Gros problème : alerte de sécurité Windows
Solved
obiwan222
Posted messages
129
Status
Member
-
obiwan222 Posted messages 129 Status Member -
obiwan222 Posted messages 129 Status Member -
Hello,
Since last night, a message keeps appearing on the screen: windows security alert and says: "Somebody's trying to infect your PC with spyware or harmful...". I have already cleaned it with CCleaner several times and scanned with Spybot and Adware twice each. No matter what, the message keeps coming back. I also have an icon in the taskbar that is flashing: (an orange hexagon with a white cross) and new icons on my desktop: privacy protector, spyware and malware protection... If you could help me!!!
Here is also my hijack this report.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:55, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\Common Files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2008\OneClick.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: 62.75.224.159 www.bns1.net
O1 - Hosts: 62.75.224.159 www.bns2.net
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms1.net
O1 - Hosts: 62.75.224.159 www.cms2.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 www.cjt1.net
O1 - Hosts: 62.75.224.159 www.rgs1.net
O1 - Hosts: 62.75.224.159 www.rgs2.net
O1 - Hosts: 62.75.224.159 www.bns1.net
O1 - Hosts: 62.75.224.159 www.bns2.net
O1 - Hosts: 62.75.224.159 www.cms1.net
O1 - Hosts: 62.75.224.159 www.cms2.net
O1 - Hosts: 62.75.224.159 bns1.net
O1 - Hosts: 62.75.224.159 bns2.net
O1 - Hosts: 62.75.224.159 bns3.net
O1 - Hosts: 62.75.224.159 bns4.net
O1 - Hosts: 62.75.224.159 bns5.net
O1 - Hosts: 62.75.224.159 bns6.net
O1 - Hosts: 62.75.224.159 bns7.net
O1 - Hosts: 62.75.224.159 bns8.net
O1 - Hosts: 62.75.224.159 cms1.net
O1 - Hosts: 62.75.224.159 cms2.net
O1 - Hosts: 62.75.224.159 cms3.net
O1 - Hosts: 62.75.224.159 cms4.net
O1 - Hosts: 62.75.224.159 cms5.net
O1 - Hosts: 62.75.224.159 cms6.net
O1 - Hosts: 62.75.224.159 cms7.net
O1 - Hosts: 62.75.224.159 cms8.net
O1 - Hosts: 62.75.224.159 rg1.com
O1 - Hosts: 62.75.224.159 rg2.com
O1 - Hosts: 62.75.224.159 rg3.com
O1 - Hosts: 62.75.224.159 rg4.com
O1 - Hosts: 62.75.224.159 rg5.com
O1 - Hosts: 62.75.224.159 rg6.com
O1 - Hosts: 62.75.224.159 rg7.com
O1 - Hosts: 62.75.224.159 rg8.com
O1 - Hosts: 62.75.224.159 cjt1.net
O1 - Hosts: 62.75.224.159 rgs1.net
O1 - Hosts: 62.75.224.159 rgs2.net
O1 - Hosts: 62.75.224.159 bns1.net
O1 - Hosts: 62.75.224.159 bns2.net
O1 - Hosts: 62.75.224.159 cms1.net
O1 - Hosts: 62.75.224.159 cms2.net
O1 - Hosts: 62.75.224.159 j800banners.cjt1.net
O1 - Hosts: 62.75.224.159 jadlogix.cjt1.net
O1 - Hosts: 62.75.224.159 jadtegrity.cjt1.net
O1 - Hosts: 62.75.224.159 jaimmedia.cjt1.net
O1 - Hosts: 62.75.224.159 javatar.cjt1.net
O1 - Hosts: 62.75.224.159 jbeet.cjt1.net
O1 - Hosts: 62.75.224.159 jbigpops.cjt1.net
O1 - Hosts: 62.75.224.159 jbouncetek.cjt1.net
O1 - Hosts: 62.75.224.159 jbravenet.cjt1.net
O1 - Hosts: 62.75.224.159 jcdcover.cjt1.net
O1 - Hosts: 62.75.224.159 jclickspring.cjt1.net
O1 - Hosts: 62.75.224.159 jcollegehumor.cjt1.net
O1 - Hosts: 62.75.224.159 jdownloadacc.cjt1.net
O1 - Hosts: 62.75.224.159 jedonkey.cjt1.net
O1 - Hosts: 62.75.224.159 jeuniverse.cjt1.net
O1 - Hosts: 62.75.224.159 jhot.cjt1.net
O1 - Hosts: 62.75.224.159 jicmedia.cjt1.net
O1 - Hosts: 62.75.224.159 jicq.cjt1.net
O1 - Hosts: 62.75.224.159 jieplugin.cjt1.net
O1 - Hosts: 62.75.224.159 jinternetoptimizer.cjt1.net
O1 - Hosts: 62.75.224.159 jmediabuy1.cjt1.net
O1 - Hosts: 62.75.224.159 jmediabuyad.cjt1.net
O1 - Hosts: 62.75.224.159 jmindset.cjt1.net
O1 - Hosts: 62.75.224.159 jmindsettest.cjt1.net
O1 - Hosts: 62.75.224.159 jnictech.cjt1.net
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jpiolet.cjt1.net
O1 - Hosts: 62.75.224.159 jsanboxer.cjt1.net
O1 - Hosts: 62.75.224.159 jsercee.cjt1.net
O1 - Hosts: 62.75.224.159 jthedelfin.cjt1.net
O1 - Hosts: 62.75.224.159 jwarezp2p.cjt1.net
O1 - Hosts: 62.75.224.159 jwildmedia.cjt1.net
O1 - Hosts: 62.75.224.159 mediabuy-nic.cjt1.net
O1 - Hosts: 62.75.224.159 www.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcms.cydoor.com
O1 - Hosts: 62.75.224.159 cydoor.com
O1 - Hosts: 62.75.224.159 www.cydoor.com
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: QXK Olive - {0683B6A6-0FF9-4C6C-9240-B71CA010D48F} - C:\WINDOWS\nldfmtapndk.dll
O2 - BHO: (no name) - {1B55E1E5-3216-4F89-B243-C0DA572F878E} - C:\WINDOWS\system32\qoMdETLd.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: {805e6663-b7c7-5e88-72b4-b57a1a7ded93} - {39ded7a1-a75b-4b27-88e5-7c7b3666e508} - C:\WINDOWS\system32\eeahtbsg.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8294D83E-4F05-4783-BB7C-DE3EF0B79B64} - C:\WINDOWS\system32\opnonoOg.dll
O2 - BHO: Windows Live Connection Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {BD962BAB-F429-460F-805B-B137087AB623} - C:\WINDOWS\system32\ssqQifdA.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll
O3 - Toolbar: Display Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: gktxaspm - {CA5FD8FF-2744-4E18-BDF2-07A02A98AF3A} - C:\WINDOWS\gktxaspm.dll
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\kutubmce.dll",b
O4 - HKLM\..\Run: [BM5796bdc3] Rundll32.exe "C:\WINDOWS\system32\gqfvutdt.dll",s
O4 - HKLM\..\RunOnce: [eISS_cleanup] "C:\DOCUME~1\Alexis\LOCALS~1\Temp\cacu_001.exe" /cleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [] "C:\Program Files\Internet Explorer\iexplore.exe" https://support.norton.com/sp/fr/fr/home/current/solutions/kb20090121104844EN?a=00000082.0000001f.0000005f&abproduct=SymNRT&abversion=2008.0.1.19&b=00000082.00000045.0000011b&build=Symantec&c=00000083.0000001a.000000c6&ced=true&d=00000083.00000030.0000010e&entsrc=CED_pubweb&error=0&module=2007&src=_mi
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Xavier WINDAL')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-1006\..\RunOnce: [^SetupICWDesktop] (User 'Xavier WINDAL')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Perrine')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-1008\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Perrine')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Page à noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll/gn_menu1.html
O8 - Extra context menu item: À noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
Since last night, a message keeps appearing on the screen: windows security alert and says: "Somebody's trying to infect your PC with spyware or harmful...". I have already cleaned it with CCleaner several times and scanned with Spybot and Adware twice each. No matter what, the message keeps coming back. I also have an icon in the taskbar that is flashing: (an orange hexagon with a white cross) and new icons on my desktop: privacy protector, spyware and malware protection... If you could help me!!!
Here is also my hijack this report.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:55, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\Common Files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2008\OneClick.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: 62.75.224.159 www.bns1.net
O1 - Hosts: 62.75.224.159 www.bns2.net
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms1.net
O1 - Hosts: 62.75.224.159 www.cms2.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 www.cjt1.net
O1 - Hosts: 62.75.224.159 www.rgs1.net
O1 - Hosts: 62.75.224.159 www.rgs2.net
O1 - Hosts: 62.75.224.159 www.bns1.net
O1 - Hosts: 62.75.224.159 www.bns2.net
O1 - Hosts: 62.75.224.159 www.cms1.net
O1 - Hosts: 62.75.224.159 www.cms2.net
O1 - Hosts: 62.75.224.159 bns1.net
O1 - Hosts: 62.75.224.159 bns2.net
O1 - Hosts: 62.75.224.159 bns3.net
O1 - Hosts: 62.75.224.159 bns4.net
O1 - Hosts: 62.75.224.159 bns5.net
O1 - Hosts: 62.75.224.159 bns6.net
O1 - Hosts: 62.75.224.159 bns7.net
O1 - Hosts: 62.75.224.159 bns8.net
O1 - Hosts: 62.75.224.159 cms1.net
O1 - Hosts: 62.75.224.159 cms2.net
O1 - Hosts: 62.75.224.159 cms3.net
O1 - Hosts: 62.75.224.159 cms4.net
O1 - Hosts: 62.75.224.159 cms5.net
O1 - Hosts: 62.75.224.159 cms6.net
O1 - Hosts: 62.75.224.159 cms7.net
O1 - Hosts: 62.75.224.159 cms8.net
O1 - Hosts: 62.75.224.159 rg1.com
O1 - Hosts: 62.75.224.159 rg2.com
O1 - Hosts: 62.75.224.159 rg3.com
O1 - Hosts: 62.75.224.159 rg4.com
O1 - Hosts: 62.75.224.159 rg5.com
O1 - Hosts: 62.75.224.159 rg6.com
O1 - Hosts: 62.75.224.159 rg7.com
O1 - Hosts: 62.75.224.159 rg8.com
O1 - Hosts: 62.75.224.159 cjt1.net
O1 - Hosts: 62.75.224.159 rgs1.net
O1 - Hosts: 62.75.224.159 rgs2.net
O1 - Hosts: 62.75.224.159 bns1.net
O1 - Hosts: 62.75.224.159 bns2.net
O1 - Hosts: 62.75.224.159 cms1.net
O1 - Hosts: 62.75.224.159 cms2.net
O1 - Hosts: 62.75.224.159 j800banners.cjt1.net
O1 - Hosts: 62.75.224.159 jadlogix.cjt1.net
O1 - Hosts: 62.75.224.159 jadtegrity.cjt1.net
O1 - Hosts: 62.75.224.159 jaimmedia.cjt1.net
O1 - Hosts: 62.75.224.159 javatar.cjt1.net
O1 - Hosts: 62.75.224.159 jbeet.cjt1.net
O1 - Hosts: 62.75.224.159 jbigpops.cjt1.net
O1 - Hosts: 62.75.224.159 jbouncetek.cjt1.net
O1 - Hosts: 62.75.224.159 jbravenet.cjt1.net
O1 - Hosts: 62.75.224.159 jcdcover.cjt1.net
O1 - Hosts: 62.75.224.159 jclickspring.cjt1.net
O1 - Hosts: 62.75.224.159 jcollegehumor.cjt1.net
O1 - Hosts: 62.75.224.159 jdownloadacc.cjt1.net
O1 - Hosts: 62.75.224.159 jedonkey.cjt1.net
O1 - Hosts: 62.75.224.159 jeuniverse.cjt1.net
O1 - Hosts: 62.75.224.159 jhot.cjt1.net
O1 - Hosts: 62.75.224.159 jicmedia.cjt1.net
O1 - Hosts: 62.75.224.159 jicq.cjt1.net
O1 - Hosts: 62.75.224.159 jieplugin.cjt1.net
O1 - Hosts: 62.75.224.159 jinternetoptimizer.cjt1.net
O1 - Hosts: 62.75.224.159 jmediabuy1.cjt1.net
O1 - Hosts: 62.75.224.159 jmediabuyad.cjt1.net
O1 - Hosts: 62.75.224.159 jmindset.cjt1.net
O1 - Hosts: 62.75.224.159 jmindsettest.cjt1.net
O1 - Hosts: 62.75.224.159 jnictech.cjt1.net
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jpiolet.cjt1.net
O1 - Hosts: 62.75.224.159 jsanboxer.cjt1.net
O1 - Hosts: 62.75.224.159 jsercee.cjt1.net
O1 - Hosts: 62.75.224.159 jthedelfin.cjt1.net
O1 - Hosts: 62.75.224.159 jwarezp2p.cjt1.net
O1 - Hosts: 62.75.224.159 jwildmedia.cjt1.net
O1 - Hosts: 62.75.224.159 mediabuy-nic.cjt1.net
O1 - Hosts: 62.75.224.159 www.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jcms.cydoor.com
O1 - Hosts: 62.75.224.159 cydoor.com
O1 - Hosts: 62.75.224.159 www.cydoor.com
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: QXK Olive - {0683B6A6-0FF9-4C6C-9240-B71CA010D48F} - C:\WINDOWS\nldfmtapndk.dll
O2 - BHO: (no name) - {1B55E1E5-3216-4F89-B243-C0DA572F878E} - C:\WINDOWS\system32\qoMdETLd.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: {805e6663-b7c7-5e88-72b4-b57a1a7ded93} - {39ded7a1-a75b-4b27-88e5-7c7b3666e508} - C:\WINDOWS\system32\eeahtbsg.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {8294D83E-4F05-4783-BB7C-DE3EF0B79B64} - C:\WINDOWS\system32\opnonoOg.dll
O2 - BHO: Windows Live Connection Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {BD962BAB-F429-460F-805B-B137087AB623} - C:\WINDOWS\system32\ssqQifdA.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll
O3 - Toolbar: Display Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: gktxaspm - {CA5FD8FF-2744-4E18-BDF2-07A02A98AF3A} - C:\WINDOWS\gktxaspm.dll
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\kutubmce.dll",b
O4 - HKLM\..\Run: [BM5796bdc3] Rundll32.exe "C:\WINDOWS\system32\gqfvutdt.dll",s
O4 - HKLM\..\RunOnce: [eISS_cleanup] "C:\DOCUME~1\Alexis\LOCALS~1\Temp\cacu_001.exe" /cleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [] "C:\Program Files\Internet Explorer\iexplore.exe" https://support.norton.com/sp/fr/fr/home/current/solutions/kb20090121104844EN?a=00000082.0000001f.0000005f&abproduct=SymNRT&abversion=2008.0.1.19&b=00000082.00000045.0000011b&build=Symantec&c=00000083.0000001a.000000c6&ced=true&d=00000083.00000030.0000010e&entsrc=CED_pubweb&error=0&module=2007&src=_mi
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Xavier WINDAL')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-1006\..\RunOnce: [^SetupICWDesktop] (User 'Xavier WINDAL')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Perrine')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-1008\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Perrine')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-2129557840-4265919523-2197693088-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Page à noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll/gn_menu1.html
O8 - Extra context menu item: À noter (Google Bloc-notes) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
17 answers
Hello,
download GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip to your desktop
unzip the folder, double-click on GenProc.bat and post the contents of the report that opens
Help with images: http://www.alt-shift-return.org/Info/GenProc-HowTo.html
download GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip to your desktop
unzip the folder, double-click on GenProc.bat and post the contents of the report that opens
Help with images: http://www.alt-shift-return.org/Info/GenProc-HowTo.html
HERE IS THE CONTENT
GenProc Report 1.965 [1] conducted on 05/23/2008 at 18:29:09.14 - Windows XP
In CCleaner, click on "Options," "Advanced," and uncheck the box "Delete only files in the Windows Temp folder older than 48 hours." After that, leave it with its default settings. That’s it.
