Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is there anything left?


  • This topic is locked This topic is locked
9 replies to this topic

#1 Domster

Domster

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 18 October 2008 - 06:22 PM

Hello, my parents clicked some places they shouldn't have clicked on their computer and they got infected by a bunch of nasty stuff. I think I succesfully cleaned most of it but I wanted to make sure. Thank you for your time! (It's a french language system so some folder names might look funny ;))

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:23, on 2008-10-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdfserv.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [HJYtA1pApA] C:\Documents and Settings\All Users\Application Data\jetujmtg\lihkhmdi.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v46/solit...litairerush.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} (SpiderSolitaire Control) - http://www.worldwinner.com/games/v56/spide...ersolitaire.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196207815890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206385181937
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8657 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:40 AM

Posted 26 October 2008 - 09:58 PM

Hello, Domster.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
If you would still like help, please follow the instructions below:

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Domster

Domster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 27 October 2008 - 05:03 PM

Kaspersky found some bad stuff...

OTViewIt logfile created on: 2008-10-27 14:41:03 - Run
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1015,46 Mb Total Physical Memory | 395,34 Mb Available Physical Memory | 38,93% Memory free
1,26 Gb Paging File | 0,72 Gb Available in Paging File | 57,02% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 63,03 Gb Free Space | 84,58% Space Free | Partition Type: NTFS
Drive D: | 109,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQ-DESKTOP
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005-12-09 15:37:42 | 00,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
[2008-10-14 19:26:19 | 00,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jetujmtg\lihkhmdi.exe
[2007-06-11 21:53:44 | 00,455,600 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
[2007-06-01 16:06:09 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
[2008-09-29 16:54:30 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2007-10-11 08:45:52 | 00,031,232 | ---- | M] (ArcSoft) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
[2004-11-01 17:22:22 | 00,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe
[2008-09-16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2007-10-11 08:45:56 | 00,051,712 | ---- | M] (ArcSoft) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
[2005-12-09 15:32:18 | 00,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
[2008-08-29 17:07:55 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2007-05-29 14:06:20 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfserv.exe
[2007-05-29 14:06:44 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcoms.exe
[2005-08-08 00:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[2004-08-10 23:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008-07-04 11:10:04 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008-08-29 17:07:59 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2008-08-23 01:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007-09-20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008-10-27 14:40:10 | 00,607,640 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrateur\Bureau\xpiinstall.exe
[2008-10-27 14:36:12 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007-10-11 08:45:56 | 00,051,712 | ---- | M] (ArcSoft) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
[2007-04-13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008-08-29 17:07:59 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008-08-29 17:07:55 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2007-04-13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005-12-09 15:37:42 | 00,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2007-05-29 14:06:20 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfserv.exe -- (lxdfCATSCustConnectService [Auto | Running])
[2007-05-29 14:06:44 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcoms.exe -- (lxdf_device [Auto | Running])
[2003-07-28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005-08-08 00:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
[2008-04-05 15:50:58 | 00,306,432 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
[2004-08-10 23:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007-10-25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services ==========

[2003-03-13 19:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2005-02-23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc [On_Demand | Running])
[2008-08-29 17:07:53 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008-07-04 11:10:04 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008-07-04 11:10:41 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2005-12-16 04:53:50 | 00,058,624 | R--- | M] (Samsung electronics, Inc) -- C:\WINDOWS\system32\drivers\CamAv.sys -- (CamAv [On_Demand | Stopped])
[2005-07-19 20:23:29 | 00,011,648 | R--- | M] (Samsung electronics, Inc) -- C:\WINDOWS\system32\drivers\CamFlt.sys -- (CAMFLT [On_Demand | Stopped])
[2006-01-12 17:27:48 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2005-12-05 19:28:40 | 00,014,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
[2005-06-21 18:12:34 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008-04-13 22:05:15 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2005-12-09 15:35:54 | 02,174,464 | ---- | M] () -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap [On_Demand | Stopped])
[2005-12-09 15:37:42 | 02,400,256 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv [On_Demand | Stopped])
[2005-12-05 19:26:56 | 02,010,240 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt [On_Demand | Stopped])
[2005-12-09 15:37:42 | 00,016,768 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon [On_Demand | Running])
[2005-12-05 19:26:18 | 00,039,424 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2005-12-05 19:28:34 | 01,103,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Stopped])
[2008-02-18 17:29:16 | 00,096,256 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Running])
[2006-06-05 04:39:56 | 00,024,064 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
[2004-08-05 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007-11-13 06:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003-05-27 18:05:42 | 00,578,304 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2008-04-13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2007-03-22 12:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro [Auto | Running])
[2007-03-22 12:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://sympatico.msn.ca/defaultf.aspx

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://sympatico.msn.ca/defaultf.aspx

