Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer Keeps Stoping & Restarting


  • Please log in to reply
1 reply to this topic

#1 AlainMichel

AlainMichel

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:05:24 PM

Posted 16 May 2008 - 01:16 PM

Hi,

I got a virus, 172PHolmes, well blocked by BitDefender Total Security 2008,
then some 16Bits popus errors, for which I did not get enough time to take a screenshot,
and now explorer keeps restarting, while having performed the following, unsuccessfully :

- Deep Scan with BitDefender of C:\ drive only ( PC has 1,4 TB on 10 logical drives )
- sfc /scannow
- Scanned with avgas-setup-7.5.1.43-3339 whith last signatures
- ReInstalled XP SP2 ( even in Safe Mode )
- 1ClickPCFix to fix errors

My XP has never been reinstalled since the beginning ( december 2003 ).
I already installed and runned ComboFix and hijackthis.
ComboFix did not make any progress, Explorer keeps restarting for some moment.
The same occurs in SafeMode

Please note that after this occurs I was forced for,my job to reinstall HP ScanJet after SP2.

Here follows the DSS Log :

<<< 1 <<< ======================================================================================

Deckard's System Scanner v20071014.68
Run by Alain-Michel Berger on 2008-05-16 19:47:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Alain-Michel Berger.exe) ---------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47, on 2008-05-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\System\Cherry\CDI\CDI.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\Program Files\Fichiers communs\BinarySense\hldasvc.exe
c:\Program Files\Fichiers communs\BinarySense\hldasvc.exe
C:\WINDOWS\system32\IcdSptSv.exe
C:\System\Adaptec\SMBE\iomgr.exe
D:\Applications\IPod\bin\iPodService.exe
C:\System\Intel\NCS\Sync\NetSvc.exe
C:\WINDOWS\system32\oodag.exe
C:\System\Promise\Utility\MsgAgt.exe
C:\System\Promise\Utility\MsgSvr.exe
C:\System\Retrospect\wdsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\System\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\System\Total Commander\TOTALCMD.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\explorer.exe
c:\Temporary\dss.exe
C:\WINDOWS\system32\imapi.exe
C:\System\HIJACK~1\ALAIN-~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Applications\DownLoad Accelerator\DAPBHO.DLL
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Applications\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {0E5A1129-1DE1-4ADE-871C-32D3E66F62ED} - C:\WINDOWS\system32\jkkHWQIB.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Applications\FLV Downloader\MoyeaCth.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:\WINDOWS\system32\geBtqoNF.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Applications\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\System\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\System\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\System\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [MimBoot] C:\APPLIC~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [ASUS Probe] c:\system\asus\Probe\AsusProb.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [hpppta] c:\system\hp precisionscan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_2] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\drmclien.dll"
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_4] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\drmv2clt.dll"
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_5] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\blackbox.dll"
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_6] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\msnetobj.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_0] C:\WINDOWS\INF\unregmp2.exe /MigrateLibrary
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_1] "C:\Program Files\Windows Media Player\migrate.exe" /s
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_2] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmp.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_8] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpshell.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_9] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpasf.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_10] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpdxm.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_11] C:\WINDOWS\System32\regsvr32 /s "C:\Program Files\Windows Media Player\mpvis.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMDM_Install_7] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\mspmsnsv.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_20] C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Applications\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "c:\Applications\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Alcatel Speedtouch Connection.lnk = C:\System\Alcatel\stdialup.exe
O4 - Global Startup: Ask Harrap's Shorter.lnk = D:\Langues\Harrap's Shorter\bin\HiHarrapsTray.exe
O4 - Global Startup: Clean.lnk = C:\System\Windows XP\Clean.cmd
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Applications\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\System\Plextor\PlexTool.exe
O4 - Global Startup: PowerPro.lnk = C:\System\PowerPro\powerpro.exe
O4 - Global Startup: Probe V2.21.07.lnk = ?
O4 - Global Startup: SlickRun.lnk = C:\Applications\SlickRun\sr.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Applications\SnagIt 8\SnagIt32.exe
O4 - Global Startup: SpeedTouch USB Diagnostics (PPP).lnk = C:\System\Alcatel\dragdiag.exe
O4 - Global Startup: Total Commander.lnk = C:\System\Total Commander\TOTALCMD.EXE
O8 - Extra context menu item: &Download with &DAP - C:\Applications\DownLoad Accelerator\dapextie.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download &all with DAP - C:\Applications\DownLoad Accelerator\dapextie2.htm
O8 - Extra context menu item: Send to Keyman - C:\Programme\Cherry\keyman\IEMenuExtKeyman.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\System\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\System\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Applications\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Applications\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.artevod.com
O15 - Trusted Zone: http://www.artevod.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1207053903953
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://extranet.athylon.be/jinit/jinit_1_1_8_16.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{17939C32-66A7-4946-816A-3FDC9FF417F8}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - (no file)
O20 - Winlogon Notify: geBtqoNF - C:\WINDOWS\SYSTEM32\geBtqoNF.dll
O23 - Service: Adaptec RAID Event Logging Service (aacevt) - Adaptec, Inc. - C:\WINDOWS\System32\aacevt.exe
O23 - Service: Adaptec RAID Remote Services Agent (AAC_AGENT) - Adaptec, Inc. - C:\System\Adaptec\SMBE\afaagent.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adaptec Web Server (ARCPD) - Unknown owner - C:\System\Adaptec\SMBE\arcpd.exe
O23 - Service: Adaptec Storage Manager Notifier (ASMBENotify) - Unknown owner - C:\System\Adaptec\SMBE\notify.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - C:\System\Cherry\CDI\CDI.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - c:\Program Files\Fichiers communs\BinarySense\hldasvc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Applications\Ahead\InCD\InCDsrv.exe
O23 - Service: Adaptec I/O Manager Server (IOManager) - Unknown owner - C:\System\Adaptec\SMBE\iomgr.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Applications\IPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\System\Intel\NCS\Sync\NetSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\System\Promise\Utility\MsgAgt.exe
O23 - Service: Promise RAID message server (RAIDmSvr) - Promise Technology, Inc. - C:\System\Promise\Utility\MsgSvr.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\System\Retrospect\wdsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\System\BitDefender 2008\vsserv.exe
O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Applications\WinVNC\WinVNC4.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 13000 bytes

