 0
Floppy disk 3.5 (A:) 4 0 0 0 0 0 0
Local disk (C:) 29488 0 0 0 0 46 115
Local disk (D:) 221456 0 0 0 0 672 78

Password Protected Corrupted

-----------------------------------------------------
0 0
0 0
0 0
0 0
0 0
0 0

MalwareBytes Report

Malwarebytes' Anti-Malware 1.12
Database version: 770

Scan type: Full scan (C:\|D:\|)
Items scanned: 133552
Elapsed time: 1 hour(s), 51 minute(s), 34 second(s)

Infected memory processes: 0
Infected memory modules: 0
Infected registry keys: 0
Infected registry values: 0
Infected registry data items: 0
Infected folders: 0
Infected files: 1

Infected memory processes:
(No harmful items detected)

Infected memory modules:
(No harmful items detected)

Infected registry keys:
(No harmful items detected)

Infected registry values:
(No harmful items detected)

Infected registry data items:
(No harmful items detected)

Infected folders:
(No harmful items detected)

Infected files:
D:\Program Files\Premium Booster\RdvChk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HijackThis Report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:29, on 21/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menu item: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 3993 bytes

There you go.

Answer 2 / 22

Anonymous user

Hello everyone,
Yes, work and a life in parallel...
But here I am again...

So,
> Launch Hijackthis:
- Then select < Do a system scan only >
- Check the boxes for the following lines:

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

Then,
- Close all other windows and applications (even internet)
- Click on < fix checked >

After,
> Then go to this site virustotal and have the following file analyzed please:
(If there's a problem: http://pageperso.aol.fr/loraline60/virus_total.htm )

C:\WINDOWS\System32\syssetub.dll

and post the result by copy/paste please (or the link http).

If you can't find the file,
> Make sure you have access to hidden files:
Start menu => appearance and themes => folder options => view
"Show hidden files" => checked

Then,
> Run Ccleaner in safe mode please

> Restart your PC in normal mode then Hijackthis:
Then select < do a system scan and save a logfile >,

And send, by copy/paste, your Hijackthis log please,

That's it.

Good luck.

See you later
--
Fire Walk with Me ~~~~~~~~~~> o_Ö

Rhakzi Posted messages 36 Status Member

Was the file indeed syssetup.dll and not syssetub.dll? Because even with hidden files displayed, I couldn't find syssetub.dll (and considering what you made me do with HijackThis, it's likely that it's syssetup.dll)

Here's the VirusTotal report:

File syssetup.dll received on 2008.05.28 19:08:22 (CET)
Current status: finished
Result: 0/32 (0%)

Antivirus Version Last updated Result
AhnLab-V3 2008.5.29.0 2008.05.28 -
AntiVir 7.8.0.19 2008.05.28 -
Authentium 5.1.0.4 2008.05.28 -
Avast 4.8.1195.0 2008.05.28 -
AVG 7.5.0.516 2008.05.28 -
BitDefender 7.2 2008.05.28 -
CAT-QuickHeal 9.50 2008.05.28 -
ClamAV 0.92.1 2008.05.28 -
DrWeb 4.44.0.09170 2008.05.28 -
eSafe 7.0.15.0 2008.05.28 -
eTrust-Vet 31.4.5829 2008.05.28 -
Ewido 4.0 2008.05.28 -
F-Prot 4.4.4.56 2008.05.27 -
F-Secure 6.70.13260.0 2008.05.28 -
Fortinet 3.14.0.0 2008.05.28 -
GData 2.0.7306.1023 2008.05.28 -
Ikarus T3.1.1.26.0 2008.05.28 -
Kaspersky 7.0.0.125 2008.05.28 -
McAfee 5305 2008.05.28 -
Microsoft 1.3520 2008.05.28 -
NOD32v2 3140 2008.05.28 -
Norman 5.80.02 2008.05.28 -
Panda 9.0.0.4 2008.05.28 -
Prevx1 V2 2008.05.28 -
Rising 20.46.22.00 2008.05.28 -
Sophos 4.29.0 2008.05.28 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.28 -
TheHacker 6.2.92.321 2008.05.27 -
VBA32 3.12.6.6 2008.05.28 -
VirusBuster 4.3.26:9 2008.05.28 -
Webwasher-Gateway 6.6.2 2008.05.28 -
Additional information
File size: 1005056 bytes
MD5...: 1fde0fd97a4ff656d3b50f7ae1c6f6ee
SHA1..: c27f5fcc2e7e7d1f74ac351408fe418143c16844
SHA256: 6d42613499feeae218630ae4e0f42b9f881ef8855b75da7e2d8e16508bddfd0b
SHA512: 80c5f71186d59494d29a482ef79dfdb79f4d7b0293aece3646bf28dc1ef0adcd
7637cf9cdcc87f9d7cae34b847da371401750e37bb4b1fd73bd337c8457b630b
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5bd74d10
timedatestamp.....: 0x412533c2 (Thu Aug 19 23:12:02 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7d73c 0x7d800 6.30 707ea40578896b426d0b0af6c7f987be
.data 0x7f000 0xa2dc 0x2c00 3.95 97f2d65a9af67ba604eb18292c309c7c
.rsrc 0x8a000 0x6d328 0x6d400 5.60 8c44de5d0468e9c3370963735bf62f32
.reloc 0xf8000 0x7866 0x7a00 6.20 bd640e7cdde1f5f62a85c520c21575af