# Step 1/ Download:
- Navilog1 (IL-MAFIOSO) http://il.mafioso.pagesperso-orange.fr/Navifix/Navilog1.exe to your desktop. Double-click on navilog1.exe to start the installation. Once the installation is complete, the fix will run automatically (if not, double-click on the Navilog1 shortcut on the desktop). Follow the prompts. In the main menu, choose 1 and confirm.
Wait for the message "Analysis Finished .....". Press a key as requested, the Notepad will open, post it now and move on to the next step.
- VundoFix.exe (Atribune) http://www.atribune.org/ccount/click.php?id=4 to your Desktop
- combofix.exe (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe to your Desktop
- SmitfrauFix (S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.exe
* double-click on the file "smitfraudfix.exe" and choose option 1; it will list all harmful items in a report: post it now.
- MSNFix.zip (!aur3n7) http://sosvirus.changelog.fr/MSNFix.zip and extract it to the Desktop.
***** Copy the following into a text file and restart in safe mode as indicated here https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ (choose your current session "Alexis") *****
# Step 2/
* Double-click on the Navilog1 shortcut, choose option 2 and confirm, wait for the message: *** Cleaning Finished ..... ***, Notepad will open; save the report so you can locate it, close Notepad. Your desktop will reappear.
# Step 3/
* Double-click VundoFix.exe to launch it, then click the "Scan for Vundo" button.
When the scan is complete, click the "Fix Vundo" button, a prompt will ask if you want to delete the files, click YES: the Desktop will disappear for a moment while files are being deleted.
You will see a prompt announcing that your PC will restart: click OK.
Note: It is possible that VundoFix may encounter a file it cannot delete. If so, the tool will run at the next restart; just follow the instructions above, starting from "click the Scan for Vundo button"
* Double-click [b]combofix.exe/b.
Press the Y (Yes) key to start the scan.
When the scan is complete, a report will appear
# Step 4/
Double-click the file "SmitfraudFix.exe" and choose option 2, answer yes to everything and let it proceed. Save the report to your desktop.
# Step 5/
Run the file MSNFix.bat located in the MSNfix folder on your desktop.
- Execute option R.
- If the infection is detected, execute option N.
- Save this report to your desktop.
# Step 6/
Run CCleaner: "Cleaner"/"launch cleaning" and that’s it.
# Step 7/
Restart normally and post, in the same reply:
- A new HijackThis report, with all windows and applications closed http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ;
- The contents of the report located in C:\vundofix.txt ;
- The contents of the report located in C:\Combofix.txt ;
- The SmitfraudFix report you saved on your desktop ;
- The contents of the cleannavi.txt file located in My Computer C:\ ;
- The contents of the MSNfix report located on the Desktop ;
Specify any difficulties you encountered (what you couldn't do...) as well as the evolution of the situation.
GenProc Report 1.965 [1] conducted on 05/23/2008 at 18:29:09.14 - Windows XP
In CCleaner, click on "Options," "Advanced," and uncheck the box "Delete only files in the Windows Temp folder older than 48 hours." After that, leave it with its default settings. That’s it.
# Step 1/ Download:
- Navilog1 (IL-MAFIOSO) http://il.mafioso.pagesperso-orange.fr/Navifix/Navilog1.exe to your desktop. Double-click on navilog1.exe to start the installation. Once the installation is complete, the fix will run automatically (if not, double-click on the Navilog1 shortcut on the desktop). Follow the prompts. In the main menu, choose 1 and confirm.
Wait for the message "Analysis Finished .....". Press a key as requested, the Notepad will open, post it now and move on to the next step.
- VundoFix.exe (Atribune) http://www.atribune.org/ccount/click.php?id=4 to your Desktop
- combofix.exe (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe to your Desktop
- SmitfrauFix (S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.exe
* double-click on the file "smitfraudfix.exe" and choose option 1; it will list all harmful items in a report: post it now.
- MSNFix.zip (!aur3n7) http://sosvirus.changelog.fr/MSNFix.zip and extract it to the Desktop.
***** Copy the following into a text file and restart in safe mode as indicated here https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ (choose your current session "Alexis") *****
# Step 2/
* Double-click on the Navilog1 shortcut, choose option 2 and confirm, wait for the message: *** Cleaning Finished ..... ***, Notepad will open; save the report so you can locate it, close Notepad. Your desktop will reappear.
# Step 3/
* Double-click VundoFix.exe to launch it, then click the "Scan for Vundo" button.
When the scan is complete, click the "Fix Vundo" button, a prompt will ask if you want to delete the files, click YES: the Desktop will disappear for a moment while files are being deleted.
You will see a prompt announcing that your PC will restart: click OK.
Note: It is possible that VundoFix may encounter a file it cannot delete. If so, the tool will run at the next restart; just follow the instructions above, starting from "click the Scan for Vundo button"
* Double-click [b]combofix.exe/b.
Press the Y (Yes) key to start the scan.
When the scan is complete, a report will appear
# Step 4/
Double-click the file "SmitfraudFix.exe" and choose option 2, answer yes to everything and let it proceed. Save the report to your desktop.
# Step 5/
Run the file MSNFix.bat located in the MSNfix folder on your desktop.
- Execute option R.
- If the infection is detected, execute option N.
- Save this report to your desktop.
# Step 6/
Run CCleaner: "Cleaner"/"launch cleaning" and that’s it.
# Step 7/
Restart normally and post, in the same reply:
- A new HijackThis report, with all windows and applications closed http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ;
- The contents of the report located in C:\vundofix.txt ;
- The contents of the report located in C:\Combofix.txt ;
- The SmitfraudFix report you saved on your desktop ;
- The contents of the cleannavi.txt file located in My Computer C:\ ;
- The contents of the MSNfix report located on the Desktop ;
Specify any difficulties you encountered (what you couldn't do...) as well as the evolution of the situation.
Here it is, I continue with the rest
Search Navipromo version 3.5.7 started on
05/23/2008 at 18:39:25.84
!!! Warning, this report may indicate
legitimate files/programs!!!
!!! Post this report on the forum for analysis!!!
!!! Do not start the disinfection process without
the advice of a specialist!!!
Tool executed from C:\Program Files\navilog1
Current session: "Alexis"
Updated on 05/11/2008 at 18:00 by IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer: 7.0.5730.13
File system: NTFS
Search executed in normal mode
*** Searching Installed Programs ***
*** Searching folders in "C:\WINDOWS" ***
*** Searching folders in "C:\Program Files" ***
*** Searching folders in "c:\docume~1\alluse~1
\applic~1" ***
*** Searching folders in "c:\docume~1\alluse~1
\menudm~1\progra~1" ***
*** Searching folders in "C:\Documents and
Settings\Alexis\applic~1" ***
*** Searching folders in "C:\DOCUME~1\ADMINI~1
\applic~1" ***
*** Searching folders in "C:\DOCUME~1
\Perrine\applic~1" ***
*** Searching folders in "C:\DOCUME~1\XAVIER~1
\applic~1" ***
*** Searching folders in "C:\Documents and
Settings\Alexis\locals~1\applic~1" ***
*** Searching folders in "C:\DOCUME~1\ADMINI~1
\locals~1\applic~1" ***
*** Searching folders in "C:\DOCUME~1
\Perrine\locals~1\applic~1" ***
*** Searching folders in "C:\DOCUME~1\XAVIER~1
\locals~1\applic~1" ***
*** Searching folders in "C:\Documents and
Settings\Alexis\menudm~1\progra~1" ***
*** Searching folders in "C:\DOCUME~1\ADMINI~1
\menudm~1\progra~1" ***
*** Searching folders in "C:\DOCUME~1
\Perrine\menudm~1\progra~1" ***
*** Searching folders in "C:\DOCUME~1\XAVIER~1
\menudm~1\progra~1" ***
*** Searching with Catchme-rootkit/stealth malware
detector by gmer ***
for more info: http://www.gmer.net
No files found
*** Searching with GenericNaviSearch ***
!!! All these results may reveal
legitimate files!!!
!!! Must be checked before any
manual deletion!!!
* Searching in "C:\WINDOWS\system32" *
* Searching in "C:\Documents and
Settings\Alexis\locals~1\applic~1" *
* Searching in "C:\DOCUME~1\ADMINI~1\locals~1
\applic~1" *
* Searching in "C:\DOCUME~1\Perrine\locals~1
\applic~1" *
* Searching in "C:\DOCUME~1\XAVIER~1\locals~1
\applic~1" *
*** Search files ***
C:\WINDOWS\pack.epk found!
*** Searching specific keys in the Registry
***
HKEY_CURRENT_USER\Software\Lanconfig found!
*** Additional Search Module ***
(Searching specific files)
1)Searching new Instant Access files:
2)Heuristic Search:
* In "C:\WINDOWS\system32":
crfndygucq.dat found!
crfndygucq_nav.dat found!
crfndygucq_navps.dat found!
nxtfjki.dat found!
nxtfjki_nav.dat found!
nxtfjki_navps.dat found!
nxtfjki_navup.dat found!