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (267207 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9252 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"=C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"Lexmark 6500 Series Fax Server"="C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s ()
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation (Logitech Inc.)
"lxdfamon"="C:\Program Files\Lexmark 6500 Series\lxdfamon.exe" ()
"lxdfmon.exe"="C:\Program Files\Lexmark 6500 Series\lxdfmon.exe" ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (Linksys, a Division of Cisco Systems, Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (Linksys, a Division of Cisco Systems, Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"HJYtA1pApA"=C:\Documents and Settings\All Users\Application Data\jetujmtg\lihkhmdi.exe -- [2008-10-14 19:26:19 | 00,061,440 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 17:22:12 | 01,377,576 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007-04-19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-13 22:34:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-13 22:34:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 22:34:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 22:34:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/pub/shock...director/sw.cab -- Shockwave ActiveX Control
{18C3FD15-74F6-4280-9C98-3590C966B7B8}: http://www.worldwinner.com/games/v47/skillgam/skillgam.cab -- SkillGam Control
{1A1F56AA-3401-46F9-B277-D57F3421F821}: http://www.worldwinner.com/games/v47/share...GamesLoader.cab -- FunGamesLoader Object
{2C153C75-8476-434B-B3C3-57B63A3D1939}: http://www.worldwinner.com/games/v48/brickout/brickout.cab -- Brickout Control
{33E54F7F-561C-49E6-929B-D7E76D3AFEB1}: http://www.worldwinner.com/games/v50/pool/pool.cab -- Pool Control
{41D1977F-4161-4720-800F-EA4903983A38}: http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab -- Jigsaw Genius Control
{42FDC231-A411-45F8-B8B6-3B5026111DA8}: http://www.worldwinner.com/games/v46/solit...litairerush.cab -- SolitaireRush Control
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{58FC4C77-71C2-4972-A8CD-78691AD85158}: http://www.worldwinner.com/games/v63/bjattack/bja.cab -- BJA Control
{615F158E-D5CA-422F-A8E7-F6A5EED7063B}: http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab -- Bejeweled Control
{61900274-3323-4446-BDCD-91548D32AF1B}: http://www.worldwinner.com/games/v56/spide...ersolitaire.cab -- SpiderSolitaire Control
{62969CF2-0F7A-433B-A221-FD8818C06C2F}: http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab -- Blockwerx Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1196207815890 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1206385181937 -- MUWebControl Class
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}: http://www.worldwinner.com/games/shared/wwlaunch.cab -- Wwlaunch Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{97438FE9-D361-4279-BA82-98CC0877A717}: http://www.worldwinner.com/games/v57/cubis/cubis.cab -- Cubis Control
{A91FB93D-7561-4524-8484-5C27C8FA8D42}: http://www.worldwinner.com/games/v49/luxor/luxor.cab -- WwLuxor Control
{AC2881FD-5760-46DB-83AE-20A5C6432A7E}: http://www.worldwinner.com/games/v67/swapit/swapit.cab -- SwapIt Control
{BA94245D-2AA0-4953-9D9F-B0EE4CC02C43}: http://www.worldwinner.com/games/v42/tilecity/tilecity.cab -- Tilecity Control
{BB637307-92FA-47EC-B3F7-6969078673CC}: http://www.worldwinner.com/games/v45/royal/royal.cab -- Royal Control
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10