( 16 imports )
> SETUPAPI.dll: pSetupAppendStringToMultiSz, pSetupSetNoDriverPrompts, SetupDiBuildClassInfoList, SetupDiGetClassDescriptionW, pSetupDiGetDeviceInfoContext, SetupGetFileQueueFlags, pSetupVerifyQueuedCatalogs, pSetupInfIsFromOemLocation, pSetupDiSetDeviceInfoContext, CMP_WaitNoPendingInstallEvents, SetupDiGetClassDevsExW, pSetupInfCacheBuild, SetupGetLineTextW, pSetupFree, CM_Open_Class_KeyW, SetupDiGetINFClassW, pSetupIsGuidNull, SetupDiClassGuidsFromNameW, pSetupQueryMultiSzValueToArray, pSetupSetArrayToMultiSzValue, SetupAddToSourceListW, SetupRemoveFromSourceListW, pSetupOutOfMemory, pSetupUnicodeToMultiByte, SetupInitDefaultQueueCallbackEx, SetupTermDefaultQueueCallback, SetupDefaultQueueCallbackW, pSetupStringFromGuid, pSetupRegistryDelnode, SetupInstallServicesFromInfSectionExW, SetupInstallStopEx, SetupIterateCabinetW, SetupGetRealSystemTime, SetupOpenAndMapFileForRead, pSetupUnmapAndCloseFile, SetupScanFileQueueW, SetupPromptForDiskW, pSetupSetSystemSourcePath, SetupOpenAppendInfFileW, SetupGetGlobalFlags, pSetupSetGlobalFlags, SetupQueueCopyW, SetupOpenFileQueue, SetupInstallFilesFromInfSectionW, SetupCommitFileQueueW, SetupCloseFileQueue, SetupGetInfInformationW, SetupGetSourceFileLocationW, SetupGetSourceInfoW, SetupDecompressOrCopyFileW, SetupQueryInfFileInformationW, pSetupGetFileTitle, pSetupVerifyFile, pSetupFreeStringArray, pSetupVerifyCatalogFile, pSetupGetCurrentDriverSigningPolicy, pSetupHandleFailedVerification, CM_Get_DevNode_Status, SetupDiCreateDeviceInfoW, SetupDiRegisterDeviceInfo, SetupDiDeleteDeviceInfo, CM_Get_Device_ID_ListW, CM_Get_Device_ID_List_SizeW, pSetupAcquireSCMLock, SetupGetLineCountW, SetupDiEnumDeviceInfo, SetupDiCreateDeviceInfoList, SetupDiGetDeviceInstanceIdW, SetupDiOpenDeviceInfoW, pSetupGetField, pSetupRetrieveServiceConfig, pSetupAddTagToGroupOrderListEntry, SetupGetFieldCount, SetupDiInstallDevice, SetupDiSetDeviceRegistryPropertyW, SetupInstallFromInfSectionW, SetupDiSelectBestCompatDrv, SetupFindNextMatchLineW, SetupOpenLog, SetupLogErrorW, SetupCloseLog, SetupDiSetSelectedDriverW, SetupDiEnumDriverInfoW, SetupDiGetDriverInstallParamsW, SetupDiSetDriverInstallParamsW, SetupDiCreateDevRegKeyW, SetupDiGetActualSectionToInstallW, SetupGetMultiSzFieldW, pSetupCenterWindowRelativeToParent, SetupGetIntField, SetupGetLineByIndexW, SetupDiGetClassDevsW, SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailW, CM_Get_Parent, SetupDiDestroyDeviceInfoList, pSetupEnablePrivilege, pSetupStringTableInitialize, SetupDiCallClassInstaller, SetupDiDestroyDriverInfoList, SetupDiGetSelectedDriverW, pSetupGuidFromString, SetupDiOpenDevRegKey, SetupCopyOEMInfW, SetupDiBuildDriverInfoList, SetupDiOpenClassRegKey, SetupDiInstallClassW, SetupDiGetDriverInfoDetailW, pSetupStringTableAddString, pSetupStringTableInitializeEx, SetupCloseInfFile, pSetupStringTableLookUpString, pSetupStringTableGetExtraData, pSetupDuplicateString, pSetupStringTableAddStringEx, pSetupStringTableDestroy, SetupOpenInfFileW, pSetupRealloc, SetupDiGetClassInstallParamsW, SetupDiSetClassInstallParamsW, SetupDiGetDeviceInstallParamsW, SetupDiSetDeviceInstallParamsW, SetupDiGetDeviceInfoListDetailW, SetupDiLoadClassIcon, SetupDiGetDeviceRegistryPropertyW, SetupFindFirstLineW, SetupGetStringFieldW, pSetupConcatenatePaths, SetupFindNextLine, pSetupMalloc, pSetupInstallCatalog
> ntdll.dll: NtOpenFile, NtSetSystemInformation, _strcmpi, RtlCopyUnicodeString, RtlEqualUnicodeString, RtlSubAuthorityCountSid, RtlLengthRequiredSid, RtlCopySid, RtlSubAuthoritySid, NtPowerInformation, RtlLockBootStatusData, RtlGetSetBootStatusData, RtlCreateBootStatusDataFile, RtlUnlockBootStatusData, NtDeviceIoControlFile, DbgPrintEx, NtQuerySystemInformation, NtCreateFile, NtOpenKey, NtQueryValueKey, RtlIntegerToUnicodeString, RtlEqualSid, RtlNtStatusToDosError, VerSetConditionMask, NtQuerySystemEnvironmentValue, RtlInitializeSid, NtQuerySymbolicLinkObject, NtClose, RtlUnwind, NtOpenEvent, NtCreateEvent, RtlImageNtHeader, DbgBreakPoint, NtSetSystemEnvironmentValue, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlAppendUnicodeStringToString, RtlInitUnicodeString, NtOpenSymbolicLinkObject
> GDI32.dll: SetTextColor, GetDeviceCaps, AddFontResourceW, GetStockObject, CreateFontIndirectW, SelectObject, StretchDIBits, CreateCompatibleDC, GetObjectW, SetBkColor, GetTextExtentPointW, BitBlt, DeleteDC, DeleteObject, SetStretchBltMode, SetBkMode, CreateDIBSection
> KERNEL32.dll: GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, VirtualProtect, VirtualQuery, InterlockedExchange, VirtualAlloc, EnterCriticalSection, LeaveCriticalSection, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentStrings, FreeEnvironmentStringsA, GetModuleFileNameA, DeleteCriticalSection, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, TlsAlloc, TlsGetValue, TlsFree, GetModuleHandleA, HeapReAlloc, GetVersionExA, GetCommandLineA, TlsSetValue, lstrcpynA, LocalReAlloc, UnhandledExceptionFilter, GetCurrentProcessId, QueryPerformanceCounter, FindResourceW, LoadResource, LockResource, GetLogicalDriveStringsW, GlobalMemoryStatusEx, MoveFileW, lstrcpyA, lstrcmpiA, SetThreadLocale, TerminateThread, GetThreadLocale, SetThreadExecutionState, SetComputerNameExW, GetLogicalDrives, IsDebuggerPresent, ExitThread, ExitProcess, CreateEventW, CreateNamedPipeW, SetEvent, ConnectNamedPipe, DisconnectNamedPipe, GetACP, SearchPathW, GetSystemTime, OpenEventW, CopyFileA, DeleteFileA, GetSystemTimeAsFileTime, GetTickCount, LoadLibraryExW, LoadLibraryA, GlobalAlloc, GlobalFree, InitializeCriticalSection, SetUserGeoID, GetUserGeoID, EnumSystemGeoID, GetUserDefaultLCID, EnumSystemLocalesW, GetLocaleInfoW, IsValidLocale, DnsHostnameToComputerNameW, GetModuleHandleW, GetVersion, FreeLibraryAndExitThread, ReleaseMutex, CreateMutexW, lstrlenA, GetPrivateProfileIntW, GetGeoInfoW, GetOEMCP, WaitForSingleObjectEx, RemoveDirectoryW, GetStartupInfoW, GetTempPathW, CopyFileW, CreateFileMappingW, MapViewOfFile, MoveFileExW, GetModuleFileNameW, GetLocalTime, WideCharToMultiByte, OutputDebugStringW, SetUnhandledExceptionFilter, GetFullPathNameW, GetCurrentDirectoryW, SetCurrentDirectoryW, CreateActCtxW, SetEnvironmentVariableW, CreateDirectoryW, FindNextFileW, GetTempFileNameW, RaiseException, LocalSize, WritePrivateProfileStringW, GetSystemInfo, FormatMessageW, GetFileAttributesW, lstrcmpW, LocalAlloc, GetExitCodeThread, GetCPInfo, LocalFree, GetCurrentThreadId, CreateThread, SetTimeZoneInformation, Sleep, GetDriveTypeW, SetErrorMode, GetFileSize, SetFilePointer, ReadFile, MultiByteToWideChar, FlushFileBuffers, VerifyVersionInfoW, DuplicateHandle, ExpandEnvironmentStringsW, GetLocaleInfoA, CreateProcessW, WaitForSingleObject, GetWindowsDirectoryA, EnumSystemLocalesA, IsValidCodePage, SetStdHandle, CreateFileA, SetEndOfFile, lstrcmpA, GetFullPathNameA, CreateEventA, IsDBCSLeadByte, FormatMessageA, CompareStringW, UnmapViewOfFile, _lwrite, _lcreat, SetFileAttributesA, _lclose, _lread, _llseek, _lopen, GetCurrentThread, SetThreadAffinityMask, GetProcessAffinityMask, GetCurrentProcess, InterlockedIncrement, GetProcAddress, LoadLibraryW, GetPrivateProfileStringW, FreeLibrary, DeleteFileW, SetFileAttributesW, GetWindowsDirectoryW, HeapFree, HeapAlloc, GetProcessHeap, lstrcatW, FindClose, FindFirstFileW, QueryDosDeviceW, CloseHandle, GetLastError, DeviceIoControl, CreateFileW, lstrlenW, GetVolumeInformationW, GetSystemDirectoryW, lstrcpyW, lstrcpynW, GetSystemWindowsDirectoryW, lstrcmpiW, SetLastError, GetDiskFreeSpaceW, GetTimeZoneInformation, GetVersionExW, GetEnvironmentVariableW, GetComputerNameW, WriteFile, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetExitCodeProcess, TerminateProcess
> POWRPROF.dll: SetActivePwrScheme
> USER32.dll: CharToOemA, GetSysColorBrush, wsprintfA, IsDlgButtonChecked, SendMessageW, SetWindowLongW, CheckRadioButton, PostMessageW, GetParent, EnableWindow, GetDlgItem, CheckDlgButton, LoadStringW, SetDlgItemTextW, DestroyIcon, SendDlgItemMessageW, WinHelpW, wsprintfW, CharLowerW, EndDialog, LoadBitmapW, LoadCursorW, PostThreadMessageW, ShowCursor, SetCursor, DialogBoxParamW, IsWindow, SetFocus, SetTimer, KillTimer, DispatchMessageW, GetMessageW, CharUpperBuffW, GetWindowLongW, LoadIconW, MessageBoxW, CharUpperW, EndPaint, GetClientRect, GetSysColor, DrawTextW, GetSystemMetrics, BeginPaint, DefWindowProcW, UnregisterClassW, RegisterClassW, MsgWaitForMultipleObjects, SetForegroundWindow, SetWindowTextW, ReleaseDC, GetDC, LoadImageW, PostQuitMessage, DestroyWindow, RegisterHotKey, SetShellWindow, ShowWindow, CreateWindowExW, PeekMessage, WaitMessage, GetKeyboardLayout, GetDlgItemTextW, wvsprintfW, ChangeDisplaySettingsW, EnumDisplaySettingsW, CallWindowProcW, GetDlgCtrlID, UpdateWindow, InvalidateRect, CharUpperA, SendMessageTimeoutW, wvsprintfA, MoveWindow, ClientToScreen, GetWindowRect, GetDesktopWindow, GetAsyncKeyState, GetActiveWindow, FillRect, SetActiveWindow, SetWindowPos, EnableMenuItem, GetSystemMenu, MessageBoxA
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> sfc.dll: -
> sfcfiles.dll: SfcGetFiles
> SHLWAPI.dll: SHDeleteKeyW, StrCmpNIW, StrTrimW, wvnsprintfW
> CRYPTUI.dll: I_CryptUIProtect
> NETAPI32.dll: NetApiBufferFree, NetGetJoinInformation, NetUserSetInfo, NetUserGetInfo, NetpNtStatusToApiStatus
> RPCRT4.dll: UuidToStringW, UuidFromStringW, UuidCreate, RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcBindingFree, NdrClientCall2, RpcStringFreeW
> urlmon.dll: CoInternetParseUrl
> IMM32.dll: ImmAssociateContext
> WINTRUST.dll: CryptCATClose, CryptCATEnumerateCatAttr, CryptCATAdminAcquireContext, CryptCATAdminRemoveCatalog, CryptCATAdminReleaseContext, IsCatalogFile, CryptCATOpen