* In "C:\Documents and Settings\Alexis\locals~1
\applic~1":
* In "C:\DOCUME~1\ADMINI~1\locals~1\applic~1":
* In "C:\DOCUME~1\Perrine\locals~1\applic~1":
* In "C:\DOCUME~1\XAVIER~1\locals~1\applic~1":
3)Searching Certificates:
Egroup Certificate found!
Electronic-Group Certificate absent!
OOO-Favorit Certificate absent!
Sunny-Day-Design-Ltd Certificate absent!
4)Searching known files:
C:\WINDOWS\system32\gOononpo.ini2 found!
possible Vundo infection not handled by this tool
!
C:\WINDOWS\system32\YybJlUtv.ini2 found!
possible Vundo infection not handled by this tool
!
*** Analysis completed on 05/23/2008 at 18:47:31.99
***
Search Navipromo version 3.5.7 started on
05/23/2008 at 18:39:25.84
!!! Warning, this report may indicate
legitimate files/programs!!!
!!! Post this report on the forum for analysis!!!
!!! Do not start the disinfection process without
the advice of a specialist!!!
Tool executed from C:\Program Files\navilog1
Current session: "Alexis"
Updated on 05/11/2008 at 18:00 by IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer: 7.0.5730.13
File system: NTFS
Search executed in normal mode
*** Searching Installed Programs ***
*** Searching folders in "C:\WINDOWS" ***
*** Searching folders in "C:\Program Files" ***
*** Searching folders in "c:\docume~1\alluse~1
\applic~1" ***
*** Searching folders in "c:\docume~1\alluse~1
\menudm~1\progra~1" ***
*** Searching folders in "C:\Documents and
Settings\Alexis\applic~1" ***
*** Searching folders in "C:\DOCUME~1\ADMINI~1
\applic~1" ***
*** Searching folders in "C:\DOCUME~1
\Perrine\applic~1" ***
*** Searching folders in "C:\DOCUME~1\XAVIER~1
\applic~1" ***
*** Searching folders in "C:\Documents and
Settings\Alexis\locals~1\applic~1" ***
*** Searching folders in "C:\DOCUME~1\ADMINI~1
\locals~1\applic~1" ***
*** Searching folders in "C:\DOCUME~1
\Perrine\locals~1\applic~1" ***
*** Searching folders in "C:\DOCUME~1\XAVIER~1
\locals~1\applic~1" ***
*** Searching folders in "C:\Documents and
Settings\Alexis\menudm~1\progra~1" ***
*** Searching folders in "C:\DOCUME~1\ADMINI~1
\menudm~1\progra~1" ***
*** Searching folders in "C:\DOCUME~1
\Perrine\menudm~1\progra~1" ***
*** Searching folders in "C:\DOCUME~1\XAVIER~1
\menudm~1\progra~1" ***
*** Searching with Catchme-rootkit/stealth malware
detector by gmer ***
for more info: http://www.gmer.net
No files found
*** Searching with GenericNaviSearch ***
!!! All these results may reveal
legitimate files!!!
!!! Must be checked before any
manual deletion!!!
* Searching in "C:\WINDOWS\system32" *
* Searching in "C:\Documents and
Settings\Alexis\locals~1\applic~1" *
* Searching in "C:\DOCUME~1\ADMINI~1\locals~1
\applic~1" *
* Searching in "C:\DOCUME~1\Perrine\locals~1
\applic~1" *
* Searching in "C:\DOCUME~1\XAVIER~1\locals~1
\applic~1" *
*** Search files ***
C:\WINDOWS\pack.epk found!
*** Searching specific keys in the Registry
***
HKEY_CURRENT_USER\Software\Lanconfig found!
*** Additional Search Module ***
(Searching specific files)
1)Searching new Instant Access files:
2)Heuristic Search:
* In "C:\WINDOWS\system32":
crfndygucq.dat found!
crfndygucq_nav.dat found!
crfndygucq_navps.dat found!
nxtfjki.dat found!
nxtfjki_nav.dat found!
nxtfjki_navps.dat found!
nxtfjki_navup.dat found!
* In "C:\Documents and Settings\Alexis\locals~1
\applic~1":
* In "C:\DOCUME~1\ADMINI~1\locals~1\applic~1":
* In "C:\DOCUME~1\Perrine\locals~1\applic~1":
* In "C:\DOCUME~1\XAVIER~1\locals~1\applic~1":
3)Searching Certificates:
Egroup Certificate found!
Electronic-Group Certificate absent!
OOO-Favorit Certificate absent!
Sunny-Day-Design-Ltd Certificate absent!
4)Searching known files:
C:\WINDOWS\system32\gOononpo.ini2 found!
possible Vundo infection not handled by this tool
!
C:\WINDOWS\system32\YybJlUtv.ini2 found!
possible Vundo infection not handled by this tool
!
*** Analysis completed on 05/23/2008 at 18:47:31.99
***
And the SmitFraudFix report v2.320
Report made at 18:49:52.70, 23/05/2008
Executed from C:\Documents and Settings\Alexis\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is NTFS
Fix executed in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\Common Files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2008\OneClick.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexis
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexis\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Alexis\Favorites
C:\DOCUME~1\Alexis\Favorites\Error Cleaner.url PRESENT !
C:\DOCUME~1\Alexis\Favorites\Privacy Protector.url PRESENT !
C:\DOCUME~1\Alexis\Favorites\Spyware?Malware Protection.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\Alexis\Desktop\Error Cleaner.url PRESENT !
C:\DOCUME~1\Alexis\Desktop\Privacy Protector.url PRESENT !
C:\DOCUME~1\Alexis\Desktop\Spyware?Malware Protection.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop items
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My homepage"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Warning, the following keys may not necessarily be infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Warning, the following keys may not necessarily be infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Warning, the following keys may not necessarily be infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Warning, the following keys may not necessarily be infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Warning, the following keys may not necessarily be infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Warning, the following keys may not necessarily be infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Inventel Gateway #4 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
Description: Inventel Gateway #4 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CDBD75EE-A158-4BE5-8882-51FA5B65951A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E781E867-E1A3-4A9A-A175-6F409C09852B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A879C299-193F-4CA8-A8DF-59B122C5E41D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CDBD75EE-A158-4BE5-8882-51FA5B65951A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E781E867-E1A3-4A9A-A175-6F409C09852B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CDBD75EE-A158-4BE5-8882-51FA5B65951A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E781E867-E1A3-4A9A-A175-6F409C09852B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Searching for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Report made at 18:49:52.70, 23/05/2008
Executed from C:\Documents and Settings\Alexis\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The file system type is NTFS
Fix executed in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\Common Files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2008\OneClick.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexis
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexis\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Alexis\Favorites
C:\DOCUME~1\Alexis\Favorites\Error Cleaner.url PRESENT !
C:\DOCUME~1\Alexis\Favorites\Privacy Protector.url PRESENT !
C:\DOCUME~1\Alexis\Favorites\Spyware?Malware Protection.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\Alexis\Desktop\Error Cleaner.url PRESENT !
C:\DOCUME~1\Alexis\Desktop\Privacy Protector.url PRESENT !
C:\DOCUME~1\Alexis\Desktop\Spyware?Malware Protection.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop items
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My homepage"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Warning, the following keys may not necessarily be infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Warning, the following keys may not necessarily be infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Warning, the following keys may not necessarily be infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Warning, the following keys may not necessarily be infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Warning, the following keys may not necessarily be infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Warning, the following keys may not necessarily be infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Inventel Gateway #4 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
Description: Inventel Gateway #4 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CDBD75EE-A158-4BE5-8882-51FA5B65951A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E781E867-E1A3-4A9A-A175-6F409C09852B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A879C299-193F-4CA8-A8DF-59B122C5E41D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CDBD75EE-A158-4BE5-8882-51FA5B65951A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E781E867-E1A3-4A9A-A175-6F409C09852B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{CDBD75EE-A158-4BE5-8882-51FA5B65951A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E781E867-E1A3-4A9A-A175-6F409C09852B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Searching for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Here I am again
I did everything: fix vundo found nothing and I couldn't start in safe mode, I went through safe mode with networking support. For now it seems to have disappeared.
Here are the requested reports
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:49, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\Common Files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: QXK Olive - {0683B6A6-0FF9-4C6C-9240-B71CA010D48F} - C:\WINDOWS\nldfmtapndk.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: {805e6663-b7c7-5e88-72b4-b57a1a7ded93} - {39ded7a1-a75b-4b27-88e5-7c7b3666e508} - C:\WINDOWS\system32\eeahtbsg.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Assistant Help Program - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll
O3 - Toolbar: (no name) - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: gktxaspm - {CA5FD8FF-2744-4E18-BDF2-07A02A98AF3A} - C:\WINDOWS\gktxaspm.dll (file missing)
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\kutubmce.dll",b
O4 - HKLM\..\Run: [BM5796bdc3] Rundll32.exe "C:\WINDOWS\system32\gqfvutdt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Note page (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll/gn_menu1.html
O8 - Extra context menu item: Note (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: gnowmebk - {36A732A7-0590-4960-975B-D846C72DA9EC} - C:\WINDOWS\gnowmebk.dll (file missing)
O21 - SSODL: pxgdslro - {B76C1C4D-BDEE-4F5B-804C-C10BAF9DF47B} - C:\WINDOWS\pxgdslro.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\Common Files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: HPZ12 Pml Driver - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooperated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 17039 bytes
VundoFix V7.0.5
Scan started at 19:23:06 23/05/2008
Listing files found while scanning....
No infected files were found.
VundoFix V7.0.5
Scan started at 20:07:13 23/05/2008
Listing files found while scanning....
No infected files were found.
ComboFix 08-05-21.3 - Alexis 2008-05-23 19:30:03.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1036.18.740 [GMT 2:00]
Location: C:\Documents and Settings\Alexis\Desktop\ComboFix.exe
[color=red][b]WARNING - THE RECOVERY CONSOLE IS NOT INSTALLED ON THIS MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Other deletions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Google\googletoolbar1.dll
C:\WINDOWS\BM5796bdc3.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\gktxaspm.dll
C:\WINDOWS\gnowmebk.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\pxgdslro.dll
C:\WINDOWS\system32\awtuvuvS.dll
C:\WINDOWS\system32\ecmbutuk.ini
C:\WINDOWS\system32\ehdbyjly.exe
C:\WINDOWS\system32\gOononpo.ini
C:\WINDOWS\system32\gOononpo.ini2
C:\WINDOWS\system32\isrepnmo.ini
C:\WINDOWS\system32\jthbunip.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ohbvkueh.ini
C:\WINDOWS\system32\opnonoOg.dll
C:\WINDOWS\system32\ssqQifdA.dll
C:\WINDOWS\system32\yuvoppys.exe
C:\WINDOWS\system32\YybJlUtv.ini
C:\WINDOWS\system32\YybJlUtv.ini2
.
(((((((((((((((((((((((((((((
I did everything: fix vundo found nothing and I couldn't start in safe mode, I went through safe mode with networking support. For now it seems to have disappeared.
Here are the requested reports
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:49, on 23/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\Common Files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: QXK Olive - {0683B6A6-0FF9-4C6C-9240-B71CA010D48F} - C:\WINDOWS\nldfmtapndk.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: {805e6663-b7c7-5e88-72b4-b57a1a7ded93} - {39ded7a1-a75b-4b27-88e5-7c7b3666e508} - C:\WINDOWS\system32\eeahtbsg.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Assistant Help Program - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll
O3 - Toolbar: (no name) - {4596013b-6c31-408b-a266-deae5c086dc2} - (no file)
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: gktxaspm - {CA5FD8FF-2744-4E18-BDF2-07A02A98AF3A} - C:\WINDOWS\gktxaspm.dll (file missing)
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\kutubmce.dll",b
O4 - HKLM\..\Run: [BM5796bdc3] Rundll32.exe "C:\WINDOWS\system32\gqfvutdt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Note page (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll/gn_menu1.html
O8 - Extra context menu item: Note (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--995133581.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: gnowmebk - {36A732A7-0590-4960-975B-D846C72DA9EC} - C:\WINDOWS\gnowmebk.dll (file missing)
O21 - SSODL: pxgdslro - {B76C1C4D-BDEE-4F5B-804C-C10BAF9DF47B} - C:\WINDOWS\pxgdslro.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\Common Files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: HPZ12 Pml Driver - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooperated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 17039 bytes
VundoFix V7.0.5
Scan started at 19:23:06 23/05/2008
Listing files found while scanning....