========== (O17) DNS Name Servers ==========

{C1BC2976-BE2E-4D64-844B-AE61B9076D7E} (Servers: | Description: )
{EE991993-9EBE-4182-A6F3-C27937F708F8} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008-07-04 11:10:10 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007-11-27 19:28:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autorun.inf [[autorun] | open=setup.exe | label=Linksys WRT54G | icon=setup.exe,0 | ]
[2007-05-16 22:16:49 | 00,000,067 | R--- | M] () -- D:\Autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d1b6fc2-9d14-11dc-838d-806d6172696f}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d1b6fc2-9d14-11dc-838d-806d6172696f}\Shell\AutoRun\command]
""=D:\setup.exe -- [2007-05-23 12:26:46 | 00,102,064 | R--- | M] (Cisco Systems, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2008-10-27 14:42:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008-10-27 14:41:04 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008-10-27 14:40:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Sun
[2008-10-27 14:39:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla
[2008-10-27 14:39:17 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2008-10-27 14:36:11 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTViewIt.exe
[2008-10-27 14:15:51 | 92,254,208 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\cjb6500en.exe
[2008-10-27 11:03:50 | 00,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Linksys EasyLink Advisor.lnk
[2008-10-27 11:03:10 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrateur\Application Data\GTek
[2008-10-27 11:01:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008-10-27 11:01:22 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\GTek
[2008-10-27 11:01:22 | 00,000,000 | ---D | C] -- C:\Program Files\Linksys EasyLink Advisor
[2008-10-25 01:13:15 | 07,606,832 | ---- | C] (Mozilla) -- C:\Firefox Setup 3.0.3.exe
[2008-10-23 19:30:32 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008-10-19 09:14:22 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\nofydmvm.exe
[2008-10-18 15:34:48 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\nuzqbybi.exe
[2008-10-18 14:16:40 | 00,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-10-15 18:32:21 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008-10-15 18:31:23 | 00,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-10-14 19:26:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\jetujmtg
[2008-10-14 19:25:58 | 00,079,085 | ---- | C] () -- C:\WINDOWS\System32\umkqbydmhe.exe
[2008-10-14 19:19:38 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008-10-14 19:18:55 | 01,846,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008-10-14 19:18:27 | 02,147,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008-10-14 19:18:27 | 02,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008-10-14 19:18:26 | 02,191,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008-10-14 19:18:26 | 02,025,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008-10-10 17:00:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Panasonic
[2008-09-29 19:01:47 | 00,385,024 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\république.doc
[2008-09-29 17:26:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2008-10-27 14:39:17 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2008-10-27 14:36:12 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTViewIt.exe
[2008-10-27 14:15:59 | 92,254,208 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\cjb6500en.exe
[2008-10-27 11:23:26 | 29,339,311 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008-10-27 11:23:26 | 00,088,958 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008-10-27 11:03:50 | 00,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Linksys EasyLink Advisor.lnk
[2008-10-25 12:59:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-10-25 11:06:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008-10-25 11:05:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008-10-25 11:05:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008-10-25 01:25:47 | 04,310,958 | -H-- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2008-10-25 01:13:16 | 07,606,832 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.0.3.exe
[2008-10-24 20:20:32 | 00,000,315 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Hotmail.url
@Alternate Data Stream - 3638 bytes -> C:\Documents and Settings\Administrateur\Bureau\Hotmail.url:favicon
[2008-10-24 19:21:38 | 00,000,117 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\La famille Marquis - Proulx.url
[2008-10-19 09:14:22 | 00,077,824 | ---- | M] () -- C:\WINDOWS\System32\nofydmvm.exe
[2008-10-18 20:10:11 | 00,000,604 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Mes dossiers de partage.lnk
[2008-10-18 16:50:40 | 00,267,207 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008-10-18 15:34:48 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\nuzqbybi.exe
[2008-10-18 14:16:40 | 00,000,091 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008-10-15 18:43:42 | 00,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-10-15 18:37:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008-10-15 18:31:24 | 00,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008-10-15 12:35:43 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008-10-15 12:35:43 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008-10-14 19:25:58 | 00,079,085 | ---- | M] () -- C:\WINDOWS\System32\umkqbydmhe.exe
[2008-10-10 17:15:37 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2008-10-09 19:19:25 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008-10-07 15:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008-10-03 13:12:27 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008-10-03 13:12:27 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008-10-02 18:48:34 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Word 2003.lnk
[2008-09-29 19:04:57 | 00,000,268 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Photoshop Express.url
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Administrateur\Bureau\Photoshop Express.url:favicon
[2008-09-29 19:01:47 | 00,385,024 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\république.doc
[2008-09-29 18:24:24 | 00,035,712 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
< End of report >






OTViewIt Extras logfile created on: 2008-10-27 14:41:03 - Run
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1015,46 Mb Total Physical Memory | 395,34 Mb Available Physical Memory | 38,93% Memory free
1,26 Gb Paging File | 0,72 Gb Available in Paging File | 57,02% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 63,03 Gb Free Space | 84,58% Space Free | Partition Type: NTFS
Drive D: | 109,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQ-DESKTOP
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-13 22:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008-04-13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007-10-18 11:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-04-13 22:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008-04-13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008-02-01 17:22:12 | 21,898,024 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath
[2007-05-29 14:06:44 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcoms.exe:*:Enabled:Lexmark Communications System
[2007-06-01 16:06:09 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\lxdfamon.exe:*:Enabled:Lexmark Device Monitor
[2007-04-24 23:11:42 | 00,024,576 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\frun.exe:*:Enabled:Lexmark Productivity Studio
[2007-02-05 23:07:14 | 01,171,456 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader
[2007-06-11 21:53:44 | 00,455,600 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\lxdfmon.exe:*:Enabled:Printer Device Monitor
[2007-05-29 14:06:11 | 00,295,856 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe:*:Enabled:Printer Status Window Interface
[2007-05-29 14:06:34 | 00,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe:*:Enabled:Lexmark Connect Time Executable
[2007-06-11 21:56:06 | 00,746,416 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\LXDFFax.exe:*:Enabled:Fax Solutions Software
[2007-05-29 14:06:15 | 00,398,256 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe:*:Enabled:Job Status Window Interface
[2008-08-29 16:37:39 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008-08-29 17:07:59 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2007-10-18 11:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008-08-23 01:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2007-05-29 14:06:38 | 00,140,208 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfwbgw.exe:*:Enabled:Lexmark Web Gateway
[2007-06-11 21:58:01 | 03,871,664 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\Wireless\lxdfwpss.exe:*:Enabled:
[2007-05-29 14:06:40 | 00,365,488 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcfg.exe:*:Enabled:Printer Communication System

