Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boaxxe Infection ( Lost First Vacation Day ! )


  • Please log in to reply
7 replies to this topic

#1 frge2001

frge2001

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 11 July 2008 - 03:36 PM

I have a Boaxxe.dll infection that is not removed by VirusScan

Since i have seen tht i am not the only one with this problem i have donloaded Deskard's System Scanner an included the two logs

Main.txt

Deckard's System Scanner v20071014.68
Run by GABRIEL on 2008-07-11 15:36:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
22: 2008-07-11 19:36:28 UTC - RP1387 - Deckard's System Scanner Restore Point
21: 2008-07-11 14:47:28 UTC - RP1386 - Software Distribution Service 3.0
20: 2008-07-10 14:37:03 UTC - RP1385 - Last known good configuration
19: 2008-07-10 03:41:17 UTC - RP1384 - Software Distribution Service 3.0
18: 2008-07-09 17:53:14 UTC - RP1383 - Point de vérification système


-- First Restore Point --
1: 2008-06-22 14:19:29 UTC - RP1366 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 3.47 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-11 15:40:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Programmes\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
F:\Programmes\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\svchost.exe
F:\Programmes\Safari.exe
C:\Documents and Settings\GABRIEL\Bureau\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemR
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {159784EB-5B82-4D35-B1D3-111D76BA3D3F} - C:\WINDOWS\system32\awtrPiiI.dll
O2 - BHO: (no name) - {2EA44D7C-5512-4705-8D54-C1CB4ECF1F3E} - (no file)
O2 - BHO: (no name) - {3C0990B1-DECA-4C6D-ADDA-77271B7DD500} - C:\WINDOWS\system32\wkmkbybq.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programmes\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {624CA316-91D1-4B36-97D2-AF42E7BB70C3} - C:\WINDOWS\system32\wkmkbybq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O2 - BHO: (no name) - {E1DE4A40-9C6B-4962-B93F-7CE050C712B3} - C:\WINDOWS\system32\iifDuvuv.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\Program Files\bfgtoolbar\bfgtoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BMcf5f7aff] Rundll32.exe "C:\WINDOWS\system32\nhlklgmm.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\REGCLE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Programmes\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Programmes\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113672742687
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} () - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46f9-A131-6D50720A3CC4} - F:\Programmes\impotR2007\ic2007pp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\
O20 - Winlogon Notify: iifDuvuv - C:\WINDOWS\system32\iifDuvuv.dll
O20 - Winlogon Notify: khfcbyw - C:\WINDOWS\system32\khfcbyw.dll (file missing)
O20 - Winlogon Notify: ssqppml - C:\WINDOWS\system32\ssqppml.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - F:\Programmes\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - F:\Programmes\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - F:\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\system32\LxrJD31s.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\system32\PAStiSvc.exe


--
End of file - 12317 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
R2 LxrJD31d - c:\windows\system32\drivers\lxrjd31d.sys
R3 3xHybrid (ASUSTek SAA713x PCI Card) - c:\windows\system32\drivers\3xhybrid.sys <Not Verified; ASUSTeK Computer Inc.; ASUSTeK 3xHybrid>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>

S3 iatmunin - c:\docume~1\gabriel\locals~1\temp\iatmunin.sys (file missing)
S3 PAC207 (SoC PC-Camer@) - c:\windows\system32\drivers\pfc027.sys (file missing)
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (Service Bonjour) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "f:\programmes\cyberlink\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "f:\programmes\cyberlink\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 LxrJD31s (Lexar JD31) - lxrjd31s.exe
R2 McAfeeFramework (Service Framework McAfee) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 STI Simulator - c:\windows\system32\pastisvc.exe

S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - f:\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition>
S3 KodakCCS (Kodak Camera Connection Software) - c:\windows\system32\drivers\kodakccs.exe (file missing)
S3 Wscvcdftinn -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 19:05:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-31 01:46:01 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 11:13:50 49664 --a------ C:\WINDOWS\system32\fyteuxqt.dll
2008-07-11 11:13:45 103424 --a------ C:\WINDOWS\system32\uiwhps.dll
2008-07-11 11:13:43 103424 --a------ C:\WINDOWS\system32\yjvrgqhh.dll
2008-07-11 11:11:35 78336 --a------ C:\WINDOWS\system32\scbkpwbl.dll
2008-07-11 11:11:28 90624 --a------ C:\WINDOWS\system32\nhlklgmm.dll
2008-07-10 10:39:56 49664 --a------ C:\WINDOWS\system32\wkmkbybq.dll
2008-07-10 10:39:51 78848 --a------ C:\WINDOWS\system32\yyltturm.dll
2008-07-10 10:38:41 102912 --a------ C:\WINDOWS\system32\jjavmz.dll
2008-07-10 10:38:40 102912 --a------ C:\WINDOWS\system32\dgtvqwom.dll
2008-07-10 10:38:09 91648 --a------ C:\WINDOWS\system32\qokotinu.dll
2008-07-10 10:36:30 540098 --ahs---- C:\WINDOWS\system32\IiiPrtwa.ini2
2008-07-10 10:36:25 318976 --a------ C:\WINDOWS\system32\awtrPiiI.dll
2008-07-09 23:33:07 318976 --a------ C:\WINDOWS\system32\byXRkkjJ.dll
2008-07-09 22:33:08 318976 --a------ C:\WINDOWS\system32\byXpppqq.dll
2008-07-09 21:33:05 318976 --a------ C:\WINDOWS\system32\geBQkiFw.dll
2008-07-09 20:33:04 318976 --a------ C:\WINDOWS\system32\xxyaaYRK.dll
2008-07-09 19:33:05 318976 --a------ C:\WINDOWS\system32\iifgHaaY.dll
2008-07-09 18:33:02 318976 --a------ C:\WINDOWS\system32\khfCvSJB.dll
2008-07-09 17:33:01 318976 --a------ C:\WINDOWS\system32\vtUOeFut.dll
2008-07-09 16:33:00 318976 --a------ C:\WINDOWS\system32\hgGayawU.dll
2008-07-09 15:32:59 318976 --a------ C:\WINDOWS\system32\xxyAPGAQ.dll
2008-07-09 14:32:57 318976 --a------ C:\WINDOWS\system32\fccDvWOi.dll
2008-07-09 13:32:57 318976 --a------ C:\WINDOWS\system32\byXNdbYp.dll
2008-07-09 12:32:59 318976 --a------ C:\WINDOWS\system32\ljJAsQGa.dll
2008-07-09 11:24:03 25600 --a------ C:\WINDOWS\system32\cbXRJBtt.dll
2008-07-09 11:23:33 25600 --a------ C:\WINDOWS\system32\iifDuvuv.dll
2008-07-09 11:22:52 0 d-------- C:\WINDOWS\stronghold
2008-06-29 22:32:41 0 d-------- C:\quarantine
2008-06-29 12:05:49 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-29 12:03:13 0 d-------- C:\Program Files\WMA-MP3.com
2008-06-26 12:55:49 0 d-------- C:\Documents and Settings\GABRIEL\Application Data\RTPlayer
2008-06-26 12:47:55 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-06-23 21:02:42 0 d-------- C:\Program Files\enable Metronome