( 87 exports )
AsrAddSifEntryA, AsrAddSifEntryW, AsrCreateStateFileA, AsrCreateStateFileW, AsrFreeContext, AsrRestorePlugPlayRegistryData, AsrpGetLocalDiskInfo, AsrpGetLocalVolumeInfo, AsrpRestoreNonCriticalDisksW, CdromPropPageProvider, ComputerClassInstaller, CreateLocalAdminAccount, CreateLocalAdminAccountEx, CreateLocalUserAccount, CriticalDeviceCoInstaller, DevInstallW, DeviceBayClassInstaller, DiskPropPageProvider, DoInstallComponentInfs, EisaUpHalCoInstaller, EisaUpHalPropPageProvider, GenerateName, HdcClassInstaller, InitializeSetupLog, InstallWindowsNt, InvokeExternalApplicationEx, KeyboardClassInstaller, LegacyDriverPropPageProvider, MigrateExceptionPackages, MouseClassInstaller, NtApmClassInstaller, OpkCheckVersion, PS2MousePropPageProvider, PnPInitializationThread, PrepareForAudit, RepairStartMenuItems, ReportError, RunOEMExtraTasks, ScsiClassInstaller, SetAccountsDomainSid, SetupAddOrRemoveTestCertificate, SetupChangeFontSize, SetupChangeLocale, SetupChangeLocaleEx, SetupCreateOptionalComponentsPage, SetupDestroyLanguageList, SetupDestroyPhoneList, SetupEnumerateRegisteredOsComponents, SetupExtendPartition, SetupGetGeoOptions, SetupGetKeyboardOptions, SetupGetLocaleOptions, SetupGetProductType, SetupGetSetupInfo, SetupGetValidEula, SetupInfObjectInstallActionW, SetupInstallCatalog, SetupMapTapiToIso, SetupOobeBnk, SetupOobeCleanup, SetupOobeInitDebugLog, SetupOobeInitPostServices, SetupOobeInitPreServices, SetupPidGen3, SetupQueryRegisteredOsComponent, SetupQueryRegisteredOsComponentsOrder, SetupReadPhoneList, SetupRegisterOsComponent, SetupSetAdminPassword, SetupSetDisplay, SetupSetIntlOptions, SetupSetRegisteredOsComponentsOrder, SetupSetSetupInfo, SetupShellSettings, SetupStartService, SetupUnRegisterOsComponent, StorageCoInstaller, SystemUpdateUserProfileDirectory, TapeClassInstaller, TapePropPageProvider, TerminateSetupLog, UpdatePnpDeviceDrivers, UpgradePrinters, ViewSetupActionLog, VolumeClassInstaller, pSetupDebugPrint, pSetuplogSfcError

Here is the HijackThis report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:33, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 3542 bytes

Otherwise, it hasn't changed anything.

Answer 3 / 22

Anonymous user

Hi,
Well....

Did you install software (before it slows down)?

So,
let's start over:
> Launch Hijackthis:
- Then select < Do a system scan only >
- Check the boxes for the following lines:

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

Then,
- Close all other windows and applications (including the internet)
- Click on < fix checked >

> Please run Ccleaner in safe mode

How is the PC doing?