No infected files were found.
VundoFix V7.0.5
Scan started at 20:07:13 23/05/2008
Listing files found while scanning....
No infected files were found.
ComboFix 08-05-21.3 - Alexis 2008-05-23 19:30:03.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1036.18.740 [GMT 2:00]
Location: C:\Documents and Settings\Alexis\Desktop\ComboFix.exe
[color=red][b]WARNING - THE RECOVERY CONSOLE IS NOT INSTALLED ON THIS MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Other deletions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Google\googletoolbar1.dll
C:\WINDOWS\BM5796bdc3.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\gktxaspm.dll
C:\WINDOWS\gnowmebk.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\pxgdslro.dll
C:\WINDOWS\system32\awtuvuvS.dll
C:\WINDOWS\system32\ecmbutuk.ini
C:\WINDOWS\system32\ehdbyjly.exe
C:\WINDOWS\system32\gOononpo.ini
C:\WINDOWS\system32\gOononpo.ini2
C:\WINDOWS\system32\isrepnmo.ini
C:\WINDOWS\system32\jthbunip.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ohbvkueh.ini
C:\WINDOWS\system32\opnonoOg.dll
C:\WINDOWS\system32\ssqQifdA.dll
C:\WINDOWS\system32\yuvoppys.exe
C:\WINDOWS\system32\YybJlUtv.ini
C:\WINDOWS\system32\YybJlUtv.ini2
.
(((((((((((((((((((((((((((((
HERE IS THE FIRST REPORT
ComboFix 08-05-21.3 - Alexis 2008-05-23 21:03:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1036.18.411 [GMT 2:00]
Location: C:\Documents and Settings\Alexis\Desktop\Repair\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alexis\Desktop\CFScript.txt
* Creation of a new restore point
[color=red][b]WARNING - THE RECOVERY CONSOLE IS NOT INSTALLED ON THIS MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\eavx.exe
C:\WINDOWS\gktxaspm.dll
C:\WINDOWS\gnowmebk.dll
C:\WINDOWS\mdtgkswr.exe
C:\WINDOWS\nldfmtapndk.dll
C:\WINDOWS\pxgdslro.dll
C:\WINDOWS\system32\eeahtbsg.dll
C:\WINDOWS\system32\gqfvutdt.dll
C:\WINDOWS\system32\kutubmce.dll
C:\WINDOWS\system32\mtogwxlu.dll
C:\WINDOWS\system32\tcjqhmtt.dll
.
(((((((((((((((((((((((((((((((((((( Other deletions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alexis\ANTI-SPYWARE eTrust.PestPatrol. v8.0.0.6(with serial keys)
C:\Documents and Settings\Alexis\ANTI-SPYWARE eTrust.PestPatrol. v8.0.0.6(with serial keys)\eTrust.PestPatrol.Anti-Spyware.v8.0.0.6.rar
C:\Documents and Settings\Alexis\ANTI-SPYWARE eTrust.PestPatrol. v8.0.0.6(with serial keys)\eTrust.PestPatrol.Anti-Spyware.v8.0.0.6\pptrialr8.exe
C:\Documents and Settings\Alexis\ANTI-SPYWARE eTrust.PestPatrol. v8.0.0.6(with serial keys)\eTrust.PestPatrol.Anti-Spyware.v8.0.0.6\READ ME!!!.txt
C:\WINDOWS\eavx.exe
C:\WINDOWS\mdtgkswr.exe
C:\WINDOWS\nldfmtapndk.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\eeahtbsg.dll
C:\WINDOWS\system32\gqfvutdt.dll
C:\WINDOWS\system32\kutubmce.dll
C:\WINDOWS\system32\mtogwxlu.dll
C:\WINDOWS\system32\tcjqhmtt.dll
.
((((((((((((((((((((((((((((( Files created 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
.
2008-05-23 20:18 . 2008-05-23 21:03 354 ---hs---- C:\WINDOWS\system32\ecmbutuk.ini
2008-05-23 20:18 . 2008-05-23 20:18 0 --a------ C:\WINDOWS\BM5796bdc3.xml
2008-05-23 19:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-23 19:23 . 2008-05-23 19:23 <REP> d-------- C:\VundoFix Backups
2008-05-23 18:50 . 2008-05-23 19:57 3,550 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-23 18:50 . 2008-05-23 19:57 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-05-23 18:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-23 18:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-23 18:49 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-23 18:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-23 18:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-23 18:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-23 18:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-23 18:36 . 2008-05-23 19:22 <REP> d-------- C:\Program Files\Navilog1
2008-05-23 18:10 . 2008-05-23 18:10 <REP> d-------- C:\Program Files\Trend Micro
2008-05-22 23:39 . 2008-05-22 23:39 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\TmpRecentIcons
2008-05-22 21:26 . 2008-05-22 21:26 <REP> d-------- C:\Documents and Settings\Incomplete\FTACHJK44J4ZXNUO3GN5VBRWRYDOELFZ
2008-05-22 21:12 . 2008-05-22 21:12 0 --a------ C:\WINDOWS\pestpatrol5.INI
2008-05-22 21:04 . 2008-05-22 21:04 <REP> d-------- C:\Program Files\CA
2008-05-22 20:58 . 2008-05-22 20:58 <REP> d-------- C:\Documents and Settings\Alexis\Total Uninstall 4.8.0.562 Multilingual
2008-05-22 20:57 . 2008-05-22 21:16 17,706,611 --a------ C:\Documents and Settings\Alexis\Agnitum Outpost Firewall Pro v4.0.1025.zip
2008-05-22 19:37 . 2008-05-23 20:21 3,616 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-05-22 19:33 . 2008-05-23 19:55 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-22 19:31 . 2008-05-23 20:18 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
2008-05-22 18:03 . 2008-05-22 18:03 143 --a------ C:\term.bat
2008-05-22 17:35 . 2008-05-22 17:35 <REP> d-------- C:\Documents and Settings\Incomplete\JOR2K44V4QZDISGCTFQFUEX33JGWWBGR
2008-05-22 17:32 . 2008-05-22 17:32 <REP> d-------- C:\Documents and Settings\Incomplete\CLWYQCLC7UG35RQEH2ARY3AOKITA55DD
2008-05-21 20:09 . 2008-05-21 20:09 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\DVDFab
2008-05-21 19:31 . 2008-05-21 19:31 <REP> d-------- C:\Program Files\DVDFab Platinum 4
2008-05-21 19:31 . 2008-05-21 20:17 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Vso
2008-05-21 19:31 . 2008-05-21 19:31 87,608 --a------ C:\Documents and Settings\Alexis\Application Data\inst.exe
2008-05-21 19:31 . 2008-05-21 19:31 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-21 19:31 . 2008-05-21 19:31 47,360 --a------ C:\Documents and Settings\Alexis\Application Data\pcouffin.sys
2008-05-21 19:29 . 2008-05-21 19:29 <REP> d-------- C:\Documents and Settings\Alexis\DVDFab Platinum 4.0.5.5 Full-Ghosthunter
2008-05-18 18:42 . 2008-05-18 18:42 <REP> d-------- C:\Program Files\Nero
2008-05-18 18:42 . 2008-05-18 18:44 <REP> d-------- C:\Program Files\Common Files\Nero
2008-05-10 12:27 . 2008-05-10 12:27 <REP> d--hs---- C:\found.000
2008-05-08 10:40 . 2008-05-08 10:40 <REP> d-------- C:\Program Files\TagRename
2008-05-08 10:11 . 2008-05-08 10:11 495,104 --a------ C:\WINDOWS\system32\mp3tsshx.dll
2008-05-08 10:08 . 2008-05-08 10:08 <REP> d-------- C:\Program Files\Media Tagger
2008-05-07 17:56 . 2005-02-22 12:36 765,952 --a------ C:\WINDOWS\system32\CDDBUI.dll
2008-05-07 17:56 . 2005-02-22 12:37 589,824 --a------ C:\WINDOWS\system32\CDDBControl.dll
2008-05-07 17:56 . 2006-09-05 08:49 503,808 --a------ C:\WINDOWS\system32\MLAG2.ocx
2008-05-07 17:56 . 2000-12-05 20:00 415,176 --a------ C:\WINDOWS\system32\COMCT332.OCX
2008-05-07 17:56 . 2001-07-09 02:18 141,408 --a------ C:\WINDOWS\system32\dXPSystm.dll
2008-05-07 17:56 . 2004-03-09 01:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-07 17:56 . 1998-06-17 20:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-05-07 16:50 . 2008-05-07 16:50 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\AQUATRA
2008-05-04 11:32 . 2008-05-04 11:32 <REP> d-------- C:\WINDOWS\IP Changer
2008-05-04 09:19 . 2008-05-04 09:19 <REP> d-------- C:\WINDOWS\Caps
2008-05-03 10:38 . 2008-05-03 10:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-02 18:56 . 2007-07-19 22:42 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2008-05-01 20:36 . 2008-05-01 20:36 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-01 20:36 . 2008-05-01 20:36 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-01 20:32 . 2008-05-01 20:32 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Sunbelt Software
2008-04-27 14:40 . 2008-04-27 14:40 <REP> d-------- C:\WINDOWS\system32\Akamai Technologies
2008-04-27 12:08 . 2008-05-04 11:34 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\tor
2008-04-27 12:07 . 2008-04-27 12:07 <REP> d-------- C:\Program Files\Vidalia Bundle
2008-04-27 12:07 . 2008-05-04 11:35 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Vidalia
.
(((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 17:30 --------- d-----w C:\Program Files\Google
2008-05-23 17:00 --------- d-----w C:\Program Files\Conduit
2008-05-23 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-22 19:28 6,584 ----a-w C:\Documents and Settings\Incomplete\downloads.dat
2008-05-22 18:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-22 16:53 --------- d-----w C:\Program Files\FreeCommander
2008-05-22 16:40 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Orbit
2008-05-21 19:05 --------- d-----w C:\Program Files\Notepad++
2008-05-21 19:05 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Notepad++
2008-05-21 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\UniversalisV13
2008-05-18 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-10 11:50 --------- d-----w C:\Program Files\Opera
2008-05-10 11:36 --------- d-----w C:\Program Files\Audible
2008-05-10 08:45 --------- d-----w C:\Documents and Settings\Perrine\Application Data\Orbit
2008-05-09 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-02 10:04 --------- d-----w C:\Program Files\LimeWire
2008-04-29 11:10 --------- d-----w C:\Program Files\Creative
2008-04-28 17:53 --------- d-----w C:\Program Files\ScanSoft
2008-04-28 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-25 16:04 --------- d-----w C:\Program Files\Apple Software Update
2008-04-20 11:56 --------- d-----w C:\Program Files\iTunes
2008-04-20 11:56 --------- d-----w C:\Program Files\iPod
2008-04-20 11:53 --------- d-----w C:\Program Files\QuickTime
2008-04-11 19:08 --------- d-----w C:\Program Files\Picasa2
2008-04-08 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-04-08 17:32 --------- d-----w C:\Documents and Settings\Alexis\Application Data\TechSmith
2008-04-08 16:15 --------- d-----w C:\Program Files\TechSmith
2008-04-08 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-04-08 16:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 15:55 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-29 14:59 --------- d-----w C:\Program Files\Activision
2008-03-29 14:47 --------- d-----w C:\Documents and Settings\Alexis\Application Data\FarStone
2008-03-29 14:44 --------- d-----w C:\Program Files\FarStone
2008-03-29 14:42 --------- d-----w C:\Program Files\temp
2008-03-28 18:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 06:47 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-28 06:47 --------- d-----w C:\Documents and Settings\Alexis\Application Data\DAEMON Tools
2008-03-26 15:52 --------- d-----w C:\Program Files\EasyPHP 2.0b1
2008-03-24 10:42 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-24 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-24 10:42 --------- d-----w C:\Documents and Settings\Alexis\Application Data\TuneUp Software
2008-03-23 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-03-23 20:39 --------- d-----w C:\Documents and Settings\Alexis\Application Data\iolo
2008-03-23 19:55 --------- d-----w C:\Program Files\DupeEliminator
2008-03-23 19:47 --------- d-----w C:\Program Files\RomStation
2008-03-16 11:33 57,344 ----a-w C:\Documents and Settings\Alexis\lametritonus.dll
2008-03-16 11:33 162,304 ----a-w C:\Documents and Settings\Alexis\lame_enc.dll
2008-03-09 11:27 772 ----a-w C:\Documents and Settings\Alexis\Application Data\wklnhst.dat
2008-03-07 17:46 461 ----a-w C:\Documents and Settings\Alexis\Jscript.reg
2007-12-24 18:57 4,532,651 ----a-w C:\Program Files\EasyWMVDemo.dmg
2007-12-24 17:56 54,330,664 ----a-w C:\Program Files\iTunesSetup.exe
2007-09-29 10:23 498,552 ----a-w C:\Program Files\setup.exe
2007-06-13 13:22 22,040 ---ha-w C:\Documents and Settings\Xavier WINDAL\Application Data\addon.dat
2007-06-13 13:22 22,040 ---h--w C:\Documents and Settings\Perrine\Application Data\addon.dat
2007-05-14 18:11 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2007-05-05 19:01 16,590,480 ----a-w C:\Program Files\jre-1_5_0_10-windows-i586-p-s.exe
2007-05-05 18:31 6,943,028 ----a-w C:\Program Files\installpro.exe
2007-04-19 10:50 53,062 ----a-w C:\Program Files\__def.rip2
2007-04-19 10:46 493 ----a-w C:\Program Files\versions.xml
2007-04-19 10:44 19,473,146 ----a-w C:\Program Files\RI4M_v501d_setup.exe
2007-03-07 17:19 295 ----a-w C:\Program Files\iepatch.reg
2007-03-02 12:06 8,344,627 ----a-w C:\Program Files\sfs6int.exe
2007-02-23 09:23 535,512 ----a-w C:\Program Files\pllangs.exe
2006-10-26 17:33 0 ----a-w C:\Documents and Settings\Perrine\Application Data\wklnhst.dat
2006-10-21 19:20 0 ----a-w C:\Documents and Settings\Xavier WINDAL\Application Data\wklnhst.dat
2006-03-20 13:47 0 ----a-w C:\Documents and Settings\Alexis\CONFIG.SYS
2006-03-20 13:47 0 ----a-w C:\Documents and Settings\Alexis\AUTOEXEC.BAT
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2008-02-16 13:49 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-23_19.55.56.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 17:40:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 19:11:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 19:13:16 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_a04.dat
.