-- Find3M Report ---------------------------------------------------------------

2008-07-11 15:33:53 0 d-------- C:\Documents and Settings\GABRIEL\Application Data\DNA
2008-07-11 11:19:43 0 d-------- C:\Documents and Settings\GABRIEL\Application Data\BitTorrent <BITTOR~1>
2008-07-11 11:19:42 0 d-------- C:\Program Files\Incomplete
2008-07-11 11:10:24 0 d-------- C:\Documents and Settings\GABRIEL\Application Data\Hamachi
2008-07-11 10:53:39 0 d-------- C:\Documents and Settings\GABRIEL\Application Data\OpenOffice.org2
2008-07-11 10:53:32 0 d-------- C:\Documents and Settings\GABRIEL\Application Data\Tunebite
2008-07-10 17:57:30 0 d-------- C:\Program Files\LimeWire
2008-07-08 13:09:25 0 d-------- C:\Program Files\Firefly Studios
2008-07-08 13:09:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 14:03:59 0 d-------- C:\Program Files\LucasArts
2008-06-20 22:01:31 0 d-------- C:\Documents and Settings\GABRIEL\Application Data\Mozilla
2008-06-18 16:42:26 0 d-------- C:\Documents and Settings\GABRIEL\Application Data\Adobe
2008-05-31 13:36:43 0 d-------- C:\Program Files\Hamachi
2008-05-08 17:47:58 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2008-05-08 17:47:58 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-05-03 22:19:09 86668 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-12 22:46:27 2829 --a----c- C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{159784EB-5B82-4D35-B1D3-111D76BA3D3F}]
2008-07-10 10:36 318976 --a------ C:\WINDOWS\system32\awtrPiiI.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EA44D7C-5512-4705-8D54-C1CB4ECF1F3E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C0990B1-DECA-4C6D-ADDA-77271B7DD500}]
2008-07-10 10:39 49664 --a------ C:\WINDOWS\system32\wkmkbybq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{624CA316-91D1-4B36-97D2-AF42E7BB70C3}]
2008-07-10 10:39 49664 --a------ C:\WINDOWS\system32\wkmkbybq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1DE4A40-9C6B-4962-B93F-7CE050C712B3}]
2008-07-09 11:23 25600 --a------ C:\WINDOWS\system32\iifDuvuv.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}"= C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL [2005-04-28 17:42 1274880]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}]
[HKEY_CLASSES_ROOT\bfgtoolbar.BFGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-25 09:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"BMcf5f7aff"="C:\WINDOWS\system32\nhlklgmm.dll" [2008-07-11 11:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 07:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E1DE4A40-9C6B-4962-B93F-7CE050C712B3}"= C:\WINDOWS\system32\iifDuvuv.dll [2008-07-09 11:23 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsp]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifDuvuv]
iifDuvuv.dll 2008-07-09 11:23 25600 C:\WINDOWS\system32\iifDuvuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcbyw]
khfcbyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqppml]
ssqppml.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtrPiiI

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digimax Viewer 2.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digimax Viewer 2.0.lnk
backup=C:\WINDOWS\pss\Digimax Viewer 2.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sonic CinePlayer Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C68 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE /P23 "EPSON Stylus C68 Series" /O6 "USB001" /M "Stylus C68"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbb974c3-ce61-11d9-8027-0050bfacf523}]

*Newly Created Service* - ENTDRV51

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8812 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-11 15:41:58 ------------


Extra file


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 767.48 MiB / 259.36 MiB
Pagefile Memory (total/avail): 1108.61 MiB / 514.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.84 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.16 GiB total, 3.47 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Fixed (NTFS) - 232.88 GiB total, 154.65 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 5T040H4 - 38.16 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 38.16 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD2500BB-00GUA0 - 232.88 GiB - 1 partition
\PARTITION0 - Gestionnaire de disque logique - 232.88 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\Programmes\\Cyberlink\\PowerCinema\\PowerCinema.exe"="F:\\Programmes\\Cyberlink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"F:\\Programmes\\Cyberlink\\PowerCinema\\PCMService.exe"="F:\\Programmes\\Cyberlink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"F:\\RegCleaner\\Office12\\OUTLOOK.EXE"="F:\\RegCleaner\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"F:\\Programmes\\BitTorrent\\bittorrent.exe"="F:\\Programmes\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"F:\\Programmes\\Nouveau dossier\\game.dat"="F:\\Programmes\\Nouveau dossier\\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\\Stronghold\\GameData\\BattlefrontII.exe"="F:\\Stronghold\\GameData\\BattlefrontII.exe:*:Enabled:BattlefrontII"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"F:\\Stronghold\\age2_x1\\age2_x1.icd"="F:\\Stronghold\\age2_x1\\age2_x1.icd:*:Enabled:Age of Empires II Expansion"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\GABRIEL\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=GABRIEL-GTS4EC0
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\GABRIEL
LOGONSERVER=\\GABRIEL-GTS4EC0
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GABRIEL\LOCALS~1\Temp
TMP=C:\DOCUME~1\GABRIEL\LOCALS~1\Temp
USERDOMAIN=GABRIEL-GTS4EC0
USERNAME=GABRIEL
USERPROFILE=C:\Documents and Settings\GABRIEL
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

