Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results redirecting to exit.travelsense-search.com


  • This topic is locked This topic is locked
51 replies to this topic

#1 smigo

smigo

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 10 September 2009 - 11:58 AM

Hi,

I am sure i have malware or a virus somewhere in my system. On google search, when i click on the results i get redirected to hxxp://exit.travelsense-search.com
When i go back to the search results all the results seem to be higlighted as if i have already visited each and every website.


Before all this when i would switch my pc on everything would function normally but as soon as i start firefox (default browser) the BSOD would appear but after googling i came across few who said it could be a Flash problem so i unistalled it..now it seems to work fine

Couple of days back Avast had detected some virus in the startup or startup memory not sure which ..I think it was called mondo something but after a complete boot scan it deleted the virus.

I have tried D.D.S but it does not seem to generate any reports for me. I can just see the black dos window with the instruction and i have waited for more than an hour but nothing. I tried switching off Ad-watch live & Avast anti virus still does not generate anything.

I read on the forums that if DDS does not work i can post Hijackthis which works for now

Also i use an ADSL router (Netgear) for my internet connection and i never use the windows firewall. I have switched it on after this issue.
Also I am in France for the moment so my OS is in French. i hope thats not the problem to the D.D.S and i hope someone can still help me out there.


Hijackthis !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:55, on 10/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\cscript.exe
C:\Documents and Settings\Darty-Jp\Bureau\dds.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cscript.exe
C:\Program Files\AvaFind\AvaFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\7eOmkM2m.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Messenger Backup\Messenger Backup (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 12877 bytes

Attached Files


Edited by Orange Blossom, 10 September 2009 - 03:26 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 smigo

smigo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 10 September 2009 - 03:59 PM

Just an update ... i did manage to get DDS working in Safe mode but it still does not generate anything in normal mode with AV, Adware and Internet shut off..so i hope the DSS log from the Safe mode will do.. Below is the DDS log and i have attached the Attach.txt in zip form as mentioned in the instructions. Tried RootRepeal but it seems to freeze/hang mid way.. will try it later on if needed by the mods

DDS (Ver_09-07-30.01) - NTFSx86 MINIMAL
Run by Darty-Jp at 22:23:39,26 on 10/09/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3070.2737 [GMT 2:00]

AV: avast! antivirus 4.8.1351 [VPS 090910-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Darty-Jp\Bureau\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: solution Class: {99c6d1bb-7555-474c-91da-d8fb62a9cc75} - c:\windows\system32\7eOmkM2m.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\fichiers communs\ahead\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CHotkey] zHotkey.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [amd_dc_opt] "c:\program files\amd\amd_dc_opt\amd_dc_opt.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [nmctxth] "c:\program files\fichiers communs\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Power2GoExpress] NA
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9d.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter au fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\messenger backup\Messenger Backup
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\program files\bitcomet\tools\BitCometBHO_1.1.7.4.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: plaxo.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\fichiers communs\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\darty-jp\applic~1\mozilla\firefox\profiles\fxbnhja4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google (Language: EN)
FF - component: c:\documents and settings\darty-jp\application data\mozilla\firefox\profiles\fxbnhja4.default\extensions\{e0c7b854-d5ce-4db6-9804-be1438603d89}\components\FFAlert.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\darty-jp\application data\mozilla\firefox\profiles\fxbnhja4.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-10 64160]
R0 MFX;MFX; [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-11-19 31744]
S0 kl1;kl1;c:\windows\system32\drivers\kl1.sys --> c:\windows\system32\drivers\kl1.sys [?]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-2 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-2 20560]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-2 138680]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2007-4-23 336944]
S2 xwoarh;xwoarh;c:\windows\system32\drivers\xwoarh.sys [2009-9-9 175616]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-7-11 93696]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-2 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-2 352920]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-1-25 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-1-25 8320]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 USRWGU(USR);USRobotics Wireless USB Adapter(USR);c:\windows\system32\drivers\USRWGU.sys [2007-8-3 408064]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\windows\system32\drivers\vpnva.sys [2007-4-23 24176]

=============== Created Last 30 ================

2009-09-10 16:14 <DIR> --d----- c:\program files\Trend Micro
2009-09-10 16:13 812,344 a------- C:\HJTInstall.exe
2009-09-10 14:30 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-10 12:57 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-10 12:25 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-10 12:24 <DIR> --d----- c:\program files\Lavasoft
2009-09-09 16:03 184 a------- c:\windows\system32\conf.xml
2009-09-09 10:07 175,616 a--s---- c:\windows\system32\drivers\xwoarh.sys
2009-08-26 15:40 <DIR> --d----- c:\program files\iPod
2009-08-26 15:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-26 15:38 <DIR> --d----- c:\program files\Bonjour
2009-08-26 15:34 2,060,288 a------- c:\windows\system32\usbaaplrc.dll

==================== Find3M ====================

2009-08-07 16:03 174,038 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1036.dat
2009-06-26 11:43 513,194 a------- c:\windows\system32\perfh00C.dat
2009-06-26 11:43 86,040 a------- c:\windows\system32\perfc00C.dat
2008-11-23 12:31 22,328 a------- c:\docume~1\darty-jp\applic~1\PnkBstrK.sys
2007-05-02 21:11 32 ac---r-- c:\documents and settings\all users\hash.dat
2006-12-01 20:33 1 ac------ c:\documents and settings\darty-jp\SI.bin
2006-10-08 20:54 0 ac------ c:\docume~1\darty-jp\applic~1\wklnhst.dat
2008-10-17 19:37 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\historique\history.ie5\mshist012008101720081018\index.dat
2008-01-16 20:51 44,678,176 ac-sh--- c:\windows\system32\drivers\fidbox.dat
2008-01-16 20:51 2,544,160 ac-sh--- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 22:24:33,29 ===============

Attached Files



#3 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:35 AM

Posted 24 September 2009 - 11:12 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Shannon

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:35 AM

Posted 01 October 2009 - 01:30 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:35 AM

Posted 01 October 2009 - 07:57 PM

Reopened at request of topic starter. :(
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 smigo

smigo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 02 October 2009 - 05:11 AM

On google search, when i click on the results i get redirected to hxxp://exit.travelsense-search.com
When i go back to the search results all the results seem to be higlighted as if i have already visited each and every website.

When i open Firefox or IE i get this message Network sheild: Blocked access to malicious site electronicssense-search.com/conf1.php

Before all this when i would switch my pc on everything would function normally but as soon as i start firefox (default browser) the BSOD would appear but after googling i came across few who said it could be a Flash problem so i unistalled it..now it seems to work fine

DDS dont run for me on windows in normal mode, it dosent generate any report at all ,so i tried it running in safe mode and it works cool. Same goes for Rootrepeal , it just hangs in the middle in normal mode, but in safe mode it completed.