((((((((((((((((((((((((((((((((( Registry Load Points )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* empty items & legitimate initial items are not listed
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 13:11 176128]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-13 23:43 217088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"WD Button Manager"="WDBtnMgr.exe" [2008-01-31 19:26 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 13:47 118784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gnowmebk"= {36A732A7-0590-4960-975B-D846C72DA9EC} - C:\WINDOWS\gnowmebk.dll [ ]
"pxgdslro"= {B76C1C4D-BDEE-4F5B-804C-C10BAF9DF47B} - C:\WINDOWS\pxgdslro.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Alexis^Menu Start^Programs^Startup^Memeo AutoSync Launcher.lnk]
backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Alexis^Menu Start^Programs^Startup^WD Anywhere Backup Launcher.lnk]
backup=C:\WINDOWS\pss\WD Anywhere Backup Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programs^Startup^Quick Launch of Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programs\Startup\Quick Launch of Adobe Reader.lnk
backup=C:\WINDOWS\pss\Quick Launch of Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programs^Startup^Orbit.lnk]
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
path=C:\Documents and Settings\All Users\Menu Start\Programs\Startup\Orbit.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programs^Startup^Google Update Tool.lnk]
backup=C:\WINDOWS\pss\Google Update Tool.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programs^Startup^Privoxy.lnk]
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54a58e5f]
--a------ 2004-08-10 14:00 33792 C:\WINDOWS\system32\rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
C:\Program Files\Norton Password Manager\AcctMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2008-01-30 20:36 2476408 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Discovery\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2006-10-23 01:48 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-06-08 10:18 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-10 14:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2007-12-23 01:03 916240 C:\Program Files\Eraser\eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-26 00:13 29744 C:\Program Files\Google\Google Desktop
ComboFix 08-05-21.3 - Alexis 2008-05-23 21:03:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1036.18.411 [GMT 2:00]
Location: C:\Documents and Settings\Alexis\Desktop\Repair\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alexis\Desktop\CFScript.txt
* Creation of a new restore point
[color=red][b]WARNING - THE RECOVERY CONSOLE IS NOT INSTALLED ON THIS MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\eavx.exe
C:\WINDOWS\gktxaspm.dll
C:\WINDOWS\gnowmebk.dll
C:\WINDOWS\mdtgkswr.exe
C:\WINDOWS\nldfmtapndk.dll
C:\WINDOWS\pxgdslro.dll
C:\WINDOWS\system32\eeahtbsg.dll
C:\WINDOWS\system32\gqfvutdt.dll
C:\WINDOWS\system32\kutubmce.dll
C:\WINDOWS\system32\mtogwxlu.dll
C:\WINDOWS\system32\tcjqhmtt.dll
.
(((((((((((((((((((((((((((((((((((( Other deletions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alexis\ANTI-SPYWARE eTrust.PestPatrol. v8.0.0.6(with serial keys)
C:\Documents and Settings\Alexis\ANTI-SPYWARE eTrust.PestPatrol. v8.0.0.6(with serial keys)\eTrust.PestPatrol.Anti-Spyware.v8.0.0.6.rar
C:\Documents and Settings\Alexis\ANTI-SPYWARE eTrust.PestPatrol. v8.0.0.6(with serial keys)\eTrust.PestPatrol.Anti-Spyware.v8.0.0.6\pptrialr8.exe
C:\Documents and Settings\Alexis\ANTI-SPYWARE eTrust.PestPatrol. v8.0.0.6(with serial keys)\eTrust.PestPatrol.Anti-Spyware.v8.0.0.6\READ ME!!!.txt
C:\WINDOWS\eavx.exe
C:\WINDOWS\mdtgkswr.exe
C:\WINDOWS\nldfmtapndk.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\eeahtbsg.dll
C:\WINDOWS\system32\gqfvutdt.dll
C:\WINDOWS\system32\kutubmce.dll
C:\WINDOWS\system32\mtogwxlu.dll
C:\WINDOWS\system32\tcjqhmtt.dll
.
((((((((((((((((((((((((((((( Files created 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))))))
.
2008-05-23 20:18 . 2008-05-23 21:03 354 ---hs---- C:\WINDOWS\system32\ecmbutuk.ini
2008-05-23 20:18 . 2008-05-23 20:18 0 --a------ C:\WINDOWS\BM5796bdc3.xml
2008-05-23 19:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-23 19:23 . 2008-05-23 19:23 <REP> d-------- C:\VundoFix Backups
2008-05-23 18:50 . 2008-05-23 19:57 3,550 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-23 18:50 . 2008-05-23 19:57 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-05-23 18:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-23 18:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-23 18:49 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-23 18:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-23 18:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-23 18:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-23 18:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-23 18:36 . 2008-05-23 19:22 <REP> d-------- C:\Program Files\Navilog1
2008-05-23 18:10 . 2008-05-23 18:10 <REP> d-------- C:\Program Files\Trend Micro
2008-05-22 23:39 . 2008-05-22 23:39 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\TmpRecentIcons
2008-05-22 21:26 . 2008-05-22 21:26 <REP> d-------- C:\Documents and Settings\Incomplete\FTACHJK44J4ZXNUO3GN5VBRWRYDOELFZ
2008-05-22 21:12 . 2008-05-22 21:12 0 --a------ C:\WINDOWS\pestpatrol5.INI
2008-05-22 21:04 . 2008-05-22 21:04 <REP> d-------- C:\Program Files\CA
2008-05-22 20:58 . 2008-05-22 20:58 <REP> d-------- C:\Documents and Settings\Alexis\Total Uninstall 4.8.0.562 Multilingual
2008-05-22 20:57 . 2008-05-22 21:16 17,706,611 --a------ C:\Documents and Settings\Alexis\Agnitum Outpost Firewall Pro v4.0.1025.zip
2008-05-22 19:37 . 2008-05-23 20:21 3,616 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-05-22 19:33 . 2008-05-23 19:55 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-22 19:31 . 2008-05-23 20:18 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
2008-05-22 18:03 . 2008-05-22 18:03 143 --a------ C:\term.bat
2008-05-22 17:35 . 2008-05-22 17:35 <REP> d-------- C:\Documents and Settings\Incomplete\JOR2K44V4QZDISGCTFQFUEX33JGWWBGR
2008-05-22 17:32 . 2008-05-22 17:32 <REP> d-------- C:\Documents and Settings\Incomplete\CLWYQCLC7UG35RQEH2ARY3AOKITA55DD
2008-05-21 20:09 . 2008-05-21 20:09 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\DVDFab
2008-05-21 19:31 . 2008-05-21 19:31 <REP> d-------- C:\Program Files\DVDFab Platinum 4
2008-05-21 19:31 . 2008-05-21 20:17 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Vso
2008-05-21 19:31 . 2008-05-21 19:31 87,608 --a------ C:\Documents and Settings\Alexis\Application Data\inst.exe
2008-05-21 19:31 . 2008-05-21 19:31 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-21 19:31 . 2008-05-21 19:31 47,360 --a------ C:\Documents and Settings\Alexis\Application Data\pcouffin.sys
2008-05-21 19:29 . 2008-05-21 19:29 <REP> d-------- C:\Documents and Settings\Alexis\DVDFab Platinum 4.0.5.5 Full-Ghosthunter
2008-05-18 18:42 . 2008-05-18 18:42 <REP> d-------- C:\Program Files\Nero
2008-05-18 18:42 . 2008-05-18 18:44 <REP> d-------- C:\Program Files\Common Files\Nero
2008-05-10 12:27 . 2008-05-10 12:27 <REP> d--hs---- C:\found.000
2008-05-08 10:40 . 2008-05-08 10:40 <REP> d-------- C:\Program Files\TagRename
2008-05-08 10:11 . 2008-05-08 10:11 495,104 --a------ C:\WINDOWS\system32\mp3tsshx.dll
2008-05-08 10:08 . 2008-05-08 10:08 <REP> d-------- C:\Program Files\Media Tagger
2008-05-07 17:56 . 2005-02-22 12:36 765,952 --a------ C:\WINDOWS\system32\CDDBUI.dll
2008-05-07 17:56 . 2005-02-22 12:37 589,824 --a------ C:\WINDOWS\system32\CDDBControl.dll
2008-05-07 17:56 . 2006-09-05 08:49 503,808 --a------ C:\WINDOWS\system32\MLAG2.ocx
2008-05-07 17:56 . 2000-12-05 20:00 415,176 --a------ C:\WINDOWS\system32\COMCT332.OCX
2008-05-07 17:56 . 2001-07-09 02:18 141,408 --a------ C:\WINDOWS\system32\dXPSystm.dll
2008-05-07 17:56 . 2004-03-09 01:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-07 17:56 . 1998-06-17 20:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-05-07 16:50 . 2008-05-07 16:50 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\AQUATRA
2008-05-04 11:32 . 2008-05-04 11:32 <REP> d-------- C:\WINDOWS\IP Changer
2008-05-04 09:19 . 2008-05-04 09:19 <REP> d-------- C:\WINDOWS\Caps
2008-05-03 10:38 . 2008-05-03 10:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-02 18:56 . 2007-07-19 22:42 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2008-05-01 20:36 . 2008-05-01 20:36 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-01 20:36 . 2008-05-01 20:36 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-01 20:32 . 2008-05-01 20:32 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Sunbelt Software
2008-04-27 14:40 . 2008-04-27 14:40 <REP> d-------- C:\WINDOWS\system32\Akamai Technologies
2008-04-27 12:08 . 2008-05-04 11:34 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\tor
2008-04-27 12:07 . 2008-04-27 12:07 <REP> d-------- C:\Program Files\Vidalia Bundle
2008-04-27 12:07 . 2008-05-04 11:35 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Vidalia
.