GABRIEL (admin)
NATHALIE (admin)
FRANCOIS (admin)
LAURENCE (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x040c
--> F:\Programmes\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Effects Pack --> C:\PROGRA~1\UNWISE.EXE C:\PROGRA~1\INSTALL.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIDA32 v3.90 --> "C:\Program Files\AIDA32 - Enterprise System Information\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ASUS TSSI --> MsiExec.exe /I{76A2DC7C-D385-498E-9C6B-CF9626F8BE1E}
Audacity 1.2.3 --> F:\scores\Audacity\unins000.exe
Band-in-a-Box 2006 --> c:\bb\unins000.exe
Barbie™ Princesse Raiponce --> C:\Program Files\Fichiers communs\Knowledge Adventure\Uninstall\RapunzelUn.exe
Barre d'outils MSN --> C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\mtbs.exe c
Big Fish Games Toolbar --> C:\Program Files\bfgtoolbar\uninstall.exe -uninstall -prompt
BitTorrent --> "F:\Programmes\BitTorrent\BitTorrent.exe" /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
Citrix ICA Web Client --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Creative Audio Console --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x40c /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
dancescape_screensaver2 Screen Saver --> C:\WINDOWS\azssuninst.exe dancescape_screensaver2
DivX Codec --> F:\Programmes\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> F:\Programmes\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> F:\Programmes\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> F:\Programmes\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> F:\Programmes\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Dofus-Arena beta 9 --> C:\Program Files\Dofus-Arena\uninstall.exe
Dofus 1.22.0 --> F:\Programmes\Dofus\uninstall.exe
Dora Sakado --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3AFC7779-F2B8-49A4-9689-A2EA86ABCC8A}\setup.exe" -l0x40c
Doras 3-D Driving Adventure (remove only) --> "C:\Program Files\Doras 3-D Driving Adventure\Uninstall.exe"
Démo Tweenies - A toi de jouer! --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA041591-ED32-11D4-821B-0050BAA163D4}\setup.exe"
EarMaster Pro 5 --> "F:\EarMaster Pro 5\unins000.exe"
EasyCleaner --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9
Empire Earth --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe" -l0x40c
enable Metronome 4.0 --> C:\Program Files\enable Metronome\uninst.exe
EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Firebird SQL Server - MAGIX Edition --> F:\Common\Database\instslct.exe /p
First Step Guide --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EC786D5-C0CA-42E0-AF88-5379EF9D91EC}\setup.exe" -l0x40c UNINSTALL
Frets On Fire --> "F:\Programmes\Frets on Fire\Uninstall.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
GUILD WARS --> "f:\Documents and Settings\Gw.exe" -uninstall
GVOX Encore 32 v4.5 --> C:\PROGRA~1\GVOX\Encore\UNWISE.EXE C:\PROGRA~1\GVOX\Encore\INSTALL.LOG
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
IkAgora 0.9.1011 --> "F:\Programmes\IkAgora\unins000.exe"
ImpôtRapide 2005 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{740DC926-B248-41DF-A38A-0675749E4361}\isetup.ex_" -l0xc0c -uninst
ImpôtRapide 2006 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{287E1968-462A-40EB-BA11-A557C5D64F12}\isetup.ex_" -l0xc0c -uninst
ImpôtRapide 2007 --> MsiExec.exe /X{3156B2FD-5C1D-4649-9FE3-EB6E77320266}
iPIX ActiveX Viewer --> C:\WINDOWS\ipUninst.exe C:\WINDOWS\Unwise.exe /a C:\WINDOWS\occache\IPIXActX.log, Uninstall iPIX ActiveX Viewer
iPod for Windows 2006-06-28 --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1036
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JD Secure 3.1 --> C:\WINDOWS\System32\JDSecure31.exe /u
KnightOnline --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF3E37E0-06D5-4A1B-A264-BD2B7E30B458}\Setup.exe"
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
La chasse au trésor --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Mindscape\La chasse au trésor\UninstCa2.isu"
Lapin Malin Maternelle 1 --> C:\WINDOWS\unin040c.exe -fC:\TLCWIN\RRT\uninstal\DeIsL1.isu
Les formes et les couleurs --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97866725-0588-4C6C-8FDC-0FC5E8FAF27F}\setup.exe"
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
LiquidMedia.2.01.0131 --> MsiExec.exe /I{59084474-B484-401A-92EA-357C17878C29}
Logiciel Kodak EasyShare --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0007_a753c1\Setup.exe /APR-REMOVE
MAGIX Music Maker 12 deluxe e-version 12.1.0.3 (US) --> F:\Programmes\instslct.exe /p
McAfee VirusScan Enterprise --> MsiExec.exe /I{4DCA2739-9D16-4B55-808C-E72CD70A5BD3}
Media Player Classic fr --> "C:\Program Files\Media Player Classic\uninstall.exe"
MGI PhotoSuite III SE (suppression seulement) --> "C:\Program Files\MGI\MGI PhotoSuite III SE\System\MGIUninstall.exe" C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\MGI\MGI PhotoSuite III SE\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite III SE\System\CustomUninstall.dll"