Also I am in France for the moment so my OS is in French. Also attached a report of root repeal

See below contents of DDS:

DDS (Ver_09-09-29.01) - NTFSx86 MINIMAL
Run by Darty-Jp at 11:37:26,20 on 02/10/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3070.2738 [GMT 2:00]

AV: avast! antivirus 4.8.1351 [VPS 091001-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Darty-Jp\Bureau\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\progra~1\flashget\jccatch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: solution Class: {99c6d1bb-7555-474c-91da-d8fb62a9cc75} - c:\windows\system32\7eOmkM2m.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\fichiers communs\ahead\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CHotkey] zHotkey.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [amd_dc_opt] "c:\program files\amd\amd_dc_opt\amd_dc_opt.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [nmctxth] "c:\program files\fichiers communs\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Power2GoExpress] NA
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9d.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter au fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\messenger backup\Messenger Backup
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\program files\bitcomet\tools\BitCometBHO_1.1.7.4.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: plaxo.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\fichiers communs\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - No File
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\darty-jp\applic~1\mozilla\firefox\profiles\fxbnhja4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google (Language: EN)
FF - plugin: c:\documents and settings\darty-jp\application data\mozilla\firefox\profiles\fxbnhja4.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-10 64160]
R0 MFX;MFX; [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2006-11-19 31744]
S0 kl1;kl1;c:\windows\system32\drivers\kl1.sys --> c:\windows\system32\drivers\kl1.sys [?]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-2 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-2 20560]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-2 138680]
S2 drupalApache;drupalApache;c:\progra~1\drupal~1\apache2\bin\httpd.exe [2009-9-15 24636]
S2 drupalMySQL;drupalMySQL;c:\program files\drupal 6 stack\mysql\bin\mysqld.exe [2009-9-15 6447744]
S2 xwoarh;xwoarh;c:\windows\system32\drivers\xwoarh.sys [2009-9-9 175616]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-7-11 93696]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-2 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-2 352920]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-1-25 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-1-25 8320]
S3 USRWGU(USR);USRobotics Wireless USB Adapter(USR);c:\windows\system32\drivers\USRWGU.sys [2007-8-3 408064]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\windows\system32\drivers\vpnva.sys --> c:\windows\system32\drivers\vpnva.sys [?]

=============== Created Last 30 ================

2009-09-30 13:47 44,403 a------- C:\logo.miff
2009-09-24 23:46 <DIR> --d----- c:\program files\Game Graphic Studio
2009-09-17 19:39 754 a------- c:\windows\WORDPAD.INI
2009-09-16 20:08 <DIR> --d----- c:\documents and settings\darty-jp\BitNami Drupal 6 Stack projects
2009-09-15 16:25 <DIR> --d----- c:\program files\Drupal 6 Stack
2009-09-10 16:14 <DIR> --d----- c:\program files\Trend Micro
2009-09-10 14:30 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-10 12:57 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-10 12:25 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-10 12:24 <DIR> --d----- c:\program files\Lavasoft
2009-09-09 16:03 184 a------- c:\windows\system32\conf.xml
2009-09-09 10:07 175,616 a--s---- c:\windows\system32\drivers\xwoarh.sys

==================== Find3M ====================

2009-08-07 16:03 174,038 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1036.dat
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2008-11-23 12:31 22,328 a------- c:\docume~1\darty-jp\applic~1\PnkBstrK.sys
2007-05-02 21:11 32 ac---r-- c:\documents and settings\all users\hash.dat
2006-12-01 20:33 1 ac------ c:\documents and settings\darty-jp\SI.bin
2006-10-08 20:54 0 ac------ c:\docume~1\darty-jp\applic~1\wklnhst.dat
2008-10-17 19:37 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\historique\history.ie5\mshist012008101720081018\index.dat
2008-01-16 20:51 44,678,176 ac-sh--- c:\windows\system32\drivers\fidbox.dat
2008-01-16 20:51 2,544,160 ac-sh--- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 11:38:22,20 ===============

Attached Files



#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:35 AM

Posted 06 October 2009 - 04:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Please also run a scan with malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

As well as gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

Please post back with the logs from OTL, Malwarebytes and gmer in your next reply.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 smigo

smigo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 06 October 2009 - 10:29 AM

On google search, when i click on the results i get redirected to hxxp://exit.travelsense-search.com most of the time or some other ad website like coquins.com
When i go back to the search results all the results seem to be higlighted as if i have already visited each and every website.

When i open Firefox or IE i get this message Network sheild: Blocked access to malicious site electronicssense-search.com/conf1.php

OtL did not run on normal mode so i ran it on SAfe mode which worked well. Mbam also hung mid way during the scan process and i could not kill it off task manager so i scanned it via safe mode which worked.

To my luck gmer did run well on normal mode. I have pasted below all the logs . For convenience I have also attached all of them in a zip file (see attached all logs.zip)

Also the entries - O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 127.0.0.1
O1 - Hosts: 127.0.0.1 testsite1

are legal entries created by me in the hosts file in system32 for testing Drupal.

OTL Logs


OTL logfile created on: 06/10/2009 13:09:50 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Darty-Jp\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33,33 Gb Total Space | 7,90 Gb Free Space | 23,70% Space Free | Partition Type: NTFS
Drive D: | 3,25 Gb Total Space | 2,46 Gb Free Space | 75,81% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 97,64 Gb Total Space | 21,39 Gb Free Space | 21,91% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 48,83 Gb Total Space | 36,35 Gb Free Space | 74,45% Space Free | Partition Type: NTFS
Drive L: | 48,83 Gb Total Space | 2,54 Gb Free Space | 5,21% Space Free | Partition Type: NTFS
Drive N: | 98,61 Gb Total Space | 9,32 Gb Free Space | 9,45% Space Free | Partition Type: FAT32
Drive Q: | 51,39 Gb Total Space | 10,24 Gb Free Space | 19,92% Space Free | Partition Type: NTFS

Computer Name: MELWYN
Current User Name: Darty-Jp
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/09/24 12:57:13 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2004/08/05 21:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2008/04/14 04:34:28 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/14 04:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/10/06 11:48:36 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Darty-Jp\Bureau\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/14 04:33:18 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 17:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Stopped])
SRV - [2008/10/29 04:09:10 | 00,585,728 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2008/10/28 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/08/17 18:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Stopped])
SRV - [2009/08/17 18:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/08/17 18:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/12/10 01:10:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Drupal 6 Stack\apache2\bin\httpd.exe -- (drupalApache [Auto | Stopped])
SRV - [2008/11/15 06:53:13 | 06,447,744 | ---- | M] () -- C:\Program Files\Drupal 6 Stack\mysql\bin\mysqld.exe -- (drupalMySQL [Auto | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/01/04 03:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 04:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2009/09/24 12:57:13 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found -- -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/09/14 19:38:42 | 00,648,488 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Stopped])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2006/04/29 20:41:29 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Stopped])
SRV - [2008/11/11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2006/11/03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/08/17 18:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Stopped])
DRV - [2007/04/25 16:20:48 | 04,030,144 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
DRV - [2001/08/18 04:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 20:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2005/03/09 15:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Stopped])
DRV - [2006/06/27 15:24:16 | 00,031,744 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\System32\DRIVERS\AmdTools.sys -- (AmdTools [On_Demand | Running])
DRV - [2001/08/18 04:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/18 04:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2005/11/21 07:48:21 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Stopped])
DRV - [2009/08/17 18:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Stopped])
DRV - [2009/08/17 18:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Stopped])
DRV - [2009/08/17 18:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])
DRV - [2009/08/17 18:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Stopped])
DRV - [2009/08/17 18:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Stopped])
DRV - [2008/10/29 05:10:58 | 03,341,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2008/05/21 01:53:36 | 00,093,696 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Stopped])
DRV - [2001/08/24 00:04:44 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/18 04:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2006/10/09 19:07:35 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/07/15 17:17:42 | 00,051,120 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/07/15 17:17:42 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/07/15 17:17:42 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/07/23 00:40:58 | 00,013,440 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV - [2005/07/23 00:41:08 | 00,055,040 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\L8042mou.sys -- (L8042mou [On_Demand | Stopped])
DRV - [2009/07/03 16:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2005/07/23 00:41:46 | 00,026,112 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Running])
DRV - [2005/07/23 00:41:42 | 00,068,864 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LMouKE.sys -- (LMouKE [On_Demand | Running])
DRV - File not found -- -- (MFX [Boot | Running])
DRV - [2001/08/18 04:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2001/08/18 06:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\DRIVERS\mxnic.sys -- (mxnic [On_Demand | Stopped])
DRV - [2008/09/15 08:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008/09/15 08:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2008/02/01 16:17:12 | 00,138,112 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu [On_Demand | Stopped])
DRV - [2008/02/01 16:17:06 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc [On_Demand | Stopped])
DRV - [2005/07/29 17:11:02 | 00,034,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Stopped])
DRV - [2005/07/29 17:11:04 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Stopped])
DRV - [2004/03/26 10:55:12 | 00,091,241 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\P1131Vid.sys -- (P1131VID [On_Demand | Stopped])
DRV - [2008/09/14 19:36:56 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\pnarp.sys -- (pnarp [Auto | Stopped])
DRV - [2004/05/05 21:48:40 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [System | Stopped])
DRV - [2004/08/05 21:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Stopped])
DRV - [2008/09/14 19:36:54 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\purendis.sys -- (purendis [Auto | Stopped])
DRV - [2008/11/20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/18 04:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/18 04:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/18 04:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/04/09 14:27:07 | 00,031,548 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Stopped])
DRV - [2006/05/15 15:59:04 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE26bus.sys -- (SE26bus [On_Demand | Stopped])
DRV - [2006/05/01 13:48:56 | 00,009,360 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE26mdfl.sys -- (SE26mdfl [On_Demand | Stopped])
DRV - [2006/05/01 13:49:00 | 00,097,184 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE26mdm.sys -- (SE26mdm [On_Demand | Stopped])
DRV - [2006/05/01 13:49:50 | 00,088,688 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE26mgmt.sys -- (SE26mgmt [On_Demand | Stopped])
DRV - [2006/05/01 13:47:30 | 00,018,704 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se26nd5.sys -- (se26nd5 [On_Demand | Stopped])
DRV - [2006/05/01 13:50:40 | 00,086,560 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE26obex.sys -- (SE26obex [On_Demand | Stopped])
DRV - [2006/05/01 13:47:24 | 00,090,768 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se26unic.sys -- (se26unic [On_Demand | Stopped])
DRV - [2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 20:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/18 05:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2006/10/09 19:04:55 | 00,664,064 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2001/08/18 05:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/18 05:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/18 05:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/18 05:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2008/06/20 13:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Stopped])
DRV - [2001/08/18 04:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2008/09/15 08:56:24 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2009/07/09 12:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 21:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/09/15 08:56:34 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2008/04/13 20:56:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2005/12/29 17:00:38 | 00,408,064 | R--- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\DRIVERS\USRWGU.sys -- (USRWGU(USR) [On_Demand | Stopped])
DRV - [2009/09/09 11:18:48 | 00,175,616 | --S- | M] () -- C:\WINDOWS\System32\Drivers\xwoarh.sys -- (xwoarh [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5026f
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5026f
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5026f
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5026f
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\S-1-5-21-2797797460-190285534-1131222945-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\S-1-5-21-2797797460-190285534-1131222945-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:2.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.6.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {7A074BE0-2326-436d-B473-029FAEBEB5C6}:1.1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3


FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/01/25 23:42:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/21 21:25:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 11:43:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/16 12:11:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/26 23:55:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/26 15:38:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/09/26 23:55:02 | 00,000,000 | ---D | M]

[2008/06/24 23:02:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Darty-Jp\Application Data\mozilla\Extensions
[2008/06/24 23:02:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Darty-Jp\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/05 15:16:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Darty-Jp\Application Data\mozilla\Firefox\Profiles\fxbnhja4.default\extensions
[2009/08/31 14:57:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Darty-Jp\Application Data\mozilla\Firefox\Profiles\fxbnhja4.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/08/31 14:57:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Darty-Jp\Application Data\mozilla\Firefox\Profiles\fxbnhja4.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/08/31 14:57:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Darty-Jp\Application Data\mozilla\Firefox\Profiles\fxbnhja4.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/31 14:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Darty-Jp\Application Data\mozilla\Firefox\Profiles\fxbnhja4.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
[2009/09/18 15:37:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Darty-Jp\Application Data\mozilla\Firefox\Profiles\fxbnhja4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/09/28 19:15:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Darty-Jp\Application Data\mozilla\Firefox\Profiles\fxbnhja4.default\extensions\firebug@software.joehewitt.com
[2009/08/31 14:57:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Darty-Jp\Application Data\mozilla\Firefox\Profiles\fxbnhja4.default\extensions\firefox@tvunetworks.com
[2009/08/31 14:57:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Darty-Jp\Application Data\mozilla\Firefox\Profiles\fxbnhja4.default\extensions\fr@dictionaries.addons.mozilla.org
[2009/08/18 21:46:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Darty-Jp\Application Data\mozilla\Firefox\Profiles\fxbnhja4.default\extensions\searchrecs@veoh.com
[2009/09/10 18:41:32 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Application Data\Mozilla\FireFox\Profiles\fxbnhja4.default\searchplugins\google-language-en.xml
[2008/06/23 21:28:10 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Application Data\Mozilla\FireFox\Profiles\fxbnhja4.default\searchplugins\IMDb.xml
[2008/06/23 21:28:10 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Application Data\Mozilla\FireFox\Profiles\fxbnhja4.default\searchplugins\wikipedia.xml
[2009/09/09 16:03:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/16 12:11:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 22:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 22:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 23:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/05/12 20:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/19 00:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/24 22:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/05/01 23:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/24 20:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 20:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 20:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 20:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 20:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 20:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 20:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (250760 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 127.0.0.1
O1 - Hosts: 127.0.0.1 testsite1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 8744 more lines...
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (solution Class) - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\System32\7eOmkM2m.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-18..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-21-2797797460-190285534-1131222945-1006..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKU\S-1-5-21-2797797460-190285534-1131222945-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe File not found
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe File not found
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll (BitComet)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - File not found
O9 - Extra 'Tools' menuitem : &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 82 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2797797460-190285534-1131222945-1006\..Trusted Domains: 42 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - Reg Error: Key error. File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/24 19:25:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2007/02/04 20:12:46 | 00,000,043 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{3e3d814a-1ee9-11de-989e-0015583e0b2e}\Shell - "" = AutoRun
O33 - MountPoints2\{3e3d814a-1ee9-11de-989e-0015583e0b2e}\Shell\AutoRun\command - "" = G:\start.exe -- File not found
O33 - MountPoints2\{c918db66-86f8-11dd-9782-0015583e0b2e}\Shell\Auto\command - "" = G:\mds.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/14 04:34:21 | 00,023,040 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/10 12:25:18 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/10 12:24:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/09/10 20:10:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Darty-Jp\Application Data\Macromedia
[2009/09/19 15:22:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Darty-Jp\Local Settings\Application Data\Downloaded Installations
[2009/10/04 18:58:13 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Nikon
[2009/09/15 16:25:15 | 00,000,000 | ---D | C] -- C:\Program Files\Drupal 6 Stack
[2009/09/24 23:46:22 | 00,000,000 | ---D | C] -- C:\Program Files\Game Graphic Studio
[2009/09/10 12:24:59 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/09/09 16:03:45 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/09/10 16:14:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/06 11:48:59 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Darty-Jp\Bureau\OTL.exe
[2009/10/01 00:43:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Darty-Jp\Bureau\demos
[2009/09/19 17:43:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Darty-Jp\Mes documents\KONAMI
[2009/09/10 23:22:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Darty-Jp\Bureau\html
[2009/09/10 18:09:40 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Darty-Jp\Bureau\RootRepeal.exe
[2009/09/10 12:57:40 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/10/06 13:07:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/06 13:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2009/10/06 13:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2009/10/06 13:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009/10/06 12:49:08 | 00,058,846 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\CNCTEnglish.pdf
[2009/10/06 12:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2009/10/06 12:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2009/10/06 12:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009/10/06 11:48:36 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Darty-Jp\Bureau\OTL.exe
[2009/10/06 11:40:39 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/06 11:39:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/06 11:38:08 | 00,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/10/05 23:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2009/10/05 23:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2009/10/05 23:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2009/10/05 22:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2009/10/05 22:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2009/10/05 22:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2009/10/05 21:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2009/10/05 21:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2009/10/05 21:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009/10/05 20:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2009/10/05 20:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2009/10/05 20:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009/10/05 19:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2009/10/05 19:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2009/10/05 19:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009/10/05 18:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2009/10/05 18:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2009/10/05 18:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009/10/05 17:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2009/10/05 17:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2009/10/05 17:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009/10/05 16:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2009/10/05 16:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2009/10/05 16:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009/10/05 15:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2009/10/05 15:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2009/10/05 15:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2009/10/04 00:05:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2009/10/03 14:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2009/10/03 14:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2009/10/03 14:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2009/10/03 11:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2009/10/03 11:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2009/10/03 11:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009/10/03 01:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2009/10/03 01:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2009/10/03 01:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009/10/03 00:20:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/10/03 00:19:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2009/10/02 12:10:28 | 00,003,098 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\RootRepeal report 10-02-09 (11-53-25).zip
[2009/10/02 11:38:58 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\settings.dat
[2009/10/02 03:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2009/10/02 03:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2009/10/02 03:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2009/10/02 02:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2009/10/02 02:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2009/10/02 02:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2009/10/01 22:28:29 | 00,157,511 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\booking.JPG
[2009/10/01 17:21:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/01 15:21:21 | 00,148,207 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\edf bill.pdf
[2009/10/01 15:13:14 | 00,012,372 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\visa docs.xlsx
[2009/10/01 13:14:21 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/10/01 12:57:20 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/30 13:47:17 | 00,044,403 | ---- | M] () -- C:\logo.miff
[2009/09/30 13:46:40 | 00,000,468 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\ImageMagick Display.lnk
[2009/09/28 21:05:52 | 00,068,608 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/27 10:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2009/09/27 10:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2009/09/27 10:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009/09/27 09:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2009/09/27 09:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2009/09/27 09:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009/09/27 08:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009/09/27 08:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2009/09/27 08:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2009/09/27 07:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009/09/27 07:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2009/09/27 07:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2009/09/27 06:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2009/09/27 06:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2009/09/27 06:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2009/09/27 05:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2009/09/27 05:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2009/09/27 05:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2009/09/27 04:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2009/09/27 04:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2009/09/27 04:00:00 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2009/09/26 23:54:32 | 00,001,486 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\DivX Movies.lnk
[2009/09/24 22:13:21 | 00,010,817 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\ratp.jpg
[2009/09/23 15:11:23 | 00,861,195 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\lcl reciept.jpg
[2009/09/22 20:20:48 | 00,201,163 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\photo.jpg
[2009/09/21 01:56:16 | 00,009,283 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\Book1.xlsx
[2009/09/21 01:56:06 | 00,009,055 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\expenseafrsal.xlsx
[2009/09/18 15:37:20 | 00,000,184 | ---- | M] () -- C:\WINDOWS\System32\conf.xml
[2009/09/18 01:28:30 | 00,000,545 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\Raccourci vers Drupal 6 Stack.lnk
[2009/09/17 10:59:56 | 00,310,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/16 17:58:10 | 00,077,824 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/16 12:11:10 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2009/09/15 15:20:05 | 00,647,008 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\drupal_cookbook_10_25_2008.pdf
[2009/09/14 00:26:25 | 02,108,456 | -H-- | M] () -- C:\Documents and Settings\Darty-Jp\Local Settings\Application Data\IconCache.db
[2009/09/12 14:03:20 | 00,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2009/09/10 18:09:40 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Darty-Jp\Bureau\RootRepeal.exe
[2009/09/10 16:14:17 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\HijackThis.lnk
[2009/09/10 15:22:12 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Darty-Jp\Bureau\CCleaner.lnk
[2009/09/10 12:25:15 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
[2009/09/09 15:12:27 | 00,001,106 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/09 15:12:27 | 00,000,301 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/09 15:12:27 | 00,000,228 | RHS- | M] () -- C:\boot.ini
[2009/09/09 15:07:07 | 00,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/09 11:18:48 | 00,175,616 | --S- | M] () -- C:\WINDOWS\System32\drivers\xwoarh.sys

========== Files - No Company Name ==========
[2009/10/06 12:49:08 | 00,058,846 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\CNCTEnglish.pdf
[2009/10/02 12:10:28 | 00,003,098 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\RootRepeal report 10-02-09 (11-53-25).zip
[2009/10/02 11:38:58 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\settings.dat
[2009/10/01 22:28:29 | 00,157,511 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\booking.JPG
[2009/10/01 15:21:21 | 00,148,207 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\edf bill.pdf
[2009/10/01 15:13:14 | 00,012,372 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\visa docs.xlsx
[2009/09/30 13:47:17 | 00,044,403 | ---- | C] () -- C:\logo.miff
[2009/09/30 13:46:40 | 00,000,468 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\ImageMagick Display.lnk
[2009/09/26 23:54:32 | 00,001,486 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\DivX Movies.lnk
[2009/09/24 22:08:52 | 00,010,817 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\ratp.jpg
[2009/09/23 13:10:32 | 00,861,195 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\lcl reciept.jpg
[2009/09/22 20:20:47 | 00,201,163 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\photo.jpg
[2009/09/21 01:56:16 | 00,009,283 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\Book1.xlsx
[2009/09/20 14:30:51 | 00,009,055 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\expenseafrsal.xlsx
[2009/09/18 01:28:30 | 00,000,545 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\Raccourci vers Drupal 6 Stack.lnk
[2009/09/17 19:39:33 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/09/15 15:20:05 | 00,647,008 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\drupal_cookbook_10_25_2008.pdf
[2009/09/10 16:14:17 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Bureau\HijackThis.lnk
[2009/09/10 14:30:47 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/09/10 12:57:44 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/10 12:25:15 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
[2009/09/09 16:03:56 | 00,000,184 | ---- | C] () -- C:\WINDOWS\System32\conf.xml
[2009/09/09 16:03:48 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2009/09/09 10:07:37 | 00,175,616 | --S- | C] () -- C:\WINDOWS\System32\drivers\xwoarh.sys
[2009/05/04 15:03:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/04/06 00:07:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CIEL.INI
[2008/12/26 11:20:25 | 01,700,935 | -HS- | C] () -- C:\WINDOWS\System32\iwuyepop.ini
[2008/12/25 23:15:46 | 01,610,020 | -HS- | C] () -- C:\WINDOWS\System32\owejusig.ini
[2008/12/25 11:16:11 | 01,610,020 | -HS- | C] () -- C:\WINDOWS\System32\azutoveh.ini
[2008/12/24 22:12:37 | 00,000,485 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/24 20:48:51 | 01,610,020 | -HS- | C] () -- C:\WINDOWS\System32\ohosiwiw.ini
[2008/12/23 23:33:29 | 01,610,020 | -HS- | C] () -- C:\WINDOWS\System32\abowipop.ini
[2008/12/23 22:33:24 | 01,610,020 | -HS- | C] () -- C:\WINDOWS\System32\imuzufek.ini
[2008/11/23 12:31:07 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Application Data\PnkBstrK.sys
[2008/11/17 23:34:06 | 00,003,982 | ---- | C] () -- C:\WINDOWS\kj01d.sys
[2008/11/17 23:29:15 | 00,000,206 | ---- | C] () -- C:\WINDOWS\z56k2.ini
[2008/05/02 14:03:26 | 00,446,464 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2008/05/02 14:03:26 | 00,000,151 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2008/05/02 13:57:00 | 00,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2008/02/22 14:11:47 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Application Data\$_hpcst$.hpc
[2007/07/18 17:31:11 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\img2pdf.ini
[2007/07/18 17:28:49 | 00,000,493 | ---- | C] () -- C:\WINDOWS\Image2PDF.INI
[2007/07/13 15:22:42 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/21 22:54:49 | 00,000,209 | ---- | C] () -- C:\WINDOWS\System32\CielComponent.ini
[2007/05/06 22:53:32 | 02,108,456 | -H-- | C] () -- C:\Documents and Settings\Darty-Jp\Local Settings\Application Data\IconCache.db
[2007/04/14 01:10:11 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/04/14 01:10:11 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/05 20:15:27 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\Darty-Jp\Local Settings\Application Data\keyfile3.drm
[2007/03/29 23:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/02/19 17:24:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/12/20 12:58:32 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/13 13:09:49 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/05 23:44:50 | 00,094,636 | ---- | C] () -- C:\WINDOWS\dropcpyr.dll
[2006/10/10 17:58:52 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/10/09 23:15:17 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Local Settings\Application Data\fusioncache.dat
[2006/10/09 19:07:35 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/10/09 19:04:55 | 00,664,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/10/09 19:04:55 | 00,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd4253.sys
[2006/10/08 23:10:30 | 00,011,117 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/10/08 20:54:48 | 00,077,824 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/10/08 20:54:48 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Application Data\wklnhst.dat
[2006/10/08 19:37:56 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/10/08 19:34:38 | 00,068,608 | ---- | C] () -- C:\Documents and Settings\Darty-Jp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/04 09:57:43 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Darty-Jp\Application Data\desktop.ini
[2006/04/29 20:38:29 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/04/29 20:37:06 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/04/29 20:37:06 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/04/29 20:37:06 | 00,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/04/29 20:36:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/04/29 20:06:41 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(2).dll
[2005/07/12 15:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/10/25 03:59:59 | 00,002,008 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/25 03:59:59 | 00,000,459 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/10/25 03:59:33 | 00,000,301 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/10/25 03:57:36 | 00,001,106 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/10/24 21:15:40 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/10/24 20:57:04 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/23 17:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/05/13 21:41:58 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\cdlock.dll
[2002/10/16 00:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
< End of report >

Extra.txt from OTL.exe


OTL Extras logfile created on: 06/10/2009 13:09:50 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Darty-Jp\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33,33 Gb Total Space | 7,90 Gb Free Space | 23,70% Space Free | Partition Type: NTFS
Drive D: | 3,25 Gb Total Space | 2,46 Gb Free Space | 75,81% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 97,64 Gb Total Space | 21,39 Gb Free Space | 21,91% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 48,83 Gb Total Space | 36,35 Gb Free Space | 74,45% Space Free | Partition Type: NTFS
Drive L: | 48,83 Gb Total Space | 2,54 Gb Free Space | 5,21% Space Free | Partition Type: NTFS
Drive N: | 98,61 Gb Total Space | 9,32 Gb Free Space | 9,45% Space Free | Partition Type: FAT32
Drive Q: | 51,39 Gb Total Space | 10,24 Gb Free Space | 19,92% Space Free | Partition Type: NTFS

Computer Name: MELWYN
Current User Name: Darty-Jp
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2797797460-190285534-1131222945-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"11816:TCP" = 11816:TCP:*:Enabled:BitComet 11816 TCP
"11816:UDP" = 11816:UDP:*:Enabled:BitComet 11816 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"53830:TCP" = 53830:TCP:*:Enabled:BitComet 53830 TCP
"53830:UDP" = 53830:UDP:*:Enabled:BitComet 53830 UDP
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"22234:TCP" = 22234:TCP:*:Enabled:BitComet 22234 TCP
"22234:UDP" = 22234:UDP:*:Enabled:BitComet 22234 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\oDC\oDC.exe" = C:\Program Files\oDC\oDC.exe:*:Enabled:oDC -- File not found
"C:\Documents and Settings\Darty-Jp\Application Data\SopCast\adv\SopAdver.exe" = C:\Documents and Settings\Darty-Jp\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- File not found
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\BirdieSync\BirdieTransfer.exe" = C:\Program Files\BirdieSync\BirdieTransfer.exe:*:Enabled:BirdieTransfer -- File not found
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate -- File not found
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component -- (TVU networks)
"C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe" = C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files! -- (Foxit Software Company)
"C:\Program Files\Valve\Steam\steamapps\achital2@yahoo.com\counter-strike\hl.exe" = C:\Program Files\Valve\Steam\steamapps\achital2@yahoo.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\VoipStunt.com\VoipStunt\voipstunt.exe" = C:\Program Files\VoipStunt.com\VoipStunt\voipstunt.exe:*:Enabled:VoipStunt -- (VoipStunt)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" = C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe:*:Enabled:JustVoip -- File not found
"F:\Turok\Binaries\TurokGame.exe" = F:\Turok\Binaries\TurokGame.exe:*:Enabled:Turok -- File not found
"C:\WINDOWS\system32\drivers\svchost.exe" = C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Infogrames Interactive\Monopoly\Monopoly.exe" = C:\Program Files\Infogrames Interactive\Monopoly\Monopoly.exe:*:Enabled:Monopoly -- (Infogrames Interactive)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\zHotkey.exe" = C:\WINDOWS\zHotkey.exe:*:Enabled:zHotkey -- ()
"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe:*:Enabled:Ad-Aware -- File not found
"C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe" = C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe:*:Enabled:WLLoginProxy -- (Microsoft Corporation)
"C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe" = C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe:*:Enabled:AcroRd32Info -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\verclsid.exe" = C:\WINDOWS\system32\verclsid.exe:*:Enabled:verclsid -- (Microsoft Corporation)
"C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" = C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe:*:Enabled:AdobeUpdater -- (Adobe Systems Incorporated)
"C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe" = C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe:*:Enabled:AcroRd32 -- (Adobe Systems Incorporated)
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" = C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:mplayerc -- (Gabest)
"C:\WINDOWS\system32\DivXsm.exe" = C:\WINDOWS\system32\DivXsm.exe:*:Enabled:divxsm -- File not found
"C:\WINDOWS\system32\dwwin.exe" = C:\WINDOWS\system32\dwwin.exe:*:Enabled:dwwin -- (Microsoft Corporation)
"C:\Program Files\Valve\Steam\Steam.exe" = C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\RealVNC\VNC4\vncviewer.exe" = C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:vncviewer -- File not found
"C:\Program Files\Valve\Steam\GameOverlayUI.exe" = C:\Program Files\Valve\Steam\GameOverlayUI.exe:*:Enabled:GameOverlayUI -- (Valve Corporation)
"C:\WINDOWS\system32\sndvol32.exe" = C:\WINDOWS\system32\sndvol32.exe:*:Enabled:SNDVOL32 -- (Microsoft Corporation)
"F:\FIFA 09\FIFA09.EXE" = F:\FIFA 09\FIFA09.EXE:*:Enabled:FIFA09 -- File not found
"C:\WINDOWS\system32\taskmgr.exe" = C:\WINDOWS\system32\taskmgr.exe:*:Enabled:taskmgr -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:HelpCtr -- (Microsoft Corporation)
"C:\Program Files\Karen's Computer Profiler\PTProfiler.exe" = C:\Program Files\Karen's Computer Profiler\PTProfiler.exe:*:Enabled:PTProfiler -- (Karen Kenworthy)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\BitNami Drupal 6 Stack\mysql\bin\mysqld.exe" = C:\Program Files\BitNami Drupal 6 Stack\mysql\bin\mysqld.exe:*:Enabled:mysqld -- File not found
"C:\Program Files\BitNami Drupal 6 Stack\apache2\bin\httpd.exe" = C:\Program Files\BitNami Drupal 6 Stack\apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\Program Files\Drupal 6 Stack\mysql\bin\mysqld.exe" = C:\Program Files\Drupal 6 Stack\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\Program Files\Drupal 6 Stack\apache2\bin\httpd.exe" = C:\Program Files\Drupal 6 Stack\apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Disabled:PnkBstrA -- File not found
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Disabled:PnkBstrB -- File not found
"C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E15D21-B68B-D7C4-574B-636E2D1ECEBE}" = Catalyst Control Center HydraVision Full
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-b8ac-41ce-8346-3d777245c35b}" = Bonjour
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{1170F665-2359-E439-5BC5-932B87423EF1}" = ccc-utility
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FA8AEE-E785-4F79-98EB-2067A8F395F4}" = Monopoly
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{39D74E81-5DED-C7EE-8807-91A8800212FA}" = ccc-core-preinstall
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41C01225-45FD-7BCE-1EDA-F7E50945ADD7}" = Catalyst Control Center Core Implementation
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49D70E70-23CB-4BE5-8A67-8770F6B1BB2F}" = Microsoft Carioca
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{59367F7E-D7C1-4629-8AEC-71AA24A68F31}" = Nokia Software Updater
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{5E8E1294-7951-6DA9-10F1-C877871346F3}" = Skins
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DE7A046-E66F-49B8-93C9-21378D9B0F24}" = Cisco Network Magic
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{7551720A-7CB0-456F-9CE1-4E154432DD9E}" = ATI Catalyst Survey
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Utilitaire de sauvegarde Windows
"{773421E8-AD7B-4DC8-AED1-9300D69E1659}" = Touchstone Installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{826F3B4F-C597-AF1D-4CB1-2F441BE8E2BF}" = ccc-core-static
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87B20692-9E9D-FAE0-76C7-E75E3CC7B0D1}" = Catalyst Control Center Graphics Full Existing
"{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}" = AMD Dual-Core Optimizer
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{99ecf41f-5cca-42bd-b8b8-a8333e2e2944}" = iTunes
"{A059DE09-1B49-4450-B340-7AE097EC3F04}" = Microsoft Works
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7603DF7-DFD6-4ECD-8AF8-1182EE4BFF9F}" = Learn to Speak French Deluxe 9
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C29769BE-BEDF-DC9E-67A9-5E7AEFF039CF}" = CCC Help English
"{c337bdaf-cb4e-47e2-be1a-cb31bb7dd0e3}" = Apple Mobile Device Support
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C740289B-FC90-D938-8317-1FFEBF7C04DB}" = Catalyst Control Center Graphics Previews Common
"{c78eac6f-7a73-452e-8134-dbb2165c5a68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF7A3DA-880B-4747-AB57-D74A4EBAC69E}" = Ciel eSauvegarde V2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D99C322D-C21B-40C7-AE71-EE51AA096B6E}" = Nokia Flashing Cable Driver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F30A8BF7-288C-57C0-357E-6D67BB694682}" = Catalyst Control Center Graphics Full New
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F54543CF-EC73-D847-1780-84A6420EA229}" = Catalyst Control Center Graphics Light
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB5CB59C-D4F6-4303-A414-83D533EE773B}" = Pure Networks Platform
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Anti-Blaxx_is1" = Anti-Blaxx 1.18
"ATI Display Driver" = ATI Display Driver
"Ava Find Pro" = Ava Find Pro
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"BitNami Drupal 6 Stack 6.13-0" = BitNami Drupal 6 Stack
"CCleaner" = CCleaner (remove only)
"Clean MemXP8.0" = Clean MemXP
"Creative PD1131" = Creative WebCam NX Pro Driver (1.03.03.0326)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet(JetCar)" = FlashGet(JetCar)
"Football Manager 2009" = Football Manager 2009
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"GoogleVideoPlayer" = Google Video Player
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImageMagick 6.5.6 Q16_is1" = ImageMagick 6.5.6-5 Q16 (2009-10-01)
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"IrfanView" = IrfanView (remove only)
"ISO Compressor" = ISO Compressor by Winnydows
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.71
"LimeWire" = LimeWire 4.12.11
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"PSP Video Converter 3" = PSP Video Converter 3
"RealPlayer 6.0" = RealPlayer
"Scott's Windows Startup Program Manager_is1" = Scott's Windows Startup Program Manager v 1.1
"SopCast" = SopCast 3.0.3
"ST6UNST #1" = Karen's Computer Profiler
"Steam" = Steam
"Thunderbird-Tray" = Thunderbird-Tray
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.5.3
"Videora iPhone 3G Converter" = Videora iPhone 3G Converter 4.04
"VLC media player" = VideoLAN VLC media player 0.8.5
"VobSub" = VobSub v2.23 (Remove Only)
"Vodei Multimedia Processor" = Vodei Multimedia Processor 2.00
"VoipStunt_is1" = VoipStunt
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows Mobile Device Handbook" = Ressources Windows Mobile
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WPAYEDeinstKey" = Ciel Paye (L) pour Windows
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2797797460-190285534-1131222945-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 24/07/2009 16:41:58 | Computer Name = MELWYN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MineSweeper.dll failed, 0000001E.


Error - 24/07/2009 16:42:05 | Computer Name = MELWYN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll failed, 0000001E.

Error - 24/07/2009 16:42:20 | Computer Name = MELWYN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll failed, 0000001E.


Error - 24/07/2009 16:42:21 | Computer Name = MELWYN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll failed, 0000001E.


Error - 24/07/2009 16:42:22 | Computer Name = MELWYN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Downloaded Program Files\minesweeper.dll failed, 0000001E.

Error - 24/07/2009 16:42:24 | Computer Name = MELWYN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Downloaded Program Files\msgrchkr.dll failed, 0000001E.

Error - 24/07/2009 16:42:25 | Computer Name = MELWYN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Downloaded Program Files\npaecviz.dll failed, 0000001E.

Error - 24/07/2009 16:42:28 | Computer Name = MELWYN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll failed, 0000001E.

Error - 24/07/2009 16:42:29 | Computer Name = MELWYN | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Downloaded Program Files\wlscBase.dll failed, 0000001E.

[ Application Events ]
Error - 02/10/2009 05:59:53 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
for ServerName .

Error - 02/10/2009 14:28:34 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 03/10/2009 04:30:38 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 03/10/2009 17:15:45 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 04/10/2009 08:10:05 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 04/10/2009 10:42:55 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 04/10/2009 11:01:55 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 05/10/2009 08:47:15 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 06/10/2009 05:39:39 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 06/10/2009 05:56:43 | Computer Name = MELWYN | Source = Application Hang | ID = 1002
Description = Application bloquée OTL.exe, version 3.0.18.4, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

[ Application Events ]
Error - 02/10/2009 05:59:53 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
for ServerName .

Error - 02/10/2009 14:28:34 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 03/10/2009 04:30:38 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 03/10/2009 17:15:45 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 04/10/2009 08:10:05 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 04/10/2009 10:42:55 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 04/10/2009 11:01:55 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 05/10/2009 08:47:15 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 06/10/2009 05:39:39 | Computer Name = MELWYN | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 192.168.0.11
for ServerName .

Error - 06/10/2009 05:56:43 | Computer Name = MELWYN | Source = Application Hang | ID = 1002
Description = Application bloquée OTL.exe, version 3.0.18.4, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 06/10/2009 07:08:21 | Computer Name = MELWYN | Source = Service Control Manager | ID = 7001
Description = Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a
pas pu démarrer en raison de l'erreur : %%31

Error - 06/10/2009 07:08:21 | Computer Name = MELWYN | Source = Service Control Manager | ID = 7001
Description = Le service Client DNS dépend du service Pilote du protocole TCP/IP
qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 06/10/2009 07:08:21 | Computer Name = MELWYN | Source = Service Control Manager | ID = 7001
Description = Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a
pas pu démarrer en raison de l'erreur : %%31

Error - 06/10/2009 07:08:21 | Computer Name = MELWYN | Source = Service Control Manager | ID = 7001
Description = Le service Service d'application d'assistance IPv6 dépend du service
Pilote du protocole IPv6 Microsoft qui n'a pas pu démarrer en raison de l'erreur :
%%31

Error - 06/10/2009 07:08:21 | Computer Name = MELWYN | Source = Service Control Manager | ID = 7001
Description = Le service Apple Mobile Device dépend du service Pilote du protocole
TCP/IP qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 06/10/2009 07:08:21 | Computer Name = MELWYN | Source = Service Control Manager | ID = 7001
Description = Le service Service Bonjour dépend du service Pilote du protocole TCP/IP
qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 06/10/2009 07:08:21 | Computer Name = MELWYN | Source = Service Control Manager | ID = 7001
Description = Le service drupalApache dépend du service AFD qui n'a pas pu démarrer
en raison de l'erreur : %%31

Error - 06/10/2009 07:08:21 | Computer Name = MELWYN | Source = Service Control Manager | ID = 7001
Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas
pu démarrer en raison de l'erreur : %%31

Error - 06/10/2009 07:08:21 | Computer Name = MELWYN | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Aavmker4 AFD AmdK8 aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu
Tcpip
Tcpip6
WS2IFSL

Error - 06/10/2009 07:09:07 | Computer Name = MELWYN | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

MBAM log

Malwarebytes' Anti-Malware 1.41
Database version: 2914
Windows 5.1.2600 Service Pack 3 (Safe Mode)

06/10/2009 14:12:54
mbam-log-2009-10-06 (14-12-54).txt

Scan type: Quick Scan
Objects scanned: 123696
Time elapsed: 14 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{e81cf86b-f683-422a-b742-3f2427ea9d6a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99c6d1bb-7555-474c-91da-d8fb62a9cc75} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\xwoarh.sys (Trojan.Tibs) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\0dX5Mthy.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\0v14uj8p.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1cMkiK5k.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sys32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

GMER Logs

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-06 17:06:17
Windows 5.1.2600 Service Pack 3
Running: o18kvmdg.exe; Driver: C:\DOCUME~1\Darty-Jp\LOCALS~1\Temp\fxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xACB8D6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xACB8D574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xACB8DA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xACB8D14C]
SSDT sptd.sys ZwEnumerateKey [0xB9ED9C22]
SSDT sptd.sys ZwEnumerateValueKey [0xB9ED9F9A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xACB8D64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xACB8D08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xACB8D0F0]
SSDT sptd.sys ZwQueryKey [0xB9EDA064]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xACB8D76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xACB8D72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xACB8D8AE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? C:\WINDOWS\System32\Drivers\SPTD4253.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? MFX.sys Le fichier spécifié est introuvable. !
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B907E4F0 16 Bytes [83, 4A, D3, 4C, 96, CB, 5F, ...] {OR DWORD [EDX-0x2d], 0x4c; XCHG ESI, EAX; RETF ; POP EDI; MOV DH, 0x68; POP EBX; FCOM DWORD [EAX]; PUSH ECX; PUSH ES; JMP 0xfffffffffffffff0}
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B907E501 7 Bytes [D0, 07, B9, B6, F6, 3A, 15] {ROL BYTE [EDI], 0x1; MOV ECX, 0x153af6b6}
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 19 B907E509 21 Bytes [95, 2B, 8B, 0D, 47, CC, 54, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 2F B907E51F 1 Byte [65]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortMoveMemory] [B9EC0F4C] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortGetVirtualAddress] [B9EC1068] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortValidateRange] [B9EC10A4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortConvertUlongToPhysicalAddress] [B9EC10AE] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortFreeDeviceBase] [B9EBCC28] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortGetLogicalUnit] [B9EC0DE2] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cpqarray.sys[SCSIPORT.SYS!ScsiPortCompleteRequest] [B9EC146A] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED5AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED5C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED5B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED676C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED6642] sptd.sys
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortConvertUlongToPhysicalAddress] [B9EC10AE] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortFreeDeviceBase] [B9EBCC28] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortGetLogicalUnit] [B9EC0DE2] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortGetVirtualAddress] [B9EC1068] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortMoveMemory] [B9EC0F4C] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortCompleteRequest] [B9EC146A] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aha154x.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortFreeDeviceBase] [B9EBCC28] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortSetBusDataByOffset] [B9EBCCF4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortGetLogicalUnit] [B9EC0DE2] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78xx.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dac960nt.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dac960nt.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dac960nt.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dac960nt.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dac960nt.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dac960nt.sys[SCSIPORT.SYS!ScsiPortFreeDeviceBase] [B9EBCC28] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dac960nt.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dac960nt.sys[SCSIPORT.SYS!ScsiPortConvertUlongToPhysicalAddress] [B9EC10AE] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dac960nt.sys[SCSIPORT.SYS!ScsiPortSetBusDataByOffset] [B9EBCCF4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dac960nt.sys[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dac960nt.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql10wnt.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql10wnt.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql10wnt.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql10wnt.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql10wnt.sys[SCSIPORT.SYS!ScsiPortSetBusDataByOffset] [B9EBCCF4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql10wnt.sys[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql10wnt.sys[SCSIPORT.SYS!ScsiPortGetLogicalUnit] [B9EC0DE2] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql10wnt.sys[SCSIPORT.SYS!ScsiPortMoveMemory] [B9EC0F4C] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql10wnt.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql10wnt.sys[SCSIPORT.SYS!ScsiPortFreeDeviceBase] [B9EBCC28] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql10wnt.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql10wnt.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortCompleteRequest] [B9EC146A] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortGetLogicalUnit] [B9EC0DE2] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortGetSrb] [B9EC0F9E] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortSetBusDataByOffset] [B9EBCCF4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortValidateRange] [B9EC10A4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortGetVirtualAddress] [B9EC1068] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT amsint.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT i2omp.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT i2omp.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT i2omp.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT i2omp.sys[SCSIPORT.SYS!ScsiPortCompleteRequest] [B9EC146A] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT i2omp.sys[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT i2omp.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT i2omp.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT i2omp.sys[SCSIPORT.SYS!ScsiPortMoveMemory] [B9EC0F4C] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT i2omp.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT i2omp.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ini910u.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ini910u.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ini910u.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ini910u.sys[SCSIPORT.SYS!ScsiDebugPrint] [B9EC0F98] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ini910u.sys[SCSIPORT.SYS!ScsiPortCompleteRequest] [B9EC146A] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ini910u.sys[SCSIPORT.SYS!ScsiPortGetSrb] [B9EC0F9E] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ini910u.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ini910u.sys[SCSIPORT.SYS!ScsiPortValidateRange] [B9EC10A4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ini910u.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql1240.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql1240.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql1240.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql1240.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql1240.sys[SCSIPORT.SYS!ScsiPortSetBusDataByOffset] [B9EBCCF4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql1240.sys[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql1240.sys[SCSIPORT.SYS!ScsiPortMoveMemory] [B9EC0F4C] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql1240.sys[SCSIPORT.SYS!ScsiPortFreeDeviceBase] [B9EBCC28] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql1240.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql1240.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ql1240.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78u2.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78u2.sys[SCSIPORT.SYS!ScsiPortFreeDeviceBase] [B9EBCC28] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78u2.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78u2.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78u2.sys[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78u2.sys[SCSIPORT.SYS!ScsiPortSetBusDataByOffset] [B9EBCCF4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78u2.sys[SCSIPORT.SYS!ScsiPortGetLogicalUnit] [B9EC0DE2] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78u2.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78u2.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78u2.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT aic78u2.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ABP480N5.SYS[SCSIPORT.SYS!ScsiPortFreeDeviceBase] [B9EBCC28] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ABP480N5.SYS[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ABP480N5.SYS[SCSIPORT.SYS!ScsiPortValidateRange] [B9EC10A4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ABP480N5.SYS[SCSIPORT.SYS!ScsiPortConvertUlongToPhysicalAddress] [B9EC10AE] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ABP480N5.SYS[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ABP480N5.SYS[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ABP480N5.SYS[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ABP480N5.SYS[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ABP480N5.SYS[SCSIPORT.SYS!ScsiPortSetBusDataByOffset] [B9EBCCF4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ABP480N5.SYS[SCSIPORT.SYS!ScsiPortCompleteRequest] [B9EC146A] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ABP480N5.SYS[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT ABP480N5.SYS[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT asc3350p.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT asc3350p.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT asc3350p.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT asc3350p.sys[SCSIPORT.SYS!ScsiPortCompleteRequest] [B9EC146A] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT asc3350p.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT asc3350p.sys[SCSIPORT.SYS!ScsiPortValidateRange] [B9EC10A4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT asc3350p.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT asc3350p.sys[SCSIPORT.SYS!ScsiPortConvertUlongToPhysicalAddress] [B9EC10AE] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT asc3350p.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cd20xrnt.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cd20xrnt.sys[SCSIPORT.SYS!ScsiPortCompleteRequest] [B9EC146A] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cd20xrnt.sys[SCSIPORT.SYS!ScsiDebugPrint] [B9EC0F98] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cd20xrnt.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cd20xrnt.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT adpu160m.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT adpu160m.sys[SCSIPORT.SYS!ScsiPortFreeDeviceBase] [B9EBCC28] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT adpu160m.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT adpu160m.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT adpu160m.sys[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT adpu160m.sys[SCSIPORT.SYS!ScsiPortSetBusDataByOffset] [B9EBCCF4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT adpu160m.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT adpu160m.sys[SCSIPORT.SYS!ScsiPortGetLogicalUnit] [B9EC0DE2] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT adpu160m.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT adpu160m.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT adpu160m.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dpti2o.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dpti2o.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dpti2o.sys[SCSIPORT.SYS!ScsiPortMoveMemory] [B9EC0F4C] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dpti2o.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dpti2o.sys[SCSIPORT.SYS!ScsiPortConvertUlongToPhysicalAddress] [B9EC10AE] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dpti2o.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dpti2o.sys[SCSIPORT.SYS!ScsiPortGetVirtualAddress] [B9EC1068] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dpti2o.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dpti2o.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dpti2o.sys[SCSIPORT.SYS!ScsiPortValidateRange] [B9EC10A4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dpti2o.sys[SCSIPORT.SYS!ScsiPortSetBusDataByOffset] [B9EBCCF4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dpti2o.sys[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT dpti2o.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT perc2.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT perc2.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT perc2.sys[SCSIPORT.SYS!ScsiPortMoveMemory] [B9EC0F4C] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT perc2.sys[SCSIPORT.SYS!ScsiPortCompleteRequest] [B9EC146A] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT perc2.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT perc2.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT perc2.sys[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT perc2.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT perc2.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT perc2.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT hpn.sys[SCSIPORT.SYS!ScsiPortGetPhysicalAddress] [B9EC0FE4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT hpn.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT hpn.sys[SCSIPORT.SYS!ScsiPortMoveMemory] [B9EC0F4C] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT hpn.sys[SCSIPORT.SYS!ScsiPortCompleteRequest] [B9EC146A] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT hpn.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT hpn.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT hpn.sys[SCSIPORT.SYS!ScsiPortGetBusData] [B9EBD416] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT hpn.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT hpn.sys[SCSIPORT.SYS!ScsiPortGetUncachedExtension] [B9EBD508] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT hpn.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cbidf2k.sys[SCSIPORT.SYS!ScsiPortMoveMemory] [B9EC0F4C] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cbidf2k.sys[SCSIPORT.SYS!ScsiPortStallExecution] [B9EC10D4] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cbidf2k.sys[SCSIPORT.SYS!ScsiPortLogError] [B9EC0ECC] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cbidf2k.sys[SCSIPORT.SYS!ScsiPortNotification] [B9EC10E6] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cbidf2k.sys[SCSIPORT.SYS!ScsiPortFreeDeviceBase] [B9EBCC28] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cbidf2k.sys[SCSIPORT.SYS!ScsiPortConvertUlongToPhysicalAddress] [B9EC10AE] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cbidf2k.sys[SCSIPORT.SYS!ScsiPortGetDeviceBase] [B9EBCAFA] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cbidf2k.sys[SCSIPORT.SYS!ScsiPortCompleteRequest] [B9EC146A] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT cbidf2k.sys[SCSIPORT.SYS!ScsiPortInitialize] [B9EC7F74] \WINDOWS\System32\Drivers\SPTD4253.SYS
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EF8056] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[956] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[956] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B286C78

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs MFX.sys

Device \FileSystem\Fastfat \FatCdrom 8A53D7F8

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8B28CC78
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B28CC78
Device \Driver\Cdrom \Device\CdRom0 8B1FEAA0
Device \FileSystem\Rdbss \Device\FsWrap 8A5827F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B28CC78
Device \Driver\Cdrom \Device\CdRom1 8B1FEAA0
Device \Driver\atapi \Device\Ide\IdePort0 [B9E36B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort1 [B9E36B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort2 [B9E36B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort3 [B9E36B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b [B9E36B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 [B9E36B40] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 [B9E36B40] atapi.sys[unknown section]
Device \Driver\USBSTOR \Device\000000a5 8A5257F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8B28CC78
Device \Driver\Ftdisk \Device\HarddiskVolume5 8B28CC78
Device \Driver\Ftdisk \Device\HarddiskVolume6 8B28CC78
Device \Driver\USBSTOR \Device\000000a8 8A5257F8
Device \Driver\Ftdisk \