(((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 17:30 --------- d-----w C:\Program Files\Google
2008-05-23 17:00 --------- d-----w C:\Program Files\Conduit
2008-05-23 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-22 19:28 6,584 ----a-w C:\Documents and Settings\Incomplete\downloads.dat
2008-05-22 18:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-22 16:53 --------- d-----w C:\Program Files\FreeCommander
2008-05-22 16:40 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Orbit
2008-05-21 19:05 --------- d-----w C:\Program Files\Notepad++
2008-05-21 19:05 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Notepad++
2008-05-21 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\UniversalisV13
2008-05-18 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-10 11:50 --------- d-----w C:\Program Files\Opera
2008-05-10 11:36 --------- d-----w C:\Program Files\Audible
2008-05-10 08:45 --------- d-----w C:\Documents and Settings\Perrine\Application Data\Orbit
2008-05-09 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-02 10:04 --------- d-----w C:\Program Files\LimeWire
2008-04-29 11:10 --------- d-----w C:\Program Files\Creative
2008-04-28 17:53 --------- d-----w C:\Program Files\ScanSoft
2008-04-28 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-25 16:04 --------- d-----w C:\Program Files\Apple Software Update
2008-04-20 11:56 --------- d-----w C:\Program Files\iTunes
2008-04-20 11:56 --------- d-----w C:\Program Files\iPod
2008-04-20 11:53 --------- d-----w C:\Program Files\QuickTime
2008-04-11 19:08 --------- d-----w C:\Program Files\Picasa2
2008-04-08 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-04-08 17:32 --------- d-----w C:\Documents and Settings\Alexis\Application Data\TechSmith
2008-04-08 16:15 --------- d-----w C:\Program Files\TechSmith
2008-04-08 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-04-08 16:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 15:55 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-29 14:59 --------- d-----w C:\Program Files\Activision
2008-03-29 14:47 --------- d-----w C:\Documents and Settings\Alexis\Application Data\FarStone
2008-03-29 14:44 --------- d-----w C:\Program Files\FarStone
2008-03-29 14:42 --------- d-----w C:\Program Files\temp
2008-03-28 18:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 06:47 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-28 06:47 --------- d-----w C:\Documents and Settings\Alexis\Application Data\DAEMON Tools
2008-03-26 15:52 --------- d-----w C:\Program Files\EasyPHP 2.0b1
2008-03-24 10:42 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-24 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-24 10:42 --------- d-----w C:\Documents and Settings\Alexis\Application Data\TuneUp Software
2008-03-23 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-03-23 20:39 --------- d-----w C:\Documents and Settings\Alexis\Application Data\iolo
2008-03-23 19:55 --------- d-----w C:\Program Files\DupeEliminator
2008-03-23 19:47 --------- d-----w C:\Program Files\RomStation
2008-03-16 11:33 57,344 ----a-w C:\Documents and Settings\Alexis\lametritonus.dll
2008-03-16 11:33 162,304 ----a-w C:\Documents and Settings\Alexis\lame_enc.dll
2008-03-09 11:27 772 ----a-w C:\Documents and Settings\Alexis\Application Data\wklnhst.dat
2008-03-07 17:46 461 ----a-w C:\Documents and Settings\Alexis\Jscript.reg
2007-12-24 18:57 4,532,651 ----a-w C:\Program Files\EasyWMVDemo.dmg
2007-12-24 17:56 54,330,664 ----a-w C:\Program Files\iTunesSetup.exe
2007-09-29 10:23 498,552 ----a-w C:\Program Files\setup.exe
2007-06-13 13:22 22,040 ---ha-w C:\Documents and Settings\Xavier WINDAL\Application Data\addon.dat
2007-06-13 13:22 22,040 ---h--w C:\Documents and Settings\Perrine\Application Data\addon.dat
2007-05-14 18:11 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2007-05-05 19:01 16,590,480 ----a-w C:\Program Files\jre-1_5_0_10-windows-i586-p-s.exe
2007-05-05 18:31 6,943,028 ----a-w C:\Program Files\installpro.exe
2007-04-19 10:50 53,062 ----a-w C:\Program Files\__def.rip2
2007-04-19 10:46 493 ----a-w C:\Program Files\versions.xml
2007-04-19 10:44 19,473,146 ----a-w C:\Program Files\RI4M_v501d_setup.exe
2007-03-07 17:19 295 ----a-w C:\Program Files\iepatch.reg
2007-03-02 12:06 8,344,627 ----a-w C:\Program Files\sfs6int.exe
2007-02-23 09:23 535,512 ----a-w C:\Program Files\pllangs.exe
2006-10-26 17:33 0 ----a-w C:\Documents and Settings\Perrine\Application Data\wklnhst.dat
2006-10-21 19:20 0 ----a-w C:\Documents and Settings\Xavier WINDAL\Application Data\wklnhst.dat
2006-03-20 13:47 0 ----a-w C:\Documents and Settings\Alexis\CONFIG.SYS
2006-03-20 13:47 0 ----a-w C:\Documents and Settings\Alexis\AUTOEXEC.BAT
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2008-02-16 13:49 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-23_19.55.56.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 17:40:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 19:11:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 19:13:16 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_a04.dat
.
((((((((((((((((((((((((((((((((( Registry Load Points )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* empty items & legitimate initial items are not listed
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 13:11 176128]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-13 23:43 217088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"WD Button Manager"="WDBtnMgr.exe" [2008-01-31 19:26 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 13:47 118784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gnowmebk"= {36A732A7-0590-4960-975B-D846C72DA9EC} - C:\WINDOWS\gnowmebk.dll [ ]
"pxgdslro"= {B76C1C4D-BDEE-4F5B-804C-C10BAF9DF47B} - C:\WINDOWS\pxgdslro.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Alexis^Menu Start^Programs^Startup^Memeo AutoSync Launcher.lnk]
backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Alexis^Menu Start^Programs^Startup^WD Anywhere Backup Launcher.lnk]
backup=C:\WINDOWS\pss\WD Anywhere Backup Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programs^Startup^Quick Launch of Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programs\Startup\Quick Launch of Adobe Reader.lnk
backup=C:\WINDOWS\pss\Quick Launch of Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programs^Startup^Orbit.lnk]
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
path=C:\Documents and Settings\All Users\Menu Start\Programs\Startup\Orbit.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programs^Startup^Google Update Tool.lnk]
backup=C:\WINDOWS\pss\Google Update Tool.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programs^Startup^Privoxy.lnk]
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54a58e5f]
--a------ 2004-08-10 14:00 33792 C:\WINDOWS\system32\rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
C:\Program Files\Norton Password Manager\AcctMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2008-01-30 20:36 2476408 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Discovery\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2006-10-23 01:48 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-06-08 10:18 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-10 14:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2007-12-23 01:03 916240 C:\Program Files\Eraser\eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-26 00:13 29744 C:\Program Files\Google\Google Desktop
1. Run this new CFScript :
2. Run CCleaner : "Cleaner"/"start the cleaning" and post a Panda report https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm (you need to use Internet Explorer)
File:: C:\WINDOWS\system32\ecmbutuk.ini C:\WINDOWS\BM5796bdc3.xml Folder:: C:\VundoFix Backups Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000000
2. Run CCleaner : "Cleaner"/"start the cleaning" and post a Panda report https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm (you need to use Internet Explorer)
OK HERE IS THE COMBO FIX REPORT
And thank you for staying faithful!
ComboFix 08-05-21.3 - Alexis 2008-05-24 9:43:11.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1036.18.452 [GMT 2:00]
Location: C:\Documents and Settings\Alexis\Desktop\Repair\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alexis\Desktop\CFScript.txt
* Creating a new restore point
[color=red][b]WARNING - THE RECOVERY CONSOLE IS NOT INSTALLED ON THIS MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\BM5796bdc3.xml
C:\WINDOWS\system32\ecmbutuk.ini
.
(((((((((((((((((((((((((((((((((((( Other deletions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alexis\Application Data\inst.exe
C:\Documents and Settings\Perrine\Application Data\addon.dat
C:\Documents and Settings\Xavier\Application Data\addon.dat
C:\VundoFix Backups
C:\WINDOWS\BM5796bdc3.xml
C:\WINDOWS\system32\ecmbutuk.ini
.
((((((((((((((((((((((((((((( Files created 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
.
2008-05-23 19:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-23 18:50 . 2008-05-23 19:57 3,550 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-23 18:50 . 2008-05-23 19:57 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-05-23 18:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-23 18:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-23 18:49 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-23 18:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-23 18:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-23 18:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-23 18:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-23 18:36 . 2008-05-23 19:22 <REP> d-------- C:\Program Files\Navilog1
2008-05-23 18:10 . 2008-05-23 18:10 <REP> d-------- C:\Program Files\Trend Micro
2008-05-22 23:39 . 2008-05-22 23:39 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\TmpRecentIcons
2008-05-22 21:26 . 2008-05-22 21:26 <REP> d-------- C:\Documents and Settings\Incomplete\FTACHJK44J4ZXNUO3GN5VBRWRYDOELFZ
2008-05-22 21:12 . 2008-05-22 21:12 0 --a------ C:\WINDOWS\pestpatrol5.INI
2008-05-22 21:04 . 2008-05-22 21:04 <REP> d-------- C:\Program Files\CA
2008-05-22 20:58 . 2008-05-22 20:58 <REP> d-------- C:\Documents and Settings\Alexis\Total Uninstall 4.8.0.562 Multilingual
2008-05-22 20:57 . 2008-05-22 21:16 17,706,611 --a------ C:\Documents and Settings\Alexis\Agnitum Outpost Firewall Pro v4.0.1025.zip
2008-05-22 19:37 . 2008-05-24 09:40 3,616 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-05-22 19:33 . 2008-05-23 21:56 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-22 19:31 . 2008-05-24 09:36 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
2008-05-22 18:03 . 2008-05-22 18:03 143 --a------ C:\term.bat
2008-05-22 17:35 . 2008-05-22 17:35 <REP> d-------- C:\Documents and Settings\Incomplete\JOR2K44V4QZDISGCTFQFUEX33JGWWBGR
2008-05-22 17:32 . 2008-05-22 17:32 <REP> d-------- C:\Documents and Settings\Incomplete\CLWYQCLC7UG35RQEH2ARY3AOKITA55DD
2008-05-21 20:09 . 2008-05-21 20:09 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\DVDFab
2008-05-21 19:31 . 2008-05-21 19:31 <REP> d-------- C:\Program Files\DVDFab Platinum 4
2008-05-21 19:31 . 2008-05-21 20:17 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Vso
2008-05-21 19:31 . 2008-05-21 19:31 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-21 19:31 . 2008-05-21 19:31 47,360 --a------ C:\Documents and Settings\Alexis\Application Data\pcouffin.sys
2008-05-21 19:29 . 2008-05-21 19:29 <REP> d-------- C:\Documents and Settings\Alexis\DVDFab Platinium 4.0.5.5 Full-Ghosthunter
2008-05-18 18:42 . 2008-05-18 18:42 <REP> d-------- C:\Program Files\Nero
2008-05-10 12:27 . 2008-05-10 12:27 <REP> d--hs---- C:\found.000
2008-05-08 10:40 . 2008-05-08 10:40 <REP> d-------- C:\Program Files\TagRename
2008-05-08 10:11 . 2008-05-08 10:11 495,104 --a------ C:\WINDOWS\system32\mp3tsshx.dll
2008-05-08 10:08 . 2008-05-08 10:08 <REP> d-------- C:\Program Files\Media Tagger
2008-05-07 17:56 . 2005-02-22 12:36 765,952 --a------ C:\WINDOWS\system32\CDDBUI.dll
2008-05-07 17:56 . 2005-02-22 12:37 589,824 --a------ C:\WINDOWS\system32\CDDBControl.dll
2008-05-07 17:56 . 2006-09-05 08:49 503,808 --a------ C:\WINDOWS\system32\MLAG2.ocx
2008-05-07 17:56 . 2000-12-05 20:00 415,176 --a------ C:\WINDOWS\system32\COMCT332.OCX
2008-05-07 17:56 . 2001-07-09 02:18 141,408 --a------ C:\WINDOWS\system32\dXPSystm.dll
2008-05-07 17:56 . 2004-03-09 01:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-07 17:56 . 1998-06-17 20:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-05-07 16:50 . 2008-05-07 16:50 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\AQUATRA
2008-05-04 11:32 . 2008-05-04 11:32 <REP> d-------- C:\WINDOWS\IP Changer
2008-05-04 09:19 . 2008-05-04 09:19 <REP> d-------- C:\WINDOWS\Caps
2008-05-03 10:38 . 2008-05-03 10:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-02 18:56 . 2007-07-19 22:42 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2008-05-01 20:36 . 2008-05-01 20:36 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-01 20:36 . 2008-05-01 20:36 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-01 20:32 . 2008-05-01 20:32 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Sunbelt Software
2008-04-27 14:40 . 2008-04-27 14:40 <REP> d-------- C:\WINDOWS\system32\Akamai Technologies
2008-04-27 12:08 . 2008-05-04 11:34 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\tor
2008-04-27 12:07 . 2008-04-27 12:07 <REP> d-------- C:\Program Files\Vidalia Bundle
2008-04-27 12:07 . 2008-05-04 11:35 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Vidalia
.