Microsoft Age of Empires II --> "F:\Stronghold\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II : The Conquerors Expansion --> "F:\Stronghold\UNINSTALX.EXE" /runtemp /addremove
Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Midisport 1x1 1.0.1.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\M-Audio Midisport 1x1\irunin.ini"
Mise à jour de sécurité pour Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mon Premier Dictionnaire Super Génial 2.0 --> C:\WINDOWS\unin040c.exe -r"Havas Interactive\Mon Premier Dictionnaire Super Génial 2.0\2.00" -n"Mon Premier Dictionnaire Super Génial 2.0" -fC:\PROGRA~1\HAVASI~1\MONPRE~1.0\DeIsL4.isu -cC:\PROGRA~1\HAVASI~1\MONPRE~1.0\uninst.dll
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.6) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 6 Enterprise Edition --> F:\Programmes\nero\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
NewsBin Pro 4.3 --> C:\Program Files\nbpro\uninst-nbpro.exe
Nostale Online FR (Remove) --> "F:\Programmes\Nostale(FR)\unins000.exe"
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OpenOffice.org 2.3 --> MsiExec.exe /I{B087B0C3-F595-485A-B86B-73326BA8693A}
Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDADDIN --> MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP --> MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
PCI Audio Driver --> cmuninst.exe
PG Music DirectX Plugins 1.3.4.1 --> "C:\Program Files\PowerTracks DirectX Plugins\unins000.exe"
PixiePack Codec Pack --> MsiExec.exe /I{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}
PowerCinema --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
PowerCinema MakeDisc Module --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
Protected Music Converter 1.0.0.9 --> "C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Reason 4.0 --> "F:\Programmes\Reason\Uninstall Reason\unins000.exe"
Reason Demo 4.0.1 --> "F:\Programmes\Reason Demo\Uninstall Reason Demo\unins000.exe"
Robin Hood - La Légende de Sherwood --> F:\STRONG~1\/\UNWISE.EXE F:\STRONG~1\/\INSTALL.LOG
Safari --> MsiExec.exe /X{40589552-3892-409E-B92C-9F5032A4B2F0}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
Sonic CinePlayer DVD Pack --> MsiExec.exe /I{D4576E0D-2295-4B8E-B663-B68086B00EE5}
Sony USB Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy --> "F:\Programmes\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Sqirlz Morph --> C:\WINDOWS\Sqirlz Morph Uninstaller.exe
stronghold --> "C:\WINDOWS\\stronghold\\uninstall.exe" "/U:C:\WINDOWS\\stronghold\uninstall.xml"
Stronghold --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}\setup.exe"
Stronghold Crusader --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe" -l0x9
Stronghold Crusader Extreme Demo --> "C:\Program Files\InstallShield Installation Information\{667888E5-5D71-4312-A577-41024D32A8C8}\setup.exe" -runfromtemp -l0x040c -removeonly
Text-To-Speech-Runtime --> MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
The Battle for Middle-earth ™ --> F:\Programmes\Nouveau dossier\EAUninstall.exe
Thinking Skills --> C:\WINDOWS\unvise32.exe C:\Program Files\sz8037\uninstal.log
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TimeLeft --> "C:\Program Files\TimeLeft3\unins000.exe"
Transcribe! --> C:\WINDOWS\uninst.exe -ff:\programmes\DeIsL2.isu -cf:\PROGRA~1\_ISREG32.DLL
Transcribe! 7.43 --> "F:\Programmes\Transcribe!\unins000.exe"
Trier et Réfléchir --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D91EBEEC-700D-44A1-A394-6EBD1D93F281}\setup.exe"
Tunebite --> MsiExec.exe /I{FA46DF6E-7E6F-4F43-A15D-B63BC91CB9B5}
Turbo ZIP Cracker v. 1.2 --> "C:\Program Files\FDRLab\Turbo ZIP Cracker\unins000.exe"
Ulead DVD MovieFactory 2 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88F93347-0F9B-4FED-BA71-6C2A4CDFE61D}\setup.exe" -l0x40c
Ulead MediaStudio Pro 7.0 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D701F5D-F149-4FAC-AAA2-A36C088C5FE3}\setup.exe" -l0x40c
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
vanBasco's Karaoke Player --> C:\Program Files\vanBasco's Karaoke Player\uninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinChess --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Home\WinChess 1.0\Uninst.isu"
Windows Defender --> MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Wow Cartographe 1.05 --> C:\Program Files\WowCartographe\uninst.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
YouTube Downloader 2.1 --> "C:\Program Files\FDRLab\YouTube Downloader\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type32 / Warning
Event Submitted/Written: 07/11/2008 03:41:33 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Serait bloqué par une règle de blocage de comportement (la règle est actuellement en mode avertissement) (mode avertissement uniquement !).(ordinateur source GABRIEL-GTS4EC0, adresse IP 211.219.67.100, utilisateur SYSTEM, exécution de VirusScan Enter 8.0 - OAS)