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005-09-20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008-07-04 11:10:38 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-10-18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005-09-20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005-09-20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000-04-19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-10-18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-03-14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-05-10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008-02-01 17:22:12 | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007-04-19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{111A3D14-7596-43B0-92BA-418435C90672}"=Intel® PRO Network Connections
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}"=Ulead Photo Express 5 SE
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{497A1721-088F-41EF-8876-B43C9DA5528B}"=ArcSoft Software Suite
"{5888428E-699C-4E71-BF71-94EE06B497DA}"=TuneUp Utilities 2008
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}"=LG ODD Auto Firmware Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}"=PHOTOfunSTUDIO -viewer-
"{A1960A82-DB70-474D-A86B-FA74466103C6}"=Drivers Install For Linksys Easylink Advisor
"{AC76BA86-7AD7-1036-7B44-A81200000003}"=Adobe Reader 8.1.2 - Français
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Assistant de connexion Windows Live
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer
"{BADF6744-3787-48F6-B8C9-4C4995401D65}"=Windows Live Messenger
"{C191BE7C-8542-4A61-973A-714EF76C5995}"=Logitech QuickCam Software
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}"=Windows Live installer
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"AVG8Uninstall"=AVG Free 8.0
"EasyLinkAdvisor"=Linksys EasyLink Advisor 1.6 (0044)
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"Lexmark 6500 Series"=Lexmark 6500 Series
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"QcDrv"=Programme de gestion Camera de Logitech®
"Samsung_SMP4"=Samsung Video Codec 1.1 Uninstall
"SamsungCamCorderDriver"=Samsung CamCorder Driver
"SolSuite_is1"=SolSuite 2007 v7.11
"umkqbydmhe"=RON Tool Offersfortoday
"VLC media player"=VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Lecteur Windows Media 10
"Windows XP Service"=Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2008-07-16 22:28:20 | Computer Name = COMPAQ-DESKTOP | Source = MsiInstaller | ID = 1013
Description = Produit : Adobe Reader 8.1.0 - Français -- Le programme d'installation
a détecté qu'un produit plus fiable est déjà installé. Le programme d'installation
va maintenant se fermer.

Error - 2008-07-22 21:54:05 | Computer Name = COMPAQ-DESKTOP | Source = Application Hang | ID = 1002
Description = Application bloquée PowerDVD.exe, version 7.0.2509.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2008-07-22 21:55:22 | Computer Name = COMPAQ-DESKTOP | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 370136514.

Error - 2008-09-21 17:50:25 | Computer Name = COMPAQ-DESKTOP | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16705, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 2008-10-18 16:04:44 | Computer Name = COMPAQ-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2008-10-18 16:06:29 | Computer Name = COMPAQ-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2008-10-18 16:07:29 | Computer Name = COMPAQ-DESKTOP | Source = Service Control Manager | ID = 7001
Description = Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a
pas pu démarrer en raison de l'erreur : %%31

Error - 2008-10-18 16:07:29 | Computer Name = COMPAQ-DESKTOP | Source = Service Control Manager | ID = 7001
Description = Le service Client DNS dépend du service Pilote du protocole TCP/IP
qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 2008-10-18 16:07:29 | Computer Name = COMPAQ-DESKTOP | Source = Service Control Manager | ID = 7001
Description = Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a
pas pu démarrer en raison de l'erreur : %%31

Error - 2008-10-18 16:07:29 | Computer Name = COMPAQ-DESKTOP | Source = Service Control Manager | ID = 7001
Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas
pu démarrer en raison de l'erreur : %%31

Error - 2008-10-18 16:07:29 | Computer Name = COMPAQ-DESKTOP | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : AFD AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 2008-10-18 16:08:34 | Computer Name = COMPAQ-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman
avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2008-10-18 16:57:04 | Computer Name = COMPAQ-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2008-10-27 11:09:27 | Computer Name = COMPAQ-DESKTOP | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 24.202.138.114 pour la carte réseau dont l'adresse
réseau est 0004233FFD9E a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé
un message DHCPNACK).


< End of report >





Monday, October 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 27, 2008 18:44:53
Records in database: 1351726


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
F:\

Scan statistics
Files scanned 66863
Threat name 3
Infected objects 3
Suspicious objects 0
Duration of the scan 01:17:35

File name Threat name Threats count
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3IVEACDJ\index[1].js Infected: Trojan-Downloader.JS.Agent.cln 1

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DPB3SY82\9llCJ4amiU[1].exe Infected: Trojan-Downloader.Win32.Obfuscated.dvy 1

C:\WINDOWS\system32\nofydmvm.exe Infected: Trojan.Win32.Obfuscated.gx 1


Kaspersky found some bad stuff...

OTViewIt logfile created on: 2008-10-27 14:41:03 - Run
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1015,46 Mb Total Physical Memory | 395,34 Mb Available Physical Memory | 38,93% Memory free
1,26 Gb Paging File | 0,72 Gb Available in Paging File | 57,02% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 63,03 Gb Free Space | 84,58% Space Free | Partition Type: NTFS
Drive D: | 109,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQ-DESKTOP
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005-12-09 15:37:42 | 00,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
[2008-10-14 19:26:19 | 00,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jetujmtg\lihkhmdi.exe
[2007-06-11 21:53:44 | 00,455,600 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
[2007-06-01 16:06:09 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
[2008-09-29 16:54:30 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2007-10-11 08:45:52 | 00,031,232 | ---- | M] (ArcSoft) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
[2004-11-01 17:22:22 | 00,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe
[2008-09-16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2007-10-11 08:45:56 | 00,051,712 | ---- | M] (ArcSoft) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
[2005-12-09 15:32:18 | 00,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
[2008-08-29 17:07:55 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2007-05-29 14:06:20 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfserv.exe
[2007-05-29 14:06:44 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcoms.exe
[2005-08-08 00:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[2004-08-10 23:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008-07-04 11:10:04 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008-08-29 17:07:59 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2008-08-23 01:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007-09-20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008-10-27 14:40:10 | 00,607,640 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Administrateur\Bureau\xpiinstall.exe
[2008-10-27 14:36:12 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007-10-11 08:45:56 | 00,051,712 | ---- | M] (ArcSoft) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
[2007-04-13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008-08-29 17:07:59 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008-08-29 17:07:55 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2007-04-13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005-12-09 15:37:42 | 00,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2007-05-29 14:06:20 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfserv.exe -- (lxdfCATSCustConnectService [Auto | Running])
[2007-05-29 14:06:44 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcoms.exe -- (lxdf_device [Auto | Running])
[2003-07-28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005-08-08 00:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
[2008-04-05 15:50:58 | 00,306,432 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
[2004-08-10 23:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007-10-25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services ==========