-- Files created between 2008-04-16 and 2008-05-16 -----------------------------

2008-05-16 18:28:37 0 d-------- C:\WINDOWS\LastGood
2008-05-15 19:37:22 0 d-------- C:\WINDOWS\Prefetch
2008-05-15 19:11:22 678540 --ahs---- C:\WINDOWS\system32\BIQWHkkj.ini2
2008-05-15 18:57:43 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-05-15 17:48:57 494352 --a------ C:\WINDOWS\system32\SHDOC401.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-05-15 17:48:57 53248 --a------ C:\WINDOWS\system32\ArmAccess.dll
2008-05-14 21:12:40 68096 --a------ C:\WINDOWS\zip.exe
2008-05-14 21:12:40 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-14 21:12:40 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-14 21:12:40 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-14 21:12:40 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-14 21:12:40 98816 --a------ C:\WINDOWS\sed.exe
2008-05-14 21:12:40 80412 --a------ C:\WINDOWS\grep.exe
2008-05-14 21:12:40 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-14 20:16:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-13 15:10:18 370176 --a------ C:\WINDOWS\system32\jkkHWQIB.dll
2008-05-13 14:58:49 52736 --a------ C:\WINDOWS\system32\geBtqoNF.dll
2008-05-10 20:06:27 0 d-------- C:\Program Files\MSXML 4.0
2008-05-10 19:39:40 0 d-------- C:\Program Files\Microsoft Games
2008-05-07 14:53:05 0 d-------- C:\VideoOutput