(((((((((((((((((((((((((((((((((( Find3M report ))))))))))))))))))))))))))))))))))))))))))))))))
2008-05-23 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-23 17:30 --------- d-----w C:\Program Files\Google
2008-05-23 17:00 --------- d-----w C:\Program Files\Conduit
2008-05-23 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-22 19:28 6,584 ----a-w C:\Documents and Settings\Incomplete\downloads.dat
2008-05-22 18:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-22 16:53 --------- d-----w C:\Program Files\FreeCommander
2008-05-22 16:40 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Orbit
2008-05-21 19:05 --------- d-----w C:\Program Files\Notepad++
2008-05-21 19:05 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Notepad++
2008-05-21 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\UniversalisV13
2008-05-10 11:50 --------- d-----w C:\Program Files\Opera
2008-05-10 11:36 --------- d-----w C:\Program Files\Audible
2008-05-10 08:45 --------- d-----w C:\Documents and Settings\Perrine\Application Data\Orbit
2008-05-09 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-02 10:04 --------- d-----w C:\Program Files\LimeWire
2008-04-29 11:10 --------- d-----w C:\Program Files\Creative
2008-04-28 17:53 --------- d-----w C:\Program Files\ScanSoft
2008-04-28 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-25 16:04 --------- d-----w C:\Program Files\Apple Software Update
2008-04-20 11:56 --------- d-----w C:\Program Files\iTunes
2008-04-20 11:56 --------- d-----w C:\Program Files\iPod
2008-04-20 11:53 --------- d-----w C:\Program Files\QuickTime
2008-04-11 19:08 --------- d-----w C:\Program Files\Picasa2
2008-04-08 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-04-08 17:32 --------- d-----w C:\Documents and Settings\Alexis\Application Data\TechSmith
2008-04-08 16:15 --------- d-----w C:\Program Files\TechSmith
2008-04-08 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-04-08 16:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 15:55 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-29 14:59 --------- d-----w C:\Program Files\Activision
2008-03-29 14:47 --------- d-----w C:\Documents and Settings\Alexis\Application Data\FarStone
2008-03-29 14:44 5,501 ----a-w C:\WINDOWS\system32\dptlcg32.dll
2008-03-29 14:44 --------- d-----w C:\Program Files\FarStone
2008-03-29 14:42 --------- d-----w C:\Program Files\temp
2008-03-28 18:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 06:47 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-28 06:47 --------- d-----w C:\Documents and Settings\Alexis\Application Data\DAEMON Tools
2008-03-26 15:52 --------- d-----w C:\Program Files\EasyPHP 2.0b1
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 10:42 307,968 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-24 10:42 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-24 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-24 10:42 --------- d-----w C:\Documents and Settings\Alexis\Application Data\TuneUp Software
2008-03-23 20:39 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 11:33 57,344 ----a-w C:\Documents and Settings\Alexis\lametritonus.dll
2008-03-16 11:33 162,304 ----a-w C:\Documents and Settings\Alexis\lame_enc.dll
2008-03-09 11:27 772 ----a-w C:\Documents and Settings\Alexis\Application Data\wklnhst.dat
2008-03-07 17:46 461 ----a-w C:\Documents and Settings\Alexis\Jscript.reg
2008-03-01 12:58 826,368 ------w C:\WINDOWS\system32\wininet.dll
2008-02-27 12:15 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2007-12-24 18:57 4,532,651 ----a-w C:\Program Files\EasyWMVDemo.dmg
2007-12-24 17:56 54,330,664 ----a-w C:\Program Files\iTunesSetup.exe
2007-09-29 10:23 498,552 ----a-w C:\Program Files\setup.exe
2007-05-14 18:11 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2007-05-05 19:01 16,590,480 ----a-w C:\Program Files\jre-1_5_0_10-windows-i586-p-s.exe
2007-05-05 18:31 6,943,028 ----a-w C:\Program Files\installpro.exe
2007-04-19 10:50 53,062 ----a-w C:\Program Files\__def.rip2
2007-04-19 10:46 493 ----a-w C:\Program Files\versions.xml
2007-04-19 10:44 19,473,146 ----a-w C:\Program Files\RI4M_v501d_setup.exe
2007-03-07 17:19 295 ----a-w C:\Program Files\iepatch.reg
2007-03-02 12:06 8,344,627 ----a-w C:\Program Files\sfs6int.exe
2007-02-23 09:23 535,512 ----a-w C:\Program Files\pllangs.exe
2006-10-26 17:33 0 ----a-w C:\Documents and Settings\Perrine\Application Data\wklnhst.dat
2006-10-21 19:20 0 ----a-w C:\Documents and Settings\Xavier\Application Data\wklnhst.dat
2006-03-20 13:47 0 ----a-w C:\Documents and Settings\Alexis\CONFIG.SYS
2006-03-20 13:47 0 ----a-w C:\Documents and Settings\Alexis\AUTOEXEC.BAT
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2008-02-16 13:49 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-23_19.55.56.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 17:40:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 07:34:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 07:35:53 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_898.dat
.
((((((((((((((((((((((((((((((((( Registry loading point )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* empty entries & legitimate initial entries are not listed
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 13:11 176128]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-13 23:43 217088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"WD Button Manager"="WDBtnMgr.exe" [2008-01-31 19:26 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 13:47 118784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gnowmebk"= {36A732A7-0590-4960-975B-D846C72DA9EC} - C:\WINDOWS\gnowmebk.dll [ ]
"pxgdslro"= {B76C1C4D-BDEE-4F5B-804C-C10BAF9DF47B} - C:\WINDOWS\pxgdslro.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Alexis^Menu Démarrer^Programmes^Démarrage^Memeo AutoSync Launcher.lnk]
backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Alexis^Menu Démarrer^Programmes^Démarrage^WD Anywhere Backup Launcher.lnk]
backup=C:\WINDOWS\pss\WD Anywhere Backup Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Orbit.lnk]
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Orbit.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk]
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54a58e5f]
--a------ 2004-08-10 14:00 33792 C:\WINDOWS\system32\rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
C:\Program Files\Norton Password Manager\AcctMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2008-01-30 20:36 2476408 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-23 21:33 57344 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2006-10-23 01:48 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-06-08 10:18 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-10 14:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2007-12-23 01:03 916240 C:\Program Files\Eraser\eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-26 00:13 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 14:38 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-23 10:05 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
--a------ 2004-02-20 15:12 32768 C:\Program Files\Sony\ISB Utility\ISBMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-02-08 01:12 488984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-08 01:13 774168 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------
And thank you for staying faithful!
ComboFix 08-05-21.3 - Alexis 2008-05-24 9:43:11.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1036.18.452 [GMT 2:00]
Location: C:\Documents and Settings\Alexis\Desktop\Repair\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alexis\Desktop\CFScript.txt
* Creating a new restore point
[color=red][b]WARNING - THE RECOVERY CONSOLE IS NOT INSTALLED ON THIS MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\BM5796bdc3.xml
C:\WINDOWS\system32\ecmbutuk.ini
.
(((((((((((((((((((((((((((((((((((( Other deletions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Alexis\Application Data\inst.exe
C:\Documents and Settings\Perrine\Application Data\addon.dat
C:\Documents and Settings\Xavier\Application Data\addon.dat
C:\VundoFix Backups
C:\WINDOWS\BM5796bdc3.xml
C:\WINDOWS\system32\ecmbutuk.ini
.
((((((((((((((((((((((((((((( Files created 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
.
2008-05-23 19:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-23 18:50 . 2008-05-23 19:57 3,550 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-23 18:50 . 2008-05-23 19:57 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-05-23 18:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-23 18:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-23 18:49 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-23 18:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-23 18:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-23 18:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-23 18:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-23 18:36 . 2008-05-23 19:22 <REP> d-------- C:\Program Files\Navilog1
2008-05-23 18:10 . 2008-05-23 18:10 <REP> d-------- C:\Program Files\Trend Micro
2008-05-22 23:39 . 2008-05-22 23:39 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\TmpRecentIcons
2008-05-22 21:26 . 2008-05-22 21:26 <REP> d-------- C:\Documents and Settings\Incomplete\FTACHJK44J4ZXNUO3GN5VBRWRYDOELFZ
2008-05-22 21:12 . 2008-05-22 21:12 0 --a------ C:\WINDOWS\pestpatrol5.INI
2008-05-22 21:04 . 2008-05-22 21:04 <REP> d-------- C:\Program Files\CA
2008-05-22 20:58 . 2008-05-22 20:58 <REP> d-------- C:\Documents and Settings\Alexis\Total Uninstall 4.8.0.562 Multilingual
2008-05-22 20:57 . 2008-05-22 21:16 17,706,611 --a------ C:\Documents and Settings\Alexis\Agnitum Outpost Firewall Pro v4.0.1025.zip
2008-05-22 19:37 . 2008-05-24 09:40 3,616 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-05-22 19:33 . 2008-05-23 21:56 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2008-05-22 19:31 . 2008-05-24 09:36 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
2008-05-22 18:03 . 2008-05-22 18:03 143 --a------ C:\term.bat
2008-05-22 17:35 . 2008-05-22 17:35 <REP> d-------- C:\Documents and Settings\Incomplete\JOR2K44V4QZDISGCTFQFUEX33JGWWBGR
2008-05-22 17:32 . 2008-05-22 17:32 <REP> d-------- C:\Documents and Settings\Incomplete\CLWYQCLC7UG35RQEH2ARY3AOKITA55DD
2008-05-21 20:09 . 2008-05-21 20:09 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\DVDFab
2008-05-21 19:31 . 2008-05-21 19:31 <REP> d-------- C:\Program Files\DVDFab Platinum 4
2008-05-21 19:31 . 2008-05-21 20:17 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Vso
2008-05-21 19:31 . 2008-05-21 19:31 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-21 19:31 . 2008-05-21 19:31 47,360 --a------ C:\Documents and Settings\Alexis\Application Data\pcouffin.sys
2008-05-21 19:29 . 2008-05-21 19:29 <REP> d-------- C:\Documents and Settings\Alexis\DVDFab Platinium 4.0.5.5 Full-Ghosthunter
2008-05-18 18:42 . 2008-05-18 18:42 <REP> d-------- C:\Program Files\Nero
2008-05-10 12:27 . 2008-05-10 12:27 <REP> d--hs---- C:\found.000
2008-05-08 10:40 . 2008-05-08 10:40 <REP> d-------- C:\Program Files\TagRename
2008-05-08 10:11 . 2008-05-08 10:11 495,104 --a------ C:\WINDOWS\system32\mp3tsshx.dll
2008-05-08 10:08 . 2008-05-08 10:08 <REP> d-------- C:\Program Files\Media Tagger
2008-05-07 17:56 . 2005-02-22 12:36 765,952 --a------ C:\WINDOWS\system32\CDDBUI.dll
2008-05-07 17:56 . 2005-02-22 12:37 589,824 --a------ C:\WINDOWS\system32\CDDBControl.dll
2008-05-07 17:56 . 2006-09-05 08:49 503,808 --a------ C:\WINDOWS\system32\MLAG2.ocx
2008-05-07 17:56 . 2000-12-05 20:00 415,176 --a------ C:\WINDOWS\system32\COMCT332.OCX
2008-05-07 17:56 . 2001-07-09 02:18 141,408 --a------ C:\WINDOWS\system32\dXPSystm.dll
2008-05-07 17:56 . 2004-03-09 01:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-07 17:56 . 1998-06-17 20:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-05-07 16:50 . 2008-05-07 16:50 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\AQUATRA
2008-05-04 11:32 . 2008-05-04 11:32 <REP> d-------- C:\WINDOWS\IP Changer
2008-05-04 09:19 . 2008-05-04 09:19 <REP> d-------- C:\WINDOWS\Caps
2008-05-03 10:38 . 2008-05-03 10:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-02 18:56 . 2007-07-19 22:42 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2008-05-01 20:36 . 2008-05-01 20:36 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-01 20:36 . 2008-05-01 20:36 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-01 20:32 . 2008-05-01 20:32 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Sunbelt Software
2008-04-27 14:40 . 2008-04-27 14:40 <REP> d-------- C:\WINDOWS\system32\Akamai Technologies
2008-04-27 12:08 . 2008-05-04 11:34 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\tor
2008-04-27 12:07 . 2008-04-27 12:07 <REP> d-------- C:\Program Files\Vidalia Bundle
2008-04-27 12:07 . 2008-05-04 11:35 <REP> d-------- C:\Documents and Settings\Alexis\Application Data\Vidalia
.