[2003-03-13 19:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2005-02-23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc [On_Demand | Running])
[2008-08-29 17:07:53 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008-07-04 11:10:04 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008-07-04 11:10:41 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2005-12-16 04:53:50 | 00,058,624 | R--- | M] (Samsung electronics, Inc) -- C:\WINDOWS\system32\drivers\CamAv.sys -- (CamAv [On_Demand | Stopped])
[2005-07-19 20:23:29 | 00,011,648 | R--- | M] (Samsung electronics, Inc) -- C:\WINDOWS\system32\drivers\CamFlt.sys -- (CAMFLT [On_Demand | Stopped])
[2006-01-12 17:27:48 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2005-12-05 19:28:40 | 00,014,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
[2005-06-21 18:12:34 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008-04-13 22:05:15 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2005-12-09 15:35:54 | 02,174,464 | ---- | M] () -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap [On_Demand | Stopped])
[2005-12-09 15:37:42 | 02,400,256 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv [On_Demand | Stopped])
[2005-12-05 19:26:56 | 02,010,240 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt [On_Demand | Stopped])
[2005-12-09 15:37:42 | 00,016,768 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon [On_Demand | Running])
[2005-12-05 19:26:18 | 00,039,424 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2005-12-05 19:28:34 | 01,103,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Stopped])
[2008-02-18 17:29:16 | 00,096,256 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Running])
[2006-06-05 04:39:56 | 00,024,064 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
[2004-08-05 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007-11-13 06:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003-05-27 18:05:42 | 00,578,304 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2008-04-13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2007-03-22 12:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro [Auto | Running])
[2007-03-22 12:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://sympatico.msn.ca/defaultf.aspx

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://sympatico.msn.ca/defaultf.aspx

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (267207 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9252 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"=C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"Lexmark 6500 Series Fax Server"="C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s ()
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation (Logitech Inc.)
"lxdfamon"="C:\Program Files\Lexmark 6500 Series\lxdfamon.exe" ()
"lxdfmon.exe"="C:\Program Files\Lexmark 6500 Series\lxdfmon.exe" ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (Linksys, a Division of Cisco Systems, Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (Linksys, a Division of Cisco Systems, Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"HJYtA1pApA"=C:\Documents and Settings\All Users\Application Data\jetujmtg\lihkhmdi.exe -- [2008-10-14 19:26:19 | 00,061,440 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-01 17:22:12 | 01,377,576 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007-04-19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-13 22:34:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-13 22:34:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 22:34:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-13 22:34:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1177238915-1563985344-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/pub/shock...director/sw.cab -- Shockwave ActiveX Control
{18C3FD15-74F6-4280-9C98-3590C966B7B8}: http://www.worldwinner.com/games/v47/skillgam/skillgam.cab -- SkillGam Control
{1A1F56AA-3401-46F9-B277-D57F3421F821}: http://www.worldwinner.com/games/v47/share...GamesLoader.cab -- FunGamesLoader Object
{2C153C75-8476-434B-B3C3-57B63A3D1939}: http://www.worldwinner.com/games/v48/brickout/brickout.cab -- Brickout Control
{33E54F7F-561C-49E6-929B-D7E76D3AFEB1}: http://www.worldwinner.com/games/v50/pool/pool.cab -- Pool Control
{41D1977F-4161-4720-800F-EA4903983A38}: http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab -- Jigsaw Genius Control
{42FDC231-A411-45F8-B8B6-3B5026111DA8}: http://www.worldwinner.com/games/v46/solit...litairerush.cab -- SolitaireRush Control
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab -- MSN Photo Upload Tool
{58FC4C77-71C2-4972-A8CD-78691AD85158}: http://www.worldwinner.com/games/v63/bjattack/bja.cab -- BJA Control
{615F158E-D5CA-422F-A8E7-F6A5EED7063B}: http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab -- Bejeweled Control
{61900274-3323-4446-BDCD-91548D32AF1B}: http://www.worldwinner.com/games/v56/spide...ersolitaire.cab -- SpiderSolitaire Control
{62969CF2-0F7A-433B-A221-FD8818C06C2F}: http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab -- Blockwerx Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1196207815890 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1206385181937 -- MUWebControl Class
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}: http://www.worldwinner.com/games/shared/wwlaunch.cab -- Wwlaunch Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{97438FE9-D361-4279-BA82-98CC0877A717}: http://www.worldwinner.com/games/v57/cubis/cubis.cab -- Cubis Control
{A91FB93D-7561-4524-8484-5C27C8FA8D42}: http://www.worldwinner.com/games/v49/luxor/luxor.cab -- WwLuxor Control
{AC2881FD-5760-46DB-83AE-20A5C6432A7E}: http://www.worldwinner.com/games/v67/swapit/swapit.cab -- SwapIt Control
{BA94245D-2AA0-4953-9D9F-B0EE4CC02C43}: http://www.worldwinner.com/games/v42/tilecity/tilecity.cab -- Tilecity Control
{BB637307-92FA-47EC-B3F7-6969078673CC}: http://www.worldwinner.com/games/v45/royal/royal.cab -- Royal Control
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10