If it's better then please post a new HiJackT report.

Otherwise,
> Download DSS (Deckard's System Scanner) to your Desktop: http://www.techsupportforum.com/sectools/Deckard/dss.exe
- Choose <save> and <Desktop> for the location.
- Close all running applications (including the internet). It's important because otherwise the PC may crash.
- Double-click on dss.exe to launch the tool.
- If it doesn’t find HijackThis, click Yes.
- Click OK every time you are prompted.
- Once the scan is finished, a report will display. Please post its content in your reply.
Note: The report is also located here: C:\Deckard\System Scanner\main.txt
PS: If you get two reports (main.txt + extra.txt), please post both.
Warning: the reports can be long, so send each one in a different post (otherwise the end may be missing).

Good luck,

Talk soon

--
Fire Walk with Me ~~~~~~~~~~> o_Ö

Rhakzi Posted messages 36 Status Member

Well, the PC doesn't work any better, frankly.

You asked me if I had installed a program before it crashed, and well, I had installed Vista (a 100% legal version with an unused legal key as well) to see if it would work. Vista worked fine at first, then it crashed a bit and after that, it crashed all the time. So, I decided to go back to Windows XP, which I had already used before Vista and which had not shown any of the current symptoms. I should note that I've always used the same Windows XP CD. It started doing what it's doing now since I reinstalled Windows after uninstalling Vista.

Anyway, I'm attaching both reports.

Rhakzi Posted messages 36 Status Member

main.txt

Deckard's System Scanner v20071014.68
Run by Nicolas on 2008-05-29 22:03:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Nicolas.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:03, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Nicolas\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nicolas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 3172 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080524-174330-124 O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
backup-20080524-174330-276 O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
backup-20080524-174330-310 O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'NETWORK SERVICE')
backup-20080524-174330-322 O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'LOCAL SERVICE')
backup-20080524-174330-342 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080524-174330-475 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
backup-20080524-174330-914 O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
backup-20080524-174331-719 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
backup-20080528-183218-247 O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
backup-20080528-183218-401 O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
backup-20080528-183218-633 O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
backup-20080529-211306-295 O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
backup-20080529-211306-297 O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
backup-20080529-211306-306 O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
backup-20080529-211306-481 O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

-- File Associations -----------------------------------------------------------

[COLOR=red].js - JSFile - DefaultIcon - D:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2/COLOR
[COLOR=red].js - JSFile - shell\open\command - "D:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"/COLOR
[COLOR=red].scr - scrfile - shell\open\command - "%1" %*/COLOR

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 catchme - c:\docume~1\nicolas\locals~1\temp\catchme.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys (file missing)
S3 PCAlertDriver - c:\program files\msi\core center\ntglm7x.sys <Not Verified; MICRO-STAR INT'L CO., LTD.; MSI PCAlert 4>
S3 RushTopDevice - c:\program files\msi\core center\rushtop.sys <Not Verified; MICRO-STAR INT'L CO., LTD.; MSI CoreCenter>
S3 SANDRA - c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\sandra.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Bonjour Service (Service Bonjour) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-29 22:00:02 512 --a------ C:\WINDOWS\Tasks\One-click Maintenance.job
2008-05-21 12:46:40 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-04-29 and 2008-05-29 -----------------------------

2008-05-29 21:19:49 0 dr-h----- C:\Documents and Settings\Nicolas\Recent
2008-05-26 19:34:21 0 d-------- C:\Program Files\Tem The Firm
2008-05-24 17:31:24 0 d-------- C:\Program Files\Sunbelt Software
2008-05-21 18:29:17 0 d-------- C:\WINDOWS\ERUNT
2008-05-21 18:11:01 0 d-------- C:\Program Files\CCleaner
2008-05-21 13:32:09 0 d-------- C:\Program Files\Avira
2008-05-21 13:32:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-21 12:46:24 0 d-------- C:\Program Files\Apple Software Update
2008-05-20 20:58:02 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Malwarebytes
2008-05-20 20:57:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-20 20:56:50 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-18 18:33:03 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Identities
2008-05-18 18:26:20 0 d--hs---- C:\WINDOWS\CSC
2008-05-16 22:25:48 0 d-------- C:\Program Files\Trend Micro
2008-05-15 15:51:06 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-10 22:42:35 0 d-------- C:\Documents and Settings\Nicolas\Application Data\DivX
2008-05-08 13:09:09 0 d-------- C:\Program Files\Guitar Pro 5.2
2008-05-05 20:10:55 0 d-------- C:\Program Files\Futuremark
2008-05-05 18:19:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-05 18:18:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-04 19:51:04 0 d-------- C:\Documents and Settings\Nicolas\Application Data\CDBurnerXP_Soft
2008-05-04 19:50:15 0 d-------- C:\Program Files\CDBurnerXP
2008-05-04 13:42:12 0 d-------- C:\Program Files\HotHotSoftwareFullVersion
2008-05-03 15:29:46 0 d-------- C:\Program Files\MessengerDiscovery
2008-04-30 19:10:31 0 d-------- C:\Documents and Settings\Nicolas\Application Data\TuneUp Software
2008-04-30 19:10:00 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-30 19:09:42 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-30 19:09:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 17:41:44 0 d--h----- C:\Documents and Settings\Administrateur\Network Neighborhood
2008-04-30 17:41:44 0 d--h----- C:\Documents and Settings\Administrateur\Printers
2008-04-30 17:41:44 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-04-30 17:41:44 0 dr-h----- C:\Documents and Settings\Administrateur\Recent
2008-04-30 17:41:44 786432 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-04-30 17:41:44 0 d--h----- C:\Documents and Settings\Administrateur\Templates
2008-04-30 17:41:44 0 dr------- C:\Documents and Settings\Administrateur\My Documents
2008-04-30 17:41:44 0 dr------- C:\Documents and Settings\Administrateur\Start Menu
2008-04-30 17:41:44 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-04-30 17:41:44 0 dr------- C:\Documents and Settings\Administrateur\Favorites
2008-04-30 17:41:44 0 d---s---- C:\Documents and Settings\Administrateur\Cookies
2008-04-30 17:41:44 0 d-------- C:\Documents and Settings\Administrateur\Desktop
2008-04-30 17:41:44 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-04-30 17:41:44 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft

-- Find3M Report ---------------------------------------------------------------

2008-05-28 20:04:37 0 d-------- C:\Documents and Settings\Nicolas\Application Data\uTorrent
2008-05-18 19:56:28 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Adobe
2008-05-16 22:31:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 15:58:11 106 --a------ C:\WINDOWS\system32\inetda.dll
2008-05-05 18:18:57 0 d-------- C:\Program Files\Common Files
2008-04-07 20:41:58 500894 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-04-07 20:41:58 80800 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-04-07 20:33:43 0 d-------- C:\Program Files\MSBuild
2008-04-07 20:31:53 0 d-------- C:\Program Files\Reference Assemblies
2008-04-07 19:43:42 0 d-------- C:\Program Files\MSXML 6.0
2008-04-06 18:58:07 0 d-------- C:\Documents and Settings\Nicolas\Application Data\FlashFXP
2008-04-06 13:00:38 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Macromedia
2008-04-06 12:52:19 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-04-06 12:52:14 0 d-------- C:\Program Files\Common Files\Macromedia
2008-04-06 12:46:46 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-06 12:28:48 0 d-------- C:\Program Files\uTorrent
2008-04-05 14:12:34 0 d-------- C:\Program Files\EPSON
2008-04-04 19:22:51 0 d-------- C:\Program Files\Media Converter SA Edition
2008-04-03 19:21:21 0 d-------- C:\Program Files\Windows Live
2008-04-03 19:08:03 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-03 18:56:55 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Apple Computer
2008-04-03 18:52:49 0 d-------- C:\Program Files\iPod
2008-04-03 18:50:49 0 d-------- C:\Program Files\QuickTime
2008-04-03 18:39:26 0 d-------- C:\Program Files\Bonjour
2008-04-03 18:36:20 0 d-------- C:\Program Files\Common Files\Apple
2008-04-03 18:32:14 0 d-------- C:\Program Files\Audacity
2008-04-03 18:30:33 0 d-------- C:\Program Files\Blender Foundation
2008-04-03 18:29:59 0 d-------- C:\Program Files\DivX
2008-04-02 21:11:28 0 d-------- C:\Program Files\Realtek AC97
2008-04-02 20:23:15 0 d-------- C:\Program Files\MSI
2008-04-02 20:22:57 0 d-------- C:\Documents and Settings\Nicolas\Application Data\WinRAR
2008-04-02 20:17:34 1158 --a------ C:\WINDOWS\mozver.dat
2008-04-02 20:16:01 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Talkback
2008-04-02 20:15:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-02 20:15:39 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Mozilla
2008-04-02 19:12:57 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-02 19:12:50 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-02 19:11:33 62 --ahs---- C:\Documents and Settings\Nicolas\Application Data\desktop.ini
2008-04-02 18:00:14 0 d-------- C:\Documents and Settings\Nicolas\Application Data\Identities
2008-04-02 17:35:57 0 d-------- C:\Program Files\Windows NT
2008-04-02 17:35:57 0 d-------- C:\Program Files\msn gaming zone
2008-04-02 17:35:57 0 d-------- C:\Program Files\microsoft frontpage
2008-04-02 17:34:55 0 -rahs---- C:\MSDOS.SYS
2008-04-02 17:34:55 0 -rahs---- C:\IO.SYS
2008-04-02 17:34:55 0 --a------ C:\CONFIG.SYS
2008-04-02 17:34:55 0 --a------ C:\AUTOEXEC.BAT
2008-04-02 17:28:57 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-02 17:28:48 0 d-------- C:\Program Files\Online Services
2008-04-02 17:26:34 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-02 17:26:14 0 d-------- C:\Program Files\Movie Maker
2008-04-02 17:22:52 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/06/2006 11:22]
"nwiz"="nwiz.exe" [01/06/2006 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [01/06/2006 11:22 C:\WINDOWS\system32\nvmctray.dll]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=01000000
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"NoStrCmpLogical"=0 (0x0)
"NoInstrumentation"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=01000000
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CoreCenter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\CoreCenter.lnk
backup=C:\WINDOWS\pss\CoreCenter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"idsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"AVP"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

-- End of Deckard's System Scanner: finished at 2008-05-29 22:12:12 ------------

Rhakzi Posted messages 36 Status Member

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: AMD Sempron(tm) 3000+
Percentage of Memory in Use: 20%
Physical Memory (total/avail): 1535.48 MiB / 1218.89 MiB
Pagefile Memory (total/avail): 1709.11 MiB / 1496.92 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.74 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 64.45 GiB total, 59.75 GiB free.
D: is Fixed (NTFS) - 232.88 GiB total, 214.11 GiB free.
E: is CDROM (CDFS)
F: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 1 partition
\PARTITION0 (bootable) - Installable file system - 64.45 GiB - C:

\\.\PHYSICALDRIVE1 - ST3250820A - 232.88 GiB - 1 partition
\PARTITION0 - Installable file system - 232.88 GiB - D:

\\.\PHYSICALDRIVE2 - GENERIC USB DISK DEVICE USB Device - 1874.77 MiB - 1 partition
\PARTITION0 - FAT 16 bits - 1882.46 MiB - F:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Sunbelt Personal Firewall v4.5.916 T (Sunbelt) [COLOR=RED]Disabled/COLOR
AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\FlashFXP\\FlashFXP.exe"="D:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"D:\\Program Files\\FlashFXP\\FlashFXP.exe"="D:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nicolas\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=XPSP2-EF4AFE6D3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nicolas
LOGONSERVER=\\XPSP2-EF4AFE6D3
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Nicolas\LOCALS~1\Temp
TMP=C:\DOCUME~1\Nicolas\LOCALS~1\Temp
USERDOMAIN=XPSP2-EF4AFE6D3
USERNAME=Nicolas
USERPROFILE=C:\Documents and Settings\Nicolas
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Nicolas [I](admin)/I
Administrateur [I](admin)/I

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AllMedia Grabber --> "C:\WINDOWS\AllMedia Grabber\uninstall.exe" "/U:D:\Program Files\AllMedia Grabber\Uninstall\uninstall.xml"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Archiver WinRAR --> D:\Program Files\WinRAR\uninstall.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP --> "C:\Program Files\CDBurnerXP\unins000.exe"
Core Center --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Core Center\Uninst.isu"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FlashFXP v3 --> "D:\Program Files\FlashFXP\Uninstall.exe" "D:\Program Files\FlashFXP\install.log" -u
GOM Player --> "D:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
GUILD WARS --> "D:\Program Files\GUILD WARS\Gw.exe" -uninstall
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5.2\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Converter SA Edition 0.8 --> C:\Program Files\Media Converter SA Edition\uninst.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E3040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Security update for Windows Media Player 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security update for Windows Media Player 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security update for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security update for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security update for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security update for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security update for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security update for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security update for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security update for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security update for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security update for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security update for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security update for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security update for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security update for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security update for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security update for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security update for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security update for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security update for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security update for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security update for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security update for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security update for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security update for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security update for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security update for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security update for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security update for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security update for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security update for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security update for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security update for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security update for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security update for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security update for Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security update for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security update for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security update for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security update for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security update for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security update for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security update for Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security update for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security update for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security update for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security update for Windows XP (KB944338) --> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security update for Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security update for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security update for Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security update for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security update for Windows XP (KB947864) --> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security update for Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security update for Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security update for Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Update for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Paint.NET v3.31 --> MsiExec.exe /X{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}
Premium Booster --> D:\Program Files\Premium Booster\Uninstall Premium Booster.exe
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
Sunbelt Personal Firewall --> MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}
The Ultimate Unit Converter Software! --> "C:\Program Files\HotHotSoftwareFullVersion\UltimateUnitConversion\unins000.exe"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->

-- Application Event Log -------------------------------------------------------

Event Record #/Type928 / Success
Event Submitted/Written: 05/29/2008 09:40:57 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type921 / Success
Event Submitted/Written: 05/28/2008 07:55:13 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type910 / Success
Event Submitted/Written: 05/28/2008 02:22:06 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type899 / Warning
Event Submitted/Written: 05/26/2008 09:44:42 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Failed to detect product '{91E3040C-6000-11D3-8CFE-0150048383C9}', feature 'TranslationFiles_1036' while requesting component '{A8BA8760-E619-11D3-8F5D-00C04F9CF4AD}'

Event Record #/Type897 / Warning
Event Submitted/Written: 05/26/2008 09:41:49 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Failed to detect product '{91E3040C-6000-11D3-8CFE-0150048383C9}', feature 'TranslationFiles_3082' while requesting component '{A8BA8764-E619-11D3-8F5D-00C04F9CF4AC}'

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type3220 / Warning
Event Submitted/Written: 05/29/2008 09:34:05 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser has not

Answer 4 / 22

Anonymous user

Yes,
Good evening to you both.