Event Record #/Type31 / Warning
Event Submitted/Written: 07/11/2008 03:41:33 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Serait bloqué par une règle de blocage de comportement (la règle est actuellement en mode avertissement) (mode avertissement uniquement !).(ordinateur source GABRIEL-GTS4EC0, adresse IP 211.219.67.100, utilisateur SYSTEM, exécution de VirusScan Enter 8.0 - OAS)

Event Record #/Type28 / Warning
Event Submitted/Written: 07/11/2008 02:24:43 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: L'analyse a été annulée à 2008-07-11 18:24:43.(ordinateur source GABRIEL-GTS4EC0, adresse IP 211.219.67.100, utilisateur GABRIEL, exécution de VirusScan Enter 8.0 - Analyse à la de)

Event Record #/Type27 / Error
Event Submitted/Written: 07/11/2008 02:00:23 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Le fichier C:\Documents and Settings\GABRIEL\Local Settings\Temporary Internet Files\Content.IE5\1DWP555Q\3077ahntdksr[3].dll est infecté par le virus Boaxxe.dll (Cheval de Troie). Erreur de nettoyage indéterminée, échec de la mise en quarantaine. Le virus a été détecté par le moteur d'analyse. Version du moteur : 5200. Version des fichiers DAT : 5336.(ordinateur source GABRIEL-GTS4EC0, adresse IP 211.219.67.100, utilisateur GABRIEL-GTS4EC0, exécution de VirusScan Enter 8.0 - OAS)

Event Record #/Type10 / Success
Event Submitted/Written: 07/11/2008 01:00:18 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24115 / Error
Event Submitted/Written: 07/11/2008 10:53:42 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Le service CyberLink Task Scheduler (CTS) dépend du service CyberLink Background Capture Service (CBCS) qui n'a pas pu démarrer en raison de l'erreur :
%%1070

Event Record #/Type24114 / Error
Event Submitted/Written: 07/11/2008 10:53:42 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
Le service CyberLink Background Capture Service (CBCS) est en attente de démarrage.

Event Record #/Type24110 / Error
Event Submitted/Written: 07/11/2008 10:49:50 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
Le service Appel de procédure distante (RPC) s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer l'ordinateur.

Event Record #/Type24108 / Error
Event Submitted/Written: 07/11/2008 10:49:47 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Le service WebClient s'est terminé de façon inattendue pour la 1ème fois.

Event Record #/Type24107 / Error
Event Submitted/Written: 07/11/2008 10:49:47 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Le service Service de découvertes SSDP s'est terminé de façon inattendue pour la 1ème fois.



-- End of Deckard's System Scanner: finished at 2008-07-11 15:41:58 ------------

BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 21 July 2008 - 02:02 PM

frqe2001

Sorry for the delay

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#3 frge2001

frge2001
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 22 July 2008 - 03:56 PM

I thank for the answer

Since many day past between my first post and an answer

Her is what i have done in the last days

1) i ran Cumbofix
2) i ran a full scan with Malwarebytes with window in Sans echec mode
89 "files" deleted, all vundo or vundo related topics
nothing about Boaxxe

3) then i ran Cumbofix once again
the log is below
I do not now if i am still infected with Boaxxe

ComboFix 08-07-21.1 - GABRIEL 2008-07-22 16:18:56.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.2.1036.18.251 [GMT -4:00]
Endroit: C:\Documents and Settings\GABRIEL\Bureau\ComboFix.exe
* Resident AV is active


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\tmp30.tmp
C:\WINDOWS\system32\tmp74.tmp

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))))))))
.

2008-07-22 16:16 . 2008-07-22 16:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-22 16:16 . 2008-07-22 16:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-22 10:06 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-22 10:06 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-21 21:20 . 2008-07-22 10:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-21 21:20 . 2008-07-21 21:20 <REP> d-------- C:\Documents and Settings\GABRIEL\Application Data\Malwarebytes
2008-07-21 21:20 . 2008-07-21 21:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-21 10:05 . 2008-07-21 10:16 43,761 --ahs---- C:\WINDOWS\system32\copirwbq.ini
2008-07-12 17:13 . 2008-07-13 12:21 <REP> d-------- C:\Program Files\IGZones
2008-07-11 15:35 . 2008-07-11 15:35 <REP> d-------- C:\Deckard
2008-07-09 11:22 . 2008-07-09 11:24 <REP> d-------- C:\WINDOWS\stronghold
2008-06-29 22:32 . 2008-07-22 16:18 <REP> d-------- C:\quarantine
2008-06-29 12:05 . 2008-06-29 12:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-29 12:03 . 2008-06-29 12:03 <REP> d-------- C:\Program Files\WMA-MP3.com
2008-06-26 12:55 . 2008-06-26 12:55 <REP> d-------- C:\Documents and Settings\GABRIEL\Application Data\RTPlayer
2008-06-26 12:47 . 2008-06-26 12:47 <REP> d-------- C:\Program Files\PixiePack Codec Pack
2008-06-23 21:02 . 2008-06-23 21:02 <REP> d-------- C:\Program Files\enable Metronome