========== (O17) DNS Name Servers ==========

{C1BC2976-BE2E-4D64-844B-AE61B9076D7E} (Servers: | Description: )
{EE991993-9EBE-4182-A6F3-C27937F708F8} (Servers: | Description: Intel® PRO/100 VE Network Connection)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008-07-04 11:10:10 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007-11-27 19:28:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autorun.inf [[autorun] | open=setup.exe | label=Linksys WRT54G | icon=setup.exe,0 | ]
[2007-05-16 22:16:49 | 00,000,067 | R--- | M] () -- D:\Autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d1b6fc2-9d14-11dc-838d-806d6172696f}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d1b6fc2-9d14-11dc-838d-806d6172696f}\Shell\AutoRun\command]
""=D:\setup.exe -- [2007-05-23 12:26:46 | 00,102,064 | R--- | M] (Cisco Systems, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2008-10-27 14:42:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008-10-27 14:41:04 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008-10-27 14:40:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Sun
[2008-10-27 14:39:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla
[2008-10-27 14:39:17 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2008-10-27 14:36:11 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTViewIt.exe
[2008-10-27 14:15:51 | 92,254,208 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\cjb6500en.exe
[2008-10-27 11:03:50 | 00,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Linksys EasyLink Advisor.lnk
[2008-10-27 11:03:10 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrateur\Application Data\GTek
[2008-10-27 11:01:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008-10-27 11:01:22 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\GTek
[2008-10-27 11:01:22 | 00,000,000 | ---D | C] -- C:\Program Files\Linksys EasyLink Advisor
[2008-10-25 01:13:15 | 07,606,832 | ---- | C] (Mozilla) -- C:\Firefox Setup 3.0.3.exe
[2008-10-23 19:30:32 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008-10-19 09:14:22 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\nofydmvm.exe
[2008-10-18 15:34:48 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\nuzqbybi.exe
[2008-10-18 14:16:40 | 00,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-10-15 18:32:21 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008-10-15 18:31:23 | 00,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-10-14 19:26:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\jetujmtg
[2008-10-14 19:25:58 | 00,079,085 | ---- | C] () -- C:\WINDOWS\System32\umkqbydmhe.exe
[2008-10-14 19:19:38 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008-10-14 19:18:55 | 01,846,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008-10-14 19:18:27 | 02,147,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008-10-14 19:18:27 | 02,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008-10-14 19:18:26 | 02,191,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008-10-14 19:18:26 | 02,025,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008-10-10 17:00:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Panasonic
[2008-09-29 19:01:47 | 00,385,024 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\république.doc
[2008-09-29 17:26:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2008-10-27 14:39:17 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2008-10-27 14:36:12 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTViewIt.exe
[2008-10-27 14:15:59 | 92,254,208 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\cjb6500en.exe
[2008-10-27 11:23:26 | 29,339,311 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008-10-27 11:23:26 | 00,088,958 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008-10-27 11:03:50 | 00,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Linksys EasyLink Advisor.lnk
[2008-10-25 12:59:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-10-25 11:06:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008-10-25 11:05:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008-10-25 11:05:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008-10-25 01:25:47 | 04,310,958 | -H-- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2008-10-25 01:13:16 | 07,606,832 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.0.3.exe
[2008-10-24 20:20:32 | 00,000,315 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Hotmail.url
@Alternate Data Stream - 3638 bytes -> C:\Documents and Settings\Administrateur\Bureau\Hotmail.url:favicon
[2008-10-24 19:21:38 | 00,000,117 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\La famille Marquis - Proulx.url
[2008-10-19 09:14:22 | 00,077,824 | ---- | M] () -- C:\WINDOWS\System32\nofydmvm.exe
[2008-10-18 20:10:11 | 00,000,604 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Mes dossiers de partage.lnk
[2008-10-18 16:50:40 | 00,267,207 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008-10-18 15:34:48 | 00,081,920 | ---- | M] () -- C:\WINDOWS\System32\nuzqbybi.exe
[2008-10-18 14:16:40 | 00,000,091 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008-10-15 18:43:42 | 00,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-10-15 18:37:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008-10-15 18:31:24 | 00,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008-10-15 12:35:43 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008-10-15 12:35:43 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008-10-14 19:25:58 | 00,079,085 | ---- | M] () -- C:\WINDOWS\System32\umkqbydmhe.exe
[2008-10-10 17:15:37 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2008-10-09 19:19:25 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008-10-07 15:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008-10-03 13:12:27 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008-10-03 13:12:27 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008-10-02 18:48:34 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Word 2003.lnk
[2008-09-29 19:04:57 | 00,000,268 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Photoshop Express.url
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Administrateur\Bureau\Photoshop Express.url:favicon
[2008-09-29 19:01:47 | 00,385,024 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\république.doc
[2008-09-29 18:24:24 | 00,035,712 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
< End of report >