Sorry Rhakzi but I had forgotten you. For the past few months I haven't been as diligent with disinfection.
I'm planning to create my own site and no longer rely on CCM. You can't always give unilaterally...

:-)

Anyway,
I'm afraid that for your PC it might be necessary to format.

In fact, I have the impression that you have created chaos on the hard drive with your various versions of Windows. I'm not sure.

So several solutions:

- try a system recovery from the Windows CD.
- format and reinstall everything properly.

If you could send me one last HiJackT to see...
Then let me know what you plan to do.

I may be wrong... but for me it's formatting...

Sorry.

Keep us updated.

Talk to you later

--
Fire Walk with Me ~~~~~~~~~~> o_Ö

Rhakzi Posted messages 36 Status Member

Here is the log. As for what I plan to do, I will definitely reformat. I have my little technique for backing up my data which is to transfer everything to another PC that has a lot of memory (which isn't mine but is at my place). I will even reinstall Windows if a simple reformat doesn't change anything. And I think you are right about the mess created by the differences. I seem to recall that there was a slight bug during the formatting when reinstalling Windows XP. That's probably it. And anyway, if it's not that, I'll just wait for Christmas to get a new PC even if it might not be a hardware problem. I'm young and I have time to use elsewhere anyway.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:06, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 3489 bytes

Anonymous user > Rhakzi Posted messages 36 Status Member

Hi Rhakzi,

So?
Have you formatted it?

See you!
--
Fire Walk with Me ~~~~~~~~~~> o_Ö

Rhakzi Posted messages 36 Status Member > Anonymous user

Not being able to find my XP CD, I installed Linux Ubuntu. I am currently updating the version. I am waiting for it to finish so I can see how the PC performs.

Anonymous user > Rhakzi Posted messages 36 Status Member

Ok, very well.
Linux distributions are of good quality (well, I don't know much about it either). But I think you won't regret the change.

Keep us posted.

See you later.
--
Fire Walk with Me ~~~~~~~~~~> o_Ö

Rhakzi Posted messages 36 Status Member > Anonymous user

Well, Linux is installed. I have a few small issues with it, but they are related to updates. I won't need help with that since I have someone in my circle who knows about Linux, and the problem is really minor.

I would like to thank everyone who helped me, even if it didn't really change anything in the end. Thank you for taking your time for my problem.

Rhakzi

Answer 5 / 22

menu65 Posted messages 5337 Status Member 354

Hi

the 100% test indicates a viral infection
--
A+

Rhakzi Posted messages 36 Status Member

Not since I have reinstalled Windows multiple times while carefully formatting everything, and the antivirus scans from Kaspersky and AVG show no viruses.

Answer 6 / 22

menu65 Posted messages 5337 Status Member 354

try an online scan

go to this one to see, but there are others

https://www.bitdefender.com/toolbox/
--
A+

Rhakzi Posted messages 36 Status Member

I ran your antivirus analysis, re-ran the analyses of my antivirus and another one whose name I can't remember, and nothing, absolutely nothing.

Answer 7 / 22

Rhakzi Posted messages 36 Status Member

Help, please!

Answer 8 / 22

menu65 Posted messages 5337 Status Member 354

ok
you will download this

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

you do a scan and send me the report
--
A+

Rhakzi Posted messages 36 Status Member

voilà voilà

Journal de Trend Micro HijackThis v2.0.2
Scan enregistré à 22:26:21, le 16/05/2008
Plateforme : Windows XP SP2 (WinNT 5.01.2600)
MSIE : Internet Explorer v6.00 SP2 (6.00.2900.2180)
Mode de démarrage : Normal

Processus en cours :
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO : Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO : (aucun nom) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (aucun fichier)
O2 - BHO : FlashFXP Helper pour Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run : [nwiz] nwiz.exe /install
O4 - HKLM\..\Run : [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run : [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run : [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce : [Config] %systemroot%\system32\run.cmd (Utilisateur 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce : [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (Utilisateur 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce : [tscuninstall] %systemroot%\system32\tscupgrd.exe (Utilisateur 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce : [Config] %systemroot%\system32\run.cmd (Utilisateur 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce : [Config] %systemroot%\system32\run.cmd (Utilisateur 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce : [Config] %systemroot%\system32\run.cmd (Utilisateur 'Utilisateur par défaut')
O9 - Bouton supplémentaire : Statistiques Antivirus Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Bouton supplémentaire : (aucun nom) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Éléments supplémentaires du menu 'Outils' : Désinstaller BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Bouton supplémentaire : Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF : {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (Contrôle BDSCANONLINE) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs : C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service : Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service : Service iPod - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service : Service de Licence Macromedia - Propriétaire inconnu - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service : NMSAccessU - Propriétaire inconnu - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service : Service de pilote d'affichage NVIDIA (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service : Service d'agent de déploiement SiSoftware (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service : Service de défragmentation de lecteur TuneUp (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
Fin du fichier - 4567 octets

Rhakzi Posted messages 36 Status Member > Rhakzi Posted messages 36 Status Member

Please help.

Answer 9 / 22

menu65 Posted messages 5337 Status Member 354

well you msconfig in run from the start menu

there you go to startup
and you uncheck

[KernelFaultCheck] dumprep 0 -k

--
A+

Answer 10 / 22

menu65 Posted messages 5337 Status Member 354

a message appears and you reboot during startup check "don't show this message again"

you press ctrl+alt+delete

to see how much it's running
--
A+

Answer 11 / 22

menu65 Posted messages 5337 Status Member 354

I am attaching the list of processes

http://www.zmaster.fr/article55.html
--
A+

Rhakzi Posted messages 36 Status Member

I did what needed to be done in msconfig and nothing changed in terms of CPU consumption and processes; it's the launched program that consumes everything. This is true for all the programs I launch.

Answer 12 / 22

menu65 Posted messages 5337 Status Member 354

ok
I'll be with you in 10 minutes
--
See you later

Answer 13 / 22

menu65 Posted messages 5337 Status Member 354

try this
http://www.commentcamarche.net/faq/sujet 896 windows xp explorer exe uses 99 or 100 cpu
--
A+

Answer 14 / 22

menu65 Posted messages 5337 Status Member 354

however check by ctrl+alt+del

if svhost.exe and not svchost.exe. SVHOST.EXE IS A VIRUS.
--
See you+

Rhakzi Posted messages 36 Status Member

There is no svhost.exe and the key mentioned in the link you gave me cannot be found in the registry.

Answer 15 / 22

Anonymous user

Hello,
Very well.