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 20:14 --------- d-----w C:\Documents and Settings\GABRIEL\Application Data\DNA
2008-07-12 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-11 15:19 --------- d-----w C:\Program Files\Incomplete
2008-07-11 15:19 --------- d-----w C:\Documents and Settings\GABRIEL\Application Data\BitTorrent
2008-07-11 15:10 --------- d-----w C:\Documents and Settings\GABRIEL\Application Data\Hamachi
2008-07-11 14:53 --------- d-----w C:\Documents and Settings\GABRIEL\Application Data\Tunebite
2008-07-11 14:53 --------- d-----w C:\Documents and Settings\GABRIEL\Application Data\OpenOffice.org2
2008-07-10 21:57 --------- d-----w C:\Program Files\LimeWire
2008-07-08 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 17:09 --------- d-----w C:\Program Files\Firefly Studios
2008-06-29 16:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-06-21 18:03 --------- d-----w C:\Program Files\LucasArts
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-31 17:36 --------- d-----w C:\Program Files\Hamachi
2008-05-31 17:35 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-08 21:47 368,640 ----a-w C:\WINDOWS\system32\ReWire.dll
2008-05-08 21:47 233,472 ----a-w C:\WINDOWS\system32\REX Shared Library.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-15 15:16 6,523 ----a-w C:\Program Files\INSTALL.LOG
2007-12-31 23:54 560 ----a-w C:\Documents and Settings\GABRIEL\Application Data\ViewerApp.dat
2007-10-21 15:23 47,456 ----a-w C:\Documents and Settings\GABRIEL\Application Data\GDIPFONTCACHEV1.DAT
2006-04-22 19:07 48,232 -c--a-w C:\Documents and Settings\NATHALIE\Application Data\GDIPFONTCACHEV1.DAT
2005-12-28 21:42 585 -c--a-w C:\Documents and Settings\GABRIEL\DMOrganizer.dat
2005-03-09 16:09 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2001-09-28 21:00 164,864 ----a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-07-22_10.27.16.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-22 13:54:39 202,612 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-07-22 20:03:20 153,272 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 07:05 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-25 09:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50 139320]
"cc6c4963"="C:\WINDOWS\system32\hxqrtlbk.dll" [BU]
"BMcf5f7aff"="C:\WINDOWS\system32\ocrywrjl.dll" [BU]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 13:14 35328]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 01:51 172032]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50 204800]
"EPSON Stylus C68 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE" [2005-01-25 04:00 98304]
"C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 1818624 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 19:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsp]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifDuvuv]
iifDuvuv.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcbyw]
khfcbyw.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqppml]
ssqppml.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"vidc.K3CC"= K3CCodec.dll
"msacm.l3codecp"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=
"F:\\Programmes\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"F:\\Programmes\\Cyberlink\\PowerCinema\\PCMService.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\RegCleaner\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"F:\\Programmes\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"F:\\Programmes\\Nouveau dossier\\game.dat"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"F:\\Stronghold\\age2_x1\\age2_x1.icd"=
"C:\\Program Files\\IGZones\\IGZones.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 10:23]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-01-25 14:42]
R3 AN983;Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 17:59]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;F:\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 iatmunin;iatmunin;C:\DOCUME~1\GABRIEL\LOCALS~1\Temp\iatmunin.sys []
S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys []
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 10:23]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-12 23:05:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-31 05:46:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Local Page = %SystemR
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX
O8 -: E&xporter vers Microsoft Excel - F:\REGCLE~1\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://tw.msi.com.tw/autobios/LOnline/install.cab
C:\WINDOWS\Downloaded Program Files\MSIWDev.inf


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 16:23:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-22 16:29:05
ComboFix-quarantined-files.txt 2008-07-22 20:28:54
ComboFix2.txt 2008-07-22 14:27:52
ComboFix3.txt 2008-07-22 01:10:31

Pre-Run: 4,890,845,184 octets libres
Post-Run: 4,879,269,888 octets libres

175 --- E O F --- 2008-07-10 03:43:52

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 23 July 2008 - 07:29 AM

frqe2001

The infection you are looking for has many names Boaxxe.dll is McAfee's designation.
Just a few things to clean up

1. Open NotePad (not wordpad). Copy and paste the following into Notepad


File::
C:\WINDOWS\system32\copirwbq.ini

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cc6c4963"=-
"BMcf5f7aff"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifDuvuv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcbyw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqppml]


Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
2. Rerun Hijackthis and post a fresh Hijackthis log as well
Posted Image
Microsoft MVP - Windows Security

#5 frge2001

frge2001
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 27 July 2008 - 12:33 PM

Here are my two logs

The only symptom left is frequent Vundo virus eliminated by my antivirus


Combofix

ComboFix 08-07-21.1 - GABRIEL 2008-07-27 13:16:37.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.355 [GMT -4:00]
Endroit: C:\Documents and Settings\GABRIEL\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\GABRIEL\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\system32\copirwbq.ini
.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-27 to 2008-07-27 ))))))))))))))))))))))))))))))))))))
.