OTViewIt Extras logfile created on: 2008-10-27 14:41:03 - Run
OTViewIt by OldTimer - Version 1.0.18.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1015,46 Mb Total Physical Memory | 395,34 Mb Available Physical Memory | 38,93% Memory free
1,26 Gb Paging File | 0,72 Gb Available in Paging File | 57,02% Paging File free
Paging file location(s): C:\pagefile.sys 372 744;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 63,03 Gb Free Space | 84,58% Space Free | Partition Type: NTFS
Drive D: | 109,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPAQ-DESKTOP
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-13 22:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008-04-13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007-10-18 11:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-04-13 22:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008-04-13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008-02-01 17:22:12 | 21,898,024 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath
[2007-05-29 14:06:44 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcoms.exe:*:Enabled:Lexmark Communications System
[2007-06-01 16:06:09 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\lxdfamon.exe:*:Enabled:Lexmark Device Monitor
[2007-04-24 23:11:42 | 00,024,576 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\frun.exe:*:Enabled:Lexmark Productivity Studio
[2007-02-05 23:07:14 | 01,171,456 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader
[2007-06-11 21:53:44 | 00,455,600 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\lxdfmon.exe:*:Enabled:Printer Device Monitor
[2007-05-29 14:06:11 | 00,295,856 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe:*:Enabled:Printer Status Window Interface
[2007-05-29 14:06:34 | 00,082,864 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe:*:Enabled:Lexmark Connect Time Executable
[2007-06-11 21:56:06 | 00,746,416 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\LXDFFax.exe:*:Enabled:Fax Solutions Software
[2007-05-29 14:06:15 | 00,398,256 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe:*:Enabled:Job Status Window Interface
[2008-08-29 16:37:39 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008-08-29 17:07:59 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2007-10-18 11:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008-08-23 01:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2007-05-29 14:06:38 | 00,140,208 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfwbgw.exe:*:Enabled:Lexmark Web Gateway
[2007-06-11 21:58:01 | 03,871,664 | ---- | M] () -- C:\Program Files\Lexmark 6500 Series\Wireless\lxdfwpss.exe:*:Enabled:
[2007-05-29 14:06:40 | 00,365,488 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcfg.exe:*:Enabled:Printer Communication System

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005-09-20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008-07-04 11:10:38 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-10-18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005-09-20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005-09-20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000-04-19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-10-18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-03-14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007-05-10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008-02-01 17:22:12 | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007-04-19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{111A3D14-7596-43B0-92BA-418435C90672}"=Intel® PRO Network Connections
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}"=Ulead Photo Express 5 SE
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{497A1721-088F-41EF-8876-B43C9DA5528B}"=ArcSoft Software Suite
"{5888428E-699C-4E71-BF71-94EE06B497DA}"=TuneUp Utilities 2008
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}"=LG ODD Auto Firmware Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}"=PHOTOfunSTUDIO -viewer-
"{A1960A82-DB70-474D-A86B-FA74466103C6}"=Drivers Install For Linksys Easylink Advisor
"{AC76BA86-7AD7-1036-7B44-A81200000003}"=Adobe Reader 8.1.2 - Français
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Assistant de connexion Windows Live
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer
"{BADF6744-3787-48F6-B8C9-4C4995401D65}"=Windows Live Messenger
"{C191BE7C-8542-4A61-973A-714EF76C5995}"=Logitech QuickCam Software
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}"=Windows Live installer
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"AVG8Uninstall"=AVG Free 8.0
"EasyLinkAdvisor"=Linksys EasyLink Advisor 1.6 (0044)
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"Lexmark 6500 Series"=Lexmark 6500 Series
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"QcDrv"=Programme de gestion Camera de Logitech®
"Samsung_SMP4"=Samsung Video Codec 1.1 Uninstall
"SamsungCamCorderDriver"=Samsung CamCorder Driver
"SolSuite_is1"=SolSuite 2007 v7.11
"umkqbydmhe"=RON Tool Offersfortoday
"VLC media player"=VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Lecteur Windows Media 10
"Windows XP Service"=Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2008-07-16 22:28:20 | Computer Name = COMPAQ-DESKTOP | Source = MsiInstaller | ID = 1013
Description = Produit : Adobe Reader 8.1.0 - Français -- Le programme d'installation
a détecté qu'un produit plus fiable est déjà installé. Le programme d'installation
va maintenant se fermer.

Error - 2008-07-22 21:54:05 | Computer Name = COMPAQ-DESKTOP | Source = Application Hang | ID = 1002
Description = Application bloquée PowerDVD.exe, version 7.0.2509.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2008-07-22 21:55:22 | Computer Name = COMPAQ-DESKTOP | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 370136514.