-- Find3M Report ---------------------------------------------------------------

2008-05-16 18:14:24 1880 --a------ C:\WINDOWS\AUTOLNCH.REG
2008-05-16 18:12:11 24544 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-05-16 18:12:11 7844 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-05-15 20:14:02 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-0000000C-00001102-00000004-10021102}.dat
2008-05-15 20:14:02 288 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-0000000C-00001102-00000004-10021102}.dat
2008-05-13 20:32:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 20:32:12 0 d-------- C:\Program Files\ATI Technologies
2008-05-13 19:39:27 0 d-------- C:\Program Files\Movie Maker
2008-05-13 19:39:22 0 d-------- C:\Program Files\Windows NT
2008-05-13 18:52:37 23700 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-25 18:22:08 0 d-------- C:\Program Files\Fichiers communs
2008-04-14 17:18:27 0 d-------- C:\Documents and Settings\Alain-Michel Berger\Application Data\Eltima Software
2008-04-14 16:53:09 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-04-14 16:53:09 21602 --a------ C:\WINDOWS\mozver.dat
2008-04-14 16:52:32 118784 --a------ C:\WINDOWS\GREUninstall.exe
2008-04-09 19:15:32 0 d-------- C:\Documents and Settings\Alain-Michel Berger\Application Data\Moyea
2008-04-07 17:45:39 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-06 14:06:22 0 d-------- C:\Program Files\Hercules
2008-04-01 17:33:22 0 d-------- C:\Program Files\Fichiers communs\BitDefender
2008-03-21 20:38:05 0 d-------- C:\Program Files\Winamp Remote
2008-03-21 18:47:11 0 d-------- C:\Program Files\Fichiers communs\BinarySense
2008-03-20 18:04:01 0 d-------- C:\Documents and Settings\Alain-Michel Berger\Application Data\BinarySense
2008-03-19 19:30:20 0 d-------- C:\Documents and Settings\Alain-Michel Berger\Application Data\Tunebite
2008-03-16 20:42:08 0 d-------- C:\Program Files\WinPcap
2008-03-16 18:47:34 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-16 17:39:21 0 d-------- C:\Program Files\Fichiers communs\DVDVideoSoft
2008-03-16 17:08:38 0 d-------- C:\Program Files\PixiePack Codec Pack