2008-07-26 21:01 . 2008-07-26 21:01 <REP> d-------- C:\Program Files\MSXML 6.0
2008-07-25 20:15 . 2008-07-25 20:15 <REP> d-------- C:\Program Files\Microsoft
2008-07-25 20:07 . 2008-07-25 20:07 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-25 20:06 . 2008-07-25 20:06 <REP> d-------- C:\Program Files\Reference Assemblies
2008-07-25 20:06 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-07-25 19:49 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-07-25 19:49 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-07-25 19:49 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-07-25 19:49 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-07-25 19:49 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-07-25 19:49 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-07-25 19:49 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-07-25 19:47 . 2008-07-25 19:47 <REP> d-------- C:\WINDOWS\Logs
2008-07-25 19:46 . 2008-07-25 19:46 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-07-25 19:46 . 2008-07-25 19:46 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-07-25 19:42 . 2008-07-25 19:43 <REP> d-------- C:\Microsoft Robotics Studio (1.5)
2008-07-22 16:16 . 2008-07-27 09:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-22 16:16 . 2008-07-22 16:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-22 10:06 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-22 10:06 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-21 21:20 . 2008-07-22 10:06 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-21 21:20 . 2008-07-21 21:20 <REP> d-------- C:\Documents and Settings\GABRIEL\Application Data\Malwarebytes
2008-07-21 21:20 . 2008-07-21 21:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-12 17:13 . 2008-07-13 12:21 <REP> d-------- C:\Program Files\IGZones
2008-07-11 15:35 . 2008-07-11 15:35 <REP> d-------- C:\Deckard
2008-07-09 11:22 . 2008-07-09 11:24 <REP> d-------- C:\WINDOWS\stronghold
2008-06-29 22:32 . 2008-07-27 13:16 <REP> d-------- C:\quarantine
2008-06-29 12:05 . 2008-06-29 12:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-29 12:03 . 2008-06-29 12:03 <REP> d-------- C:\Program Files\WMA-MP3.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 17:18 --------- d-----w C:\Documents and Settings\GABRIEL\Application Data\DNA
2008-07-27 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-26 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-26 00:12 --------- d-----w C:\Program Files\MSBuild
2008-07-25 23:45 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-11 15:19 --------- d-----w C:\Program Files\Incomplete
2008-07-11 15:19 --------- d-----w C:\Documents and Settings\GABRIEL\Application Data\BitTorrent
2008-07-11 15:10 --------- d-----w C:\Documents and Settings\GABRIEL\Application Data\Hamachi
2008-07-11 14:53 --------- d-----w C:\Documents and Settings\GABRIEL\Application Data\Tunebite
2008-07-11 14:53 --------- d-----w C:\Documents and Settings\GABRIEL\Application Data\OpenOffice.org2
2008-07-10 21:57 --------- d-----w C:\Program Files\LimeWire
2008-07-08 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 17:09 --------- d-----w C:\Program Files\Firefly Studios
2008-06-29 16:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-06-26 16:55 --------- d-----w C:\Documents and Settings\GABRIEL\Application Data\RTPlayer
2008-06-26 16:47 --------- d-----w C:\Program Files\PixiePack Codec Pack
2008-06-24 01:02 --------- d-----w C:\Program Files\enable Metronome
2008-06-21 18:03 --------- d-----w C:\Program Files\LucasArts
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-31 17:36 --------- d-----w C:\Program Files\Hamachi
2008-05-31 17:35 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-08 21:47 368,640 ----a-w C:\WINDOWS\system32\ReWire.dll
2008-05-08 21:47 233,472 ----a-w C:\WINDOWS\system32\REX Shared Library.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-03-15 15:16 6,523 ----a-w C:\Program Files\INSTALL.LOG
2007-12-31 23:54 560 ----a-w C:\Documents and Settings\GABRIEL\Application Data\ViewerApp.dat
2007-10-21 15:23 47,456 ----a-w C:\Documents and Settings\GABRIEL\Application Data\GDIPFONTCACHEV1.DAT
2006-04-22 19:07 48,232 -c--a-w C:\Documents and Settings\NATHALIE\Application Data\GDIPFONTCACHEV1.DAT
2005-12-28 21:42 585 -c--a-w C:\Documents and Settings\GABRIEL\DMOrganizer.dat
2005-03-09 16:09 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2001-09-28 21:00 164,864 ----a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 07:05 289088]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 12:30 68856]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-25 09:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50 139320]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 13:14 35328]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 01:51 172032]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50 204800]
"EPSON Stylus C68 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE" [2005-01-25 04:00 98304]
"C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 1818624 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 19:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"vidc.K3CC"= K3CCodec.dll
"msacm.l3codecp"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=
"F:\\Programmes\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
"F:\\Programmes\\Cyberlink\\PowerCinema\\PCMService.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\RegCleaner\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"F:\\Programmes\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"F:\\Programmes\\Nouveau dossier\\game.dat"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"F:\\Stronghold\\age2_x1\\age2_x1.icd"=
"C:\\Program Files\\IGZones\\IGZones.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Microsoft Robotics Studio (1.5)\\bin\\DssHost.exe"=

R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 10:23]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-01-25 14:42]
R3 AN983;Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 17:59]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;F:\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 iatmunin;iatmunin;C:\DOCUME~1\GABRIEL\LOCALS~1\Temp\iatmunin.sys []
S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys []
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 10:23]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]

*Newly Created Service* - ENTDRV51

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-26 23:05:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-31 05:46:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 13:20:29
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-07-27 13:23:49
ComboFix-quarantined-files.txt 2008-07-27 17:22:43
ComboFix2.txt 2008-07-27 16:49:54
ComboFix3.txt 2008-07-22 20:29:06
ComboFix4.txt 2008-07-22 14:27:52
ComboFix5.txt 2008-07-27 17:15:54

Pre-Run: 3,042,050,048 octets libres
Post-Run: 3,034,890,240 octets libres

164 --- E O F --- 2008-07-27 01:01:32



Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:24, on 2008-07-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Programmes\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
F:\Programmes\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
F:\Programmes\Safari.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EPSON Stylus C68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAA.EXE /P23 "EPSON Stylus C68 Series" /O6 "USB001" /M "Stylus C68"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-854245398-1580436667-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LAURENCE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digimax Viewer 2.0.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe
O8 - Extra context menu item: &Search - http://kx.bar.need2find.com/KX/menusearch.html?p=KX
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\REGCLE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\REGCLE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113672742687
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - F:\Programmes\impotR2007\ic2007pp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - F:\Programmes\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - F:\Programmes\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - F:\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 12320 bytes

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 28 July 2008 - 07:12 AM

frqe2001

The only symptom left is frequent Vundo virus eliminated by my antivirus


In your next reply tell me the location where your AV is finding Vundo.

Please perform an Ewido Online Malware Scan
  • When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
  • Click on Start Scan.
  • after the scan completes it will produce a log for you, copy and paste the results of that scan as a reply to this thread
  • If any infections are found, (After you save the logfile), Click on Remove Infections.

Posted Image
Microsoft MVP - Windows Security

#7 frge2001

frge2001
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 29 July 2008 - 08:03 PM

I

My antivirus find Vundo's in the following directory

c:\System Volume Information\_restore{3307D82-1553-4F9C-91F8-618CCB15429}\RP1393


Here is the LOG

Thanks for your help



__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.247realmedia
Path: C:\Documents and Settings\GABRIEL\Cookies\gabriel@247realmedia[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\GABRIEL\Cookies\gabriel@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\GABRIEL\Cookies\gabriel@bs.serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\GABRIEL\Cookies\gabriel@msnportal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\GABRIEL\Cookies\gabriel@serving-sys[2].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\LAURENCE\Cookies\laurence@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\LAURENCE\Cookies\laurence@bs.serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: C:\Documents and Settings\LAURENCE\Cookies\laurence@cpvfeed[2].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\LAURENCE\Cookies\laurence@doubleclick[2].txt
Risk: Medium