Error - 2008-09-21 17:50:25 | Computer Name = COMPAQ-DESKTOP | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16705, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 2008-10-18 16:04:44 | Computer Name = COMPAQ-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2008-10-18 16:06:29 | Computer Name = COMPAQ-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2008-10-18 16:07:29 | Computer Name = COMPAQ-DESKTOP | Source = Service Control Manager | ID = 7001
Description = Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a
pas pu démarrer en raison de l'erreur : %%31

Error - 2008-10-18 16:07:29 | Computer Name = COMPAQ-DESKTOP | Source = Service Control Manager | ID = 7001
Description = Le service Client DNS dépend du service Pilote du protocole TCP/IP
qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 2008-10-18 16:07:29 | Computer Name = COMPAQ-DESKTOP | Source = Service Control Manager | ID = 7001
Description = Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a
pas pu démarrer en raison de l'erreur : %%31

Error - 2008-10-18 16:07:29 | Computer Name = COMPAQ-DESKTOP | Source = Service Control Manager | ID = 7001
Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas
pu démarrer en raison de l'erreur : %%31

Error - 2008-10-18 16:07:29 | Computer Name = COMPAQ-DESKTOP | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : AFD AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 2008-10-18 16:08:34 | Computer Name = COMPAQ-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman
avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2008-10-18 16:57:04 | Computer Name = COMPAQ-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2008-10-27 11:09:27 | Computer Name = COMPAQ-DESKTOP | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 24.202.138.114 pour la carte réseau dont l'adresse
réseau est 0004233FFD9E a été refusé par le serveur DHCP 0.0.0.0 (celui-ci a envoyé
un message DHCPNACK).


< End of report >





Monday, October 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 27, 2008 18:44:53
Records in database: 1351726


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
F:\

Scan statistics
Files scanned 66863
Threat name 3
Infected objects 3
Suspicious objects 0
Duration of the scan 01:17:35

File name Threat name Threats count
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3IVEACDJ\index[1].js Infected: Trojan-Downloader.JS.Agent.cln 1

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DPB3SY82\9llCJ4amiU[1].exe Infected: Trojan-Downloader.Win32.Obfuscated.dvy 1

C:\WINDOWS\system32\nofydmvm.exe Infected: Trojan.Win32.Obfuscated.gx 1

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:40 AM

Posted 28 October 2008 - 03:25 PM

Hello, Domster.
Do you recognise this file?
C:\Documents and Settings\Administrateur\Bureau\république.doc

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
    "HJYtA1pApA"=-
    :files
    C:\WINDOWS\System32\umkqbydmhe.exe
    C:\Documents and Settings\All Users\Application Data\jetujmtg
    C:\WINDOWS\system32\nofydmvm.exe
    C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DPB3SY82\9llCJ4amiU[1].exe
    C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3IVEACDJ\index[1].js
    :commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
In your next reply, please include the following:
  • OTMoveIt3's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Domster

Domster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 28 October 2008 - 08:45 PM

Yes, I recognise C:\Documents and Settings\Administrateur\Bureau\république.doc



========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\HJYtA1pApA deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\umkqbydmhe.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\jetujmtg moved successfully.
C:\WINDOWS\system32\nofydmvm.exe moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DPB3SY82\9llCJ4amiU[1].exe moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3IVEACDJ\index[1].js moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10282008_213731

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_1b0.dat not found!






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:09, on 2008-10-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdfserv.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrateur\Mes documents\Dominic\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v46/solit...litairerush.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} (SpiderSolitaire Control) - http://www.worldwinner.com/games/v56/spide...ersolitaire.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196207815890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1206385181937
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9151 bytes




Thank you!

Edited by Domster, 28 October 2008 - 08:46 PM.


#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:40 AM

Posted 28 October 2008 - 09:47 PM

Hello, Domster.
That looks better. How are things running?

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Domster

Domster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 29 October 2008 - 03:54 PM

The computer's running fine. ''lihkhmdi.exe'' used to cause problems at computer shut down (had to manualy terminate it) but the problem's gone since OTMoveIt3 moved it.


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3566 (20081029)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=dba7a08df86d914eb70469ccef12991c
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-29 08:32:16
# local_time=2008-10-29 04:32:16 (-0500, Est (heure d'été))
# country="Canada"
# osver=5.1.2600 NT Service Pack 3
# scanned=140709
# found=2
# scan_time=2191
C:\_OTMoveIt\MovedFiles\10282008_213731\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DPB3SY82\9llCJ4amiU[1].exe Win32/TrojanDownloader.FakeAlert.IQ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\10282008_213731\Documents and Settings\All Users\Application Data\jetujmtg\lihkhmdi.exe Win32/TrojanDownloader.FakeAlert.IQ trojan (unable to clean - deleted) 00000000000000000000000000000000

Thank you once more!

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:40 AM

Posted 29 October 2008 - 08:22 PM

Hello, Domster.
Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Domster

Domster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:40 AM

Posted 29 October 2008 - 08:39 PM

Thank you very much for your help and suggestions!

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:40 AM

Posted 01 November 2008 - 09:45 PM

Hello, Domster.
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users