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E5A1129-1DE1-4ADE-871C-32D3E66F62ED}]
2008-05-13 15:10 370176 --a------ C:\WINDOWS\system32\jkkHWQIB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}]
2008-05-13 14:58 52736 --a------ C:\WINDOWS\system32\geBtqoNF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="C:\System\BitDefender 2008\IEShow.exe" [2007-10-09 15:46]
"BDAgent"="C:\System\BitDefender 2008\bdagent.exe" [2008-04-01 17:41]
"WinDVR SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-04-13 04:03]
"MimBoot"="C:\APPLIC~1\MUSICM~1\mimboot.exe" [2005-05-10 16:04]
"ASUS Probe"="c:\system\asus\Probe\AsusProb.exe" [2002-12-06 16:07]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08]
"hpppta"="c:\system\hp precisionscan\PrecisionScan Pro\hpppta.exe" [2001-12-13 01:00]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 17:06 C:\WINDOWS\system32\ptipbmf.dll]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="D:\Applications\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 01:13]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"SeaMonkey Quick Launch"="c:\Applications\SeaMonkey\SeaMonkey.exe" [2008-03-13 14:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"OE_WMPDRM_Install_2"=C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\drmclien.dll"
"OE_WMPDRM_Install_4"=C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\drmv2clt.dll"
"OE_WMPDRM_Install_5"=C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\blackbox.dll"
"OE_WMPDRM_Install_6"=C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\msnetobj.dll"
"OE_WMPWMP7_Install_0"=C:\WINDOWS\INF\unregmp2.exe /MigrateLibrary
"OE_WMPWMP7_Install_1"="C:\Program Files\Windows Media Player\migrate.exe" /s
"OE_WMPWMP7_Install_2"=C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmp.dll
"OE_WMPWMP7_Install_8"=C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpshell.dll
"OE_WMPWMP7_Install_9"=C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpasf.dll
"OE_WMPWMP7_Install_10"=C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpdxm.dll
"OE_WMPWMP7_Install_11"=C:\WINDOWS\System32\regsvr32 /s "C:\Program Files\Windows Media Player\mpvis.dll"
"OE_WMPWMDM_Install_7"=C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\mspmsnsv.dll
"OE_WMPWMP7_Install_20"=C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Alcatel Speedtouch Connection.lnk - C:\System\Alcatel\stdialup.exe [2005-10-06 19:46:33]
Ask Harrap's Shorter.lnk - D:\Langues\Harrap's Shorter\bin\HiHarrapsTray.exe [2008-02-03 13:11:19]
Clean.lnk - C:\System\Windows XP\Clean.cmd [2005-03-15 18:58:29]
InterVideo WinCinema Manager.lnk - C:\Applications\Common\Bin\WinCinemaMgr.exe [2007-11-09 20:53:33]
PlexTools Professional.lnk - C:\System\Plextor\PlexTool.exe [2003-07-11 11:16:12]
PowerPro.lnk - C:\System\PowerPro\powerpro.exe [2008-01-15 20:37:58]
Probe V2.21.07.lnk - C:\System\ASUS\Probe\ASUSPROB.EXE [2006-08-08 11:43:03]
SlickRun.lnk - C:\Applications\SlickRun\sr.exe [2004-06-26 01:51:42]
SnagIt 8.lnk - C:\Applications\SnagIt 8\SnagIt32.exe [2006-11-30 12:52:24]
SpeedTouch USB Diagnostics (PPP).lnk - C:\System\Alcatel\dragdiag.exe [2005-10-06 19:46:33]
Total Commander.lnk - C:\System\Total Commander\TOTALCMD.EXE [2007-12-19 15:24:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoTrayIcons"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Applications\Symantec Delrina Fax\WfxSeh32.Dll [1998-07-27 05:54 38400]
"{F9DF827A-8FA7-48A3-B268-CA4DB563EA40}"= C:\WINDOWS\system32\geBtqoNF.dll [2008-05-13 14:58 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtqoNF]
geBtqoNF.dll 2008-05-13 14:58 52736 C:\WINDOWS\system32\geBtqoNF.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkHWQIB

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
bdx scan


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe



-- End of Deckard's System Scanner: finished at 2008-05-16 19:49:40 ------------

>>> 1 >>> ======================================================================================

I also ran the HijackThis tool :