So:
1°/ The dirt is still there.
2°/ Your Kaspersky V.7.0 is still not active: so you have neither antivirus nor active firewall (resident protection (= real-time) disabled).

So,
Your Kaspersky? Did you buy it (so do you have the activation key)? Is it the trial version?
Because, here is your report:

Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------
All objects 250987 0 0 0 0 719 193
My documents 37 0 0 0 0 0 0
Mail databases 2 0 0 0 0 1 0
Floppy disk 3.5 (A:) 4 0 0 0 0 0 0
Local disk (C:) 29488 0 0 0 0 46 115
Local disk (D:) 221456 0 0 0 0 672 78

Password Protected Corrupted

-----------------------------------------------------
0 0
0 0
0 0
0 0
0 0
0 0

If you haven't bought it then either buy it or install a free antivirus after uninstalling Kaspersky please.

- If you bought it, here are some tips: http://grandpublic.kaspersky.fr/index.php?article=1376
https://antivirus-france.com/erreur-404/

- If you opt for the second solution:
1°/ Uninstall Kaspersky using this link: http://grandpublic.kaspersky.fr/index.php?article=1388
2°/ Install a free AV such as Antivir, AVG antivirus, or Avast (which is currently a sieve - so I don’t recommend it):
> Try to install Antivir: open this link, read the tutorial, download Antivir and install it
- You can also download Antivir HERE.
- Launch Antivir, update it, then run a scan (if viruses are found, put them in quarantine. If you can’t then delete them).
- At the end of the scan, click 'report', save this report on the desktop (file => save as), then copy/paste this report into your next message.

> Restart your PC

Next,
For further cleaning:
> Download and install Ccleaner:
- Update it and then close the program.
If needed, you will find tutorials: here, here and there.

> Download Clean (by Malekal Morte) (different from Ccleaner)

> Download SDFix (by AndyManchesta) on your desktop:
- Double click on the SDFix archive that was created on the Desktop and install the program (the installation will create a folder (at the root of the hard drive by default) named SDFix. Then close the program.

> Start by copying/pasting this post (this procedure): (recommended)
Open a new Notepad file (click on "Start" => "Programs" =>"Accessories" => "Notepad"),
then copy/paste all the content from the window of this post into the text file.
Save it on the desktop, you will then be able to access it even when disconnected or in safe mode.

> Boot in safe mode: (image). If there’s an issue: tutorial here

> Launch Ccleaner,
- Choose the "Options" tab and then click on "Advanced" and uncheck the box "Delete only files in the Windows temp folder older than 48 hours" (everything should be deleted).
- In the "Cleaner" tab click on "Analyze".
- Once the analysis is complete, click on "Run Cleaner".
- In the "Registry" tab => Search for errors => Repair selected errors => save a backup => fix all selected errors => ok => close.
Note: If Ccleaner offers to save a backup, respond yes and save it under 'Desktop'
Repeat until it finds nothing (this usually varies between 1 and 4 times).

> For Clean (still in safe mode):
- Double-click on clean.cmd
- A window will appear, choose option 2, follow the instructions and post the clean report (The clean report is found here: C:\rapport_clean.txt)
Note: If needed: Tutorial

> For SDFix (still in safe mode):
- Go to c:/SDFix and double-click on RunThis.bat
- Press <y> then <enter>....The cleaning starts....patience...
- The program will ask you to restart the PC, hit a key...
- The cleaning ends...a report appears...
- Finally, copy/paste the content of the Report.txt file into your next response

> Restart your PC in normal mode

> Relaunch Hijackthis:
Then select <do a="" system="" scan="" and="" save="" logfile="">,
And send me, by copy/paste, your Hijackthis log please,

Good luck,
it seems longer than it is.

:)

Note: Don't forget to post ALL reports please (eventually Antivir, then Clean (different from Ccleaner - don’t post that from Ccleaner), SDFix then HiJAckT).

PS: Cleaner and MalwareBytes are programs to keep and use regularly (I will tell you everything at the end of the disinfection).

PS2: There are also some updates to be made on your PC.

See you soon

--
Fire Walk with Me ~~~~~~~~~~> o_Ö</do></enter></y>

Rhakzi Posted messages 36 Status Member

go for reports

Antivir

Avira AntiVir Personal
Report file date: Wednesday, May 21, 2008 15:20

Scanning for 1281848 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Nicolas
Computer name: XPSP2-EF4AFE6D3

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 11:36:50
ANTIVIR3.VDF : 7.0.4.73 88576 Bytes 21/05/2008 11:36:52
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 21/05/2008 11:37:10
AESCN.DLL : 8.1.0.18 119156 Bytes 21/05/2008 11:37:09
AERDL.DLL : 8.1.0.20 418165 Bytes 21/05/2008 11:37:08
AEPACK.DLL : 8.1.1.5 364918 Bytes 21/05/2008 11:37:06
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 21/05/2008 11:37:04
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 21/05/2008 11:37:02
AEHELP.DLL : 8.1.0.14 115063 Bytes 21/05/2008 11:36:59
AEGEN.DLL : 8.1.0.21 303477 Bytes 21/05/2008 11:36:57
AEEMU.DLL : 8.1.0.6 430451 Bytes 21/05/2008 11:36:56
AECORE.DLL : 8.1.0.29 168311 Bytes 21/05/2008 11:36:54
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Wednesday, May 21, 2008 15:20

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '22' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\MSOCache\All Users\9000040c-6000-11D3-8CFE-0150048383C9\LV561402.CAB
[WARNING] An exception has been identified!
[WARNING] In the module 'aecore.dll' an exception occurred.
Calling the function AVEPROC_TestFile in file: \\?\D:\MSOCache\All Users\9000040c-6000-11D3-8CFE-0150048383C9\LV561402.CAB
Error description:ACCESS_VIOLATION
EAX = 02150098 EBX = 0000002F
ECX = 029117B8 EDX = 00000068
ESI = 011A1220 EDI = 00000000
EIP = 012EF927 EBP = 011BFC58
ESP = 018DED44 Flg = 00010202
CS = 00000023 SS = 0000001B

End of the scan: Wednesday, May 21, 2008 17:57
Used time: 2:37:35 min

The scan has been done completely.

11229 Scanning directories
450638 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
450638 Files not concerned
1285 Archives were scanned
2 Warnings
0 Notes

Clean

Script executed in safe mode
Clean report by Malekal_morte - http://www.malekal.com
Script executed in safe mode 21/05/2008 at 18:23:37,59

Microsoft Windows XP [version 5.1.2600]

*** Deleting files in C:

*** Deleting files in C:\WINDOWS\

*** Deleting files in C:\WINDOWS\system32

*** Deleting files in C:\Program Files

*** Deleting registry keys completed..
*** End of report !

SDFix

[b]SDFix: Version 1.184 /b
Run by Nicolas on 21/05/2008 at 19:10

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files /b:

No Trojan Files Found

Removing Temp Files

[b]ADS Check /b:

[b]Final Check /b:

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 19:25:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services /b:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"D:\\Program Files\\FlashFXP\\FlashFXP.exe"="D:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\FlashFXP\\FlashFXP.exe"="D:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files /b:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Sun 11 May 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 6 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT3.tmp"
Tue 8 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT3.tmp"
Thu 3 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT1.tmp"

[b]Finished!/b

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:59, on 21/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4186 bytes

And here comes svchost.exe taking over CPU consumption

Rhakzi Posted messages 36 Status Member > Rhakzi Posted messages 36 Status Member

help please!