Name: TrackingCookie.Tracking101
Path: C:\Documents and Settings\LAURENCE\Cookies\laurence@login.tracking101[2].txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: C:\Documents and Settings\LAURENCE\Cookies\laurence@m.webtrends[2].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Documents and Settings\LAURENCE\Cookies\laurence@msnportal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Need2find
Path: C:\Documents and Settings\LAURENCE\Cookies\laurence@need2find[2].txt
Risk: Medium

Name: TrackingCookie.Msn
Path: C:\Documents and Settings\LAURENCE\Cookies\laurence@search.msn[2].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Documents and Settings\LAURENCE\Cookies\laurence@serving-sys[1].txt
Risk: Medium

Name: TrackingCookie.Myaffiliateprogram
Path: C:\Documents and Settings\LAURENCE\Cookies\laurence@www.myaffiliateprogram[1].txt
Risk: Medium

Name: TrackingCookie.Sitestat
Path: :mozilla.80:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sitestat
Path: :mozilla.81:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sitestat
Path: :mozilla.82:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sitestat
Path: :mozilla.83:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.100:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.101:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: :mozilla.119:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Need2find
Path: :mozilla.142:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Need2find
Path: :mozilla.143:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Need2find
Path: :mozilla.144:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Need2find
Path: :mozilla.145:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Msn
Path: :mozilla.199:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Smartadserver
Path: :mozilla.210:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Smartadserver
Path: :mozilla.211:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Smartadserver
Path: :mozilla.212:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adobe
Path: :mozilla.258:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adobe
Path: :mozilla.259:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.312:C:\Documents and Settings\NATHALIE\Application Data\Mozilla\Firefox\Profiles\4i41bh3e.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: C:\Documents and Settings\NATHALIE\Cookies\nathalie@anad.tacoda[2].txt
Risk: Medium

Name: TrackingCookie.Burstnet
Path: C:\Documents and Settings\NATHALIE\Cookies\nathalie@burstnet[2].txt
Risk: Medium

Name: TrackingCookie.Cpvfeed
Path: C:\Documents and Settings\NATHALIE\Cookies\nathalie@cpvfeed[2].txt
Risk: Medium

Name: TrackingCookie.Overture
Path: C:\Documents and Settings\NATHALIE\Cookies\nathalie@data2.perf.overture[1].txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: C:\Documents and Settings\NATHALIE\Cookies\nathalie@ehg-dig.hitbox[2].txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: C:\Documents and Settings\NATHALIE\Cookies\nathalie@m.webtrends[1].txt
Risk: Medium

Name: TrackingCookie.Need2find
Path: C:\Documents and Settings\NATHALIE\Cookies\nathalie@need2find[2].txt
Risk: Medium

Name: TrackingCookie.Real
Path: C:\Documents and Settings\NATHALIE\Cookies\nathalie@realguide.real[2].txt
Risk: Medium

Name: TrackingCookie.Msn
Path: C:\Documents and Settings\NATHALIE\Cookies\nathalie@search.msn[1].txt
Risk: Medium

Name: TrackingCookie.Starware
Path: C:\Documents and Settings\NATHALIE\Cookies\nathalie@starware[2].txt
Risk: Medium

Name: TrackingCookie.Adobe
Path: C:\Documents and Settings\NATHALIE\Cookies\nathalie@www.adobe[2].txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: C:\Documents and Settings\NATHALIE\Cookies\nathalie@yadro[1].txt
Risk: Medium

Name: Logger.ProAgent.21
Path: C:\Program Files\KnightOnline\KnightOnLine.exe
Risk: High

Name: Trojan.Wimad.a
Path: C:\Program Files\LimeWire\01 Track 1.wma
Risk: High

Name: Downloader.Wimad.k
Path: C:\Program Files\LimeWire\Wicked Remix (flamenco).wma
Risk: High

Name: Downloader.VB.bsa
Path: C:\Program Files\LimeWire\Yellowjackets - 25 - 2006.zip/Setup.exe
Risk: High

Name: Adware.Altnet
Path: C:\Program Files\Microsoft AntiSpyware\Quarantine\82D455CE-DC65-47A1-9E0C-E000C5\2EAE171F-F609-449C-98B4-9D56EA/asm.exe
Risk: Medium

Name: Adware.Altnet
Path: C:\Program Files\Microsoft AntiSpyware\Quarantine\82D455CE-DC65-47A1-9E0C-E000C5\2EAE171F-F609-449C-98B4-9D56EA/asmps.dll
Risk: Medium

Name: Adware.RXBar
Path: C:\Program Files\Microsoft AntiSpyware\Quarantine\AC2A348A-7F41-48CC-8EE3-D95B90\6EFD6F88-7904-4540-AF90-AF2FEE
Risk: Medium

Name: Not-A-Virus.Adware.BHO
Path: C:\System Volume Information\_restore{33107D82-1553-4F9C-91F8-618CCB145429}\RP1393\A0398038.dll
Risk: Low

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 31 July 2008 - 08:18 AM

frqe2001

It's not going to be unusual for your AV to find infections in System Restore folders for the next few days now that the active infection has been removed.
And they pose no threat unless System Restore is invoked for the particular date they are associated with. And eventually Windows will delete the older Sytem restore folders for newer ones. You can speed up this process by Booting into Safe Mode and running a full system scan.

We are going to Create a clean System Restore point anyway.

Let's Remove Combofix

Select Start ->> Run ->> type in combofix /u (there is a space between x and /) Then O.K.

Posted Image

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:
Lets create a clean System Restore point
the instructions are here
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:Download the latest version of
Java Runtime Environment (JRE) 6.u7.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u7-windowsi586-p.exe to install the newest version.
Update your Anti Virus Software

Use and maintain a Firewall

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basisTo a disc or a USB key, not your Hardrive
You may want to read this article"So how did I get infected in the first place" by Tony Klein

surf safe
Posted Image
Microsoft MVP - Windows Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users