<<< 2 <<< ======================================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46, on 2008-05-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\System\Cherry\CDI\CDI.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\Program Files\Fichiers communs\BinarySense\hldasvc.exe
c:\Program Files\Fichiers communs\BinarySense\hldasvc.exe
C:\WINDOWS\system32\IcdSptSv.exe
C:\System\Adaptec\SMBE\iomgr.exe
D:\Applications\IPod\bin\iPodService.exe
C:\System\Intel\NCS\Sync\NetSvc.exe
C:\WINDOWS\system32\oodag.exe
C:\System\Promise\Utility\MsgAgt.exe
C:\System\Promise\Utility\MsgSvr.exe
C:\System\Retrospect\wdsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\System\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\System\Total Commander\TOTALCMD.EXE
C:\WINDOWS\notepad.exe
C:\System\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Applications\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\System\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\System\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\System\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [MimBoot] C:\APPLIC~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [ASUS Probe] c:\system\asus\Probe\AsusProb.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [hpppta] c:\system\hp precisionscan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_2] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\drmclien.dll"
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_4] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\drmv2clt.dll"
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_5] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\blackbox.dll"
O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_6] C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\msnetobj.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_0] C:\WINDOWS\INF\unregmp2.exe /MigrateLibrary
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_1] "C:\Program Files\Windows Media Player\migrate.exe" /s
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_2] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmp.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_8] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpshell.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_9] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpasf.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_10] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpdxm.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_11] C:\WINDOWS\System32\regsvr32 /s "C:\Program Files\Windows Media Player\mpvis.dll"
O4 - HKLM\..\RunOnce: [OE_WMPWMDM_Install_7] C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\mspmsnsv.dll
O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_20] C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Applications\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "c:\Applications\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Alcatel Speedtouch Connection.lnk = C:\System\Alcatel\stdialup.exe
O4 - Global Startup: Ask Harrap's Shorter.lnk = D:\Langues\Harrap's Shorter\bin\HiHarrapsTray.exe
O4 - Global Startup: Clean.lnk = C:\System\Windows XP\Clean.cmd
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Applications\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\System\Plextor\PlexTool.exe
O4 - Global Startup: PowerPro.lnk = C:\System\PowerPro\powerpro.exe
O4 - Global Startup: Probe V2.21.07.lnk = ?
O4 - Global Startup: SlickRun.lnk = C:\Applications\SlickRun\sr.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Applications\SnagIt 8\SnagIt32.exe
O4 - Global Startup: SpeedTouch USB Diagnostics (PPP).lnk = C:\System\Alcatel\dragdiag.exe
O4 - Global Startup: Total Commander.lnk = C:\System\Total Commander\TOTALCMD.EXE
O8 - Extra context menu item: &Download with &DAP - C:\Applications\DownLoad Accelerator\dapextie.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Applications\Acrobat Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download &all with DAP - C:\Applications\DownLoad Accelerator\dapextie2.htm
O8 - Extra context menu item: Send to Keyman - C:\Programme\Cherry\keyman\IEMenuExtKeyman.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\System\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\System\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Applications\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Applications\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.artevod.com
O15 - Trusted Zone: http://www.artevod.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1207053903953
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://extranet.athylon.be/jinit/jinit_1_1_8_16.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{17939C32-66A7-4946-816A-3FDC9FF417F8}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - (no file)
O23 - Service: Adaptec RAID Event Logging Service (aacevt) - Adaptec, Inc. - C:\WINDOWS\System32\aacevt.exe
O23 - Service: Adaptec RAID Remote Services Agent (AAC_AGENT) - Adaptec, Inc. - C:\System\Adaptec\SMBE\afaagent.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adaptec Web Server (ARCPD) - Unknown owner - C:\System\Adaptec\SMBE\arcpd.exe
O23 - Service: Adaptec Storage Manager Notifier (ASMBENotify) - Unknown owner - C:\System\Adaptec\SMBE\notify.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cherry Device Interface - Cherry Gmbh, Auerbach Germany, www.cherry.de - C:\System\Cherry\CDI\CDI.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - c:\Program Files\Fichiers communs\BinarySense\hldasvc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Applications\Ahead\InCD\InCDsrv.exe
O23 - Service: Adaptec I/O Manager Server (IOManager) - Unknown owner - C:\System\Adaptec\SMBE\iomgr.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Applications\IPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\System\Intel\NCS\Sync\NetSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\System\Promise\Utility\MsgAgt.exe
O23 - Service: Promise RAID message server (RAIDmSvr) - Promise Technology, Inc. - C:\System\Promise\Utility\MsgSvr.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\System\Retrospect\wdsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\System\BitDefender 2008\vsserv.exe
O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Applications\WinVNC\WinVNC4.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12189 bytes


>>> 2 >>> ======================================================================================

I completed my profile for your information.

Thanks for your help !
Alain-Michel

BC AdBot (Login to Remove)

 


#2 ndmmxiaomayi

ndmmxiaomayi

    Ant


  • Malware Response Team
  • 266 posts
  • OFFLINE
  •  
  • Location:Everywhere
  • Local time:06:24 AM

Posted 09 June 2008 - 04:08 PM

Hi,

Sorry for the huge delay in getting to you. The forums have been swarmed with logs.

If you still need help, please post a new DSS scan report.

Thanks.
Posted Image

Done your best? Really?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users