(((((((((((((((((((((((((((((((((( Find3M report ))))))))))))))))))))))))))))))))))))))))))))))))
2008-05-23 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-23 17:30 --------- d-----w C:\Program Files\Google
2008-05-23 17:00 --------- d-----w C:\Program Files\Conduit
2008-05-23 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-22 19:28 6,584 ----a-w C:\Documents and Settings\Incomplete\downloads.dat
2008-05-22 18:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-22 16:53 --------- d-----w C:\Program Files\FreeCommander
2008-05-22 16:40 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Orbit
2008-05-21 19:05 --------- d-----w C:\Program Files\Notepad++
2008-05-21 19:05 --------- d-----w C:\Documents and Settings\Alexis\Application Data\Notepad++
2008-05-21 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\UniversalisV13
2008-05-10 11:50 --------- d-----w C:\Program Files\Opera
2008-05-10 11:36 --------- d-----w C:\Program Files\Audible
2008-05-10 08:45 --------- d-----w C:\Documents and Settings\Perrine\Application Data\Orbit
2008-05-09 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-02 10:04 --------- d-----w C:\Program Files\LimeWire
2008-04-29 11:10 --------- d-----w C:\Program Files\Creative
2008-04-28 17:53 --------- d-----w C:\Program Files\ScanSoft
2008-04-28 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-25 16:04 --------- d-----w C:\Program Files\Apple Software Update
2008-04-20 11:56 --------- d-----w C:\Program Files\iTunes
2008-04-20 11:56 --------- d-----w C:\Program Files\iPod
2008-04-20 11:53 --------- d-----w C:\Program Files\QuickTime
2008-04-11 19:08 --------- d-----w C:\Program Files\Picasa2
2008-04-08 17:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-04-08 17:32 --------- d-----w C:\Documents and Settings\Alexis\Application Data\TechSmith
2008-04-08 16:15 --------- d-----w C:\Program Files\TechSmith
2008-04-08 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-04-08 16:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 15:55 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-29 14:59 --------- d-----w C:\Program Files\Activision
2008-03-29 14:47 --------- d-----w C:\Documents and Settings\Alexis\Application Data\FarStone
2008-03-29 14:44 5,501 ----a-w C:\WINDOWS\system32\dptlcg32.dll
2008-03-29 14:44 --------- d-----w C:\Program Files\FarStone
2008-03-29 14:42 --------- d-----w C:\Program Files\temp
2008-03-28 18:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 06:47 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-28 06:47 --------- d-----w C:\Documents and Settings\Alexis\Application Data\DAEMON Tools
2008-03-26 15:52 --------- d-----w C:\Program Files\EasyPHP 2.0b1
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 10:42 307,968 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-24 10:42 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-24 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-24 10:42 --------- d-----w C:\Documents and Settings\Alexis\Application Data\TuneUp Software
2008-03-23 20:39 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 11:33 57,344 ----a-w C:\Documents and Settings\Alexis\lametritonus.dll
2008-03-16 11:33 162,304 ----a-w C:\Documents and Settings\Alexis\lame_enc.dll
2008-03-09 11:27 772 ----a-w C:\Documents and Settings\Alexis\Application Data\wklnhst.dat
2008-03-07 17:46 461 ----a-w C:\Documents and Settings\Alexis\Jscript.reg
2008-03-01 12:58 826,368 ------w C:\WINDOWS\system32\wininet.dll
2008-02-27 12:15 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2007-12-24 18:57 4,532,651 ----a-w C:\Program Files\EasyWMVDemo.dmg
2007-12-24 17:56 54,330,664 ----a-w C:\Program Files\iTunesSetup.exe
2007-09-29 10:23 498,552 ----a-w C:\Program Files\setup.exe
2007-05-14 18:11 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2007-05-05 19:01 16,590,480 ----a-w C:\Program Files\jre-1_5_0_10-windows-i586-p-s.exe
2007-05-05 18:31 6,943,028 ----a-w C:\Program Files\installpro.exe
2007-04-19 10:50 53,062 ----a-w C:\Program Files\__def.rip2
2007-04-19 10:46 493 ----a-w C:\Program Files\versions.xml
2007-04-19 10:44 19,473,146 ----a-w C:\Program Files\RI4M_v501d_setup.exe
2007-03-07 17:19 295 ----a-w C:\Program Files\iepatch.reg
2007-03-02 12:06 8,344,627 ----a-w C:\Program Files\sfs6int.exe
2007-02-23 09:23 535,512 ----a-w C:\Program Files\pllangs.exe
2006-10-26 17:33 0 ----a-w C:\Documents and Settings\Perrine\Application Data\wklnhst.dat
2006-10-21 19:20 0 ----a-w C:\Documents and Settings\Xavier\Application Data\wklnhst.dat
2006-03-20 13:47 0 ----a-w C:\Documents and Settings\Alexis\CONFIG.SYS
2006-03-20 13:47 0 ----a-w C:\Documents and Settings\Alexis\AUTOEXEC.BAT
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2008-02-16 13:49 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-23_19.55.56.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 17:40:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 07:34:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 07:35:53 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_898.dat
.
((((((((((((((((((((((((((((((((( Registry loading point )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* empty entries & legitimate initial entries are not listed
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 13:11 176128]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-13 23:43 217088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"WD Button Manager"="WDBtnMgr.exe" [2008-01-31 19:26 364544 C:\WINDOWS\system32\WDBtnMgr.exe]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 13:47 118784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gnowmebk"= {36A732A7-0590-4960-975B-D846C72DA9EC} - C:\WINDOWS\gnowmebk.dll [ ]
"pxgdslro"= {B76C1C4D-BDEE-4F5B-804C-C10BAF9DF47B} - C:\WINDOWS\pxgdslro.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Alexis^Menu Démarrer^Programmes^Démarrage^Memeo AutoSync Launcher.lnk]
backup=C:\WINDOWS\pss\Memeo AutoSync Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Alexis^Menu Démarrer^Programmes^Démarrage^WD Anywhere Backup Launcher.lnk]
backup=C:\WINDOWS\pss\WD Anywhere Backup Launcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Orbit.lnk]
backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Orbit.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk]
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54a58e5f]
--a------ 2004-08-10 14:00 33792 C:\WINDOWS\system32\rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
C:\Program Files\Norton Password Manager\AcctMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2008-01-30 20:36 2476408 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-23 21:33 57344 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2006-10-23 01:48 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-06-08 10:18 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-10 14:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2007-12-23 01:03 916240 C:\Program Files\Eraser\eraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-26 00:13 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 14:38 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-23 10:05 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
--a------ 2004-02-20 15:12 32768 C:\Program Files\Sony\ISB Utility\ISBMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-02-08 01:12 488984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-02-08 01:13 774168 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------
Salut, je me demande si Spybot et Ccleaner ne font pas plus de mal que de bien. Je ne les utilise plus. J'essaie de faire une restauration système à une date antérieure, mais ayant déjà utilisé Ccleaner, ça ne semble pas possible.
Hello spy
Given the work that has been done, the disinfection that has been completed, the only thing you propose is to RESTORE THE VOTES...
So please be kind enough to read the topic BEFORE launching into nonsense...
See you later
--
^^TONGS^^
I walked into CCM, A cigarette in one hand,
Flip-flops in the other hand, The ***** bare under the shirt
Given the work that has been done, the disinfection that has been completed, the only thing you propose is to RESTORE THE VOTES...
So please be kind enough to read the topic BEFORE launching into nonsense...
See you later
--
^^TONGS^^
I walked into CCM, A cigarette in one hand,
Flip-flops in the other hand, The ***** bare under the shirt
Hello,
HERE is the report from the Panda Security scan.
If someone could let me know what I should do!
REALLY THANK YOU FOR EVERYTHING !!!!!
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-24 14:55:58
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton 360 2007 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Alexis\Desktop\Repair\MSNFix\incl\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Navilog1\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP561\A0138126.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Alexis\Desktop\Repair\MSNFix.zip[MSNFix/incl/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No D:\MSNFix.zip[MSNFix/incl/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Alexis\Desktop\Repair\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\v7m7ygij.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Alexis\Application Data\Universalis V13\OMMozilla\Profiles\default\0yv61uyq.slt\cookies.txt[.xiti.com/]
00185663 HackTool/NetCat.A HackTools No 0 Yes No D:\Software\CryptLoad_1.0.4\router\FRITZ!Box\nc.exe
01176994 Bck/VB.XB Virus/Trojan No 0 No No D:\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Alexis\Desktop\Repair\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP561\A0139171.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP562\A0139288.EXE
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Program Files\Navilog1\reboot.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Alexis\Desktop\Repair\SmitfraudFix\Reboot.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP562\A0139276.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP561\A0138164.sys
02941681 Trj/WmaDownloader.G Virus/Trojan No 0 Yes No D:\Music\The Cramberries\-.wma
02989765 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136673.dll
02989814 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136675.exe
02989829 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136688.exe
02989836 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136676.exe
02989836 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136684.exe
02989843 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136677.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Program Files\ISP\AOL9\comps\qt\qt.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
108742 MEDIUM MS06-006
;===================================================================================================================================================================================
Configuration: Windows XP
Firefox 2.0.0.14
HERE is the report from the Panda Security scan.
If someone could let me know what I should do!
REALLY THANK YOU FOR EVERYTHING !!!!!
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-24 14:55:58
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton 360 2007 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Alexis\Desktop\Repair\MSNFix\incl\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Navilog1\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP561\A0138126.exe
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Alexis\Desktop\Repair\MSNFix.zip[MSNFix/incl/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No D:\MSNFix.zip[MSNFix/incl/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Alexis\Desktop\Repair\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Alexis\Application Data\Mozilla\Firefox\Profiles\v7m7ygij.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Alexis\Application Data\Universalis V13\OMMozilla\Profiles\default\0yv61uyq.slt\cookies.txt[.xiti.com/]
00185663 HackTool/NetCat.A HackTools No 0 Yes No D:\Software\CryptLoad_1.0.4\router\FRITZ!Box\nc.exe
01176994 Bck/VB.XB Virus/Trojan No 0 No No D:\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Alexis\Desktop\Repair\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP561\A0139171.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP562\A0139288.EXE
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Program Files\Navilog1\reboot.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Alexis\Desktop\Repair\SmitfraudFix\Reboot.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP562\A0139276.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP561\A0138164.sys
02941681 Trj/WmaDownloader.G Virus/Trojan No 0 Yes No D:\Music\The Cramberries\-.wma
02989765 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136673.dll
02989814 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136675.exe
02989829 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136688.exe
02989836 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136676.exe
02989836 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136684.exe
02989843 Adware/Netproject Adware No 0 Yes No C:\System Volume Information\_restore{A86CFCA8-1E78-4E36-8351-E4E4DF02E898}\RP559\A0136677.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Program Files\ISP\AOL9\comps\qt\qt.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
108742 MEDIUM MS06-006
;===================================================================================================================================================================================
Configuration: Windows XP
Firefox 2.0.0.14
* Finally, use ToolsCleaner! (by A.Rothstein) http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe to clean downloaded utilities, disable system restore, and reactivate it after a restart.
* Regularly visit the site http://www.update.microsoft.com/windowsupdate/v6/default.aspx to keep your system up to date.
* Use this little program http://filehippo.com/updatechecker/UpdateChecker.exe weekly to perform your software updates. Just run it (no installation is required). Links to available updates will then appear in a web page. Tip: do not install "beta" versions.
* Never install a program without having fully read and understood the terms of its license agreement, or without being absolutely certain that it does not secretly install any adware (check on Google or forums)
* At this point, you can mark your topic as "resolved" if you believe that to be the case http://forum.telecharger.01net.com/forum/high-tech/ARCHIVE-MICRO-HEBDO/Regles-et-mode-d-emploi/forum-micro-hebdo-sujet_8324_1.htm#post40
* Important note: it is highly recommended to use a limited account for regular computer use to significantly minimize the risk of infection.
Instructions: https://www.microsoft.com/de-ch
See you later.
* Regularly visit the site http://www.update.microsoft.com/windowsupdate/v6/default.aspx to keep your system up to date.
* Use this little program http://filehippo.com/updatechecker/UpdateChecker.exe weekly to perform your software updates. Just run it (no installation is required). Links to available updates will then appear in a web page. Tip: do not install "beta" versions.
* Never install a program without having fully read and understood the terms of its license agreement, or without being absolutely certain that it does not secretly install any adware (check on Google or forums)
* At this point, you can mark your topic as "resolved" if you believe that to be the case http://forum.telecharger.01net.com/forum/high-tech/ARCHIVE-MICRO-HEBDO/Regles-et-mode-d-emploi/forum-micro-hebdo-sujet_8324_1.htm#post40
* Important note: it is highly recommended to use a limited account for regular computer use to significantly minimize the risk of infection.
Instructions: https://www.microsoft.com/de-ch
See you later.