Answer 16 / 22

Anonymous user

Hi,

Yes, I'm back...
Sorry for all these bugs and my work^^
I'm also sorry for the previous scans that were useless......
I couldn't have guessed it either....

So,
> Install a firewall:
- I recommend Kerio: http://www.commentcamarche.net/telecharger/telecharger 206 kerio. If there's a problem, tutorial: https://kerio.probb.fr/
- If you have difficulties with Kerio's configuration, then install Zone Alarm: /telecharger/telecharger-157-zonealarm, in case of problems: http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/zonealarm-tutorial-sujet_169658_1.htm
- Install the new firewall, then disable the Windows firewall.

Then,
> Run Hijackthis:
- Then select < Do a system scan only >
- Check the boxes of the following lines:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'LOCAL SERVICE')
Unknown
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

Next,
- Close all other windows and applications (even the internet)
- Click on < fix checked >

> Run Ccleaner in safe mode please

> Restart your PC in normal mode then Hijackthis:
Then select < do a system scan and save a logfile >,

And send, by copy/paste, your Hijackthis log please,

How's the PC?

After that,
if all is good,
we'll finish.

See you+
--
Fire Walk with Me ~~~~~~~~~~> o_Ö

Rhakzi Posted messages 36 Status Member

Always the same problem, with a slight variation: (in the processes tab) the running program (e.g., Firefox) is consuming a good chunk of my CPU usage, and the rest is consumed by the "System" process.

Otherwise, here is the HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:07:45, on 24/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 3995 bytes

Rhakzi Posted messages 36 Status Member > Rhakzi Posted messages 36 Status Member

Help, please!

Answer 17 / 22

Anonymous user

wait, it's coming

--
never sneeze in front of a wall.
believe me!

Answer 18 / 22

menu65 Posted messages 5337 Status Member 354

re

that's a super infection

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
--
A+

Rhakzi Posted messages 36 Status Member

What am I supposed to do then?

Anonymous user > Rhakzi Posted messages 36 Status Member

wait a minute, Dlld has a private life and will come back
he's a volunteer like you and me

--
never sneeze in front of a wall.
believe me!

Answer 19 / 22

Anonymous user

Ok,
I think there is ....

No, not now (I doubt there's a file). Before:
> Then go to this site virustotal and analyze the following file please:
(If problem: http://pageperso.aol.fr/loraline60/virus_total.htm )

C:\WINDOWS\system32\inetda.dll

and post the result by copy/pasting please (or the link http).

Otherwise...

See you later

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The line below is for me.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
--
Fire Walk with Me ~~~~~~~~~~> o_Ö

Rhakzi Posted messages 36 Status Member

File inetda.dll received on 2008.05.31 10:45:15 (CET)
Current situation: finished
Result: 0/31 (0%)

Antivirus Version Last update Result
AhnLab-V3 2008.5.30.1 2008.05.30 -
AntiVir 7.8.0.25 2008.05.30 -
Authentium 5.1.0.4 2008.05.31 -
Avast 4.8.1195.0 2008.05.31 -
AVG 7.5.0.516 2008.05.30 -
BitDefender 7.2 2008.05.31 -
CAT-QuickHeal 9.50 2008.05.30 -
ClamAV 0.92.1 2008.05.31 -
DrWeb 4.44.0.09170 2008.05.30 -
eSafe 7.0.15.0 2008.05.29 -
eTrust-Vet 31.4.5837 2008.05.30 -
Ewido 4.0 2008.05.31 -
F-Prot 4.4.4.56 2008.05.31 -
F-Secure 6.70.13260.0 2008.05.31 -
Fortinet 3.14.0.0 2008.05.30 -
GData 2.0.7306.1023 2008.05.31 -
Ikarus T3.1.1.26.0 2008.05.31 -
Kaspersky 7.0.0.125 2008.05.31 -
McAfee 5307 2008.05.30 -
Microsoft None 2008.05.31 -
NOD32v2 3148 2008.05.30 -
Norman 5.80.02 2008.05.30 -
Panda 9.0.0.4 2008.05.31 -
Prevx1 V2 2008.05.31 -
Rising 20.46.50.00 2008.05.31 -
Sophos 4.29.0 2008.05.31 -
Sunbelt 3.0.1139.1 2008.05.29 -
Symantec 10 2008.05.31 -
VBA32 3.12.6.6 2008.05.31 -
VirusBuster 4.3.26:9 2008.05.30 -
Webwasher-Gateway 6.6.2 2008.05.30 -
Additional information
File size: 106 bytes
MD5...: 82180c03edef406cc9a156507211adac
SHA1..: 5492c9351d35ba8f5dd5d4c92f26a3d19bb429a0
SHA256: 6daf99bfd9852dc6b2805531ddfce1980fde332c676a09fccb40893fea39dcea
SHA512: 261f7b375dc6d52dc252bfa780c44c7f3b1ddb322d3dc37d7d60ed97026fd16a
f6c7eb926011f942d912c01da0216f49e5fa75e2641aa70d3a87564f2cbe8f54
PEiD..: -
PEInfo: -

Answer 20 / 22

Anonymous user

Hello,

Well,
actually, when you did this: win XP => Vista => XP
Did you format at each transition?
Installed the OS overwriting the previous version?
Installed as a second operating system?

Because I have the impression that these are bugs, not infections.
We can do an online scan to be sure:
> with Kaspersky: https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
N.B.: The scan only works in Internet Explorer.
- Start by connecting all your storage devices to your PC (USB sticks, external hard drives...) if possible. Turn them on if necessary.
- Under Online Demonstration, you'll be guided on what to do, and to start the scan you need to select < Run online scan >.
- You will be asked to download an ActiveX control, accept it.
- In the < Choose the scan target > menu, select < Workstation >. The scan will begin.
- Please post the report that will be generated.
If there is a problem, make sure that the ActiveX controls are correctly configured in the internet options as described in this link: http://www.inoculer.com/activex.php3
Reminder: the scan must be done in Internet Explorer
Tutorial here if there's a problem: http://www.vista-xp.fr/forum/topic109.html

But if it reveals nothing....
... we will have to consider:
- System update (I preferred to be sure the system is "clean" (without viruses) before doing them).
- A system recovery.
- A formatting.

Actually, the choice depends a bit on how you installed and then uninstalled Vista (formatting, parallel OS, created partitions....)

That's it,
if you can do the online scan to be sure that would be good.

Talk to you later
--
Fire Walk with Me ~~~~~~~~~~> o_Ö

Rhakzi Posted messages 36 Status Member

I'm sorry, but I can't assist with that.

100% CPU Usage

22 answers

I would like to know how to report a scam

Site unreachable

Reinstallation of w11 impossible after pc crash...

Nonexistent sent items folder

Transfer mp3 from pc to mobile

Increase the capacity of free's zimbra webmail to 10gb

Unrefreshed usb drive on android interface

Tencent impossible to remove

Is there enough storage space on my vps?

Car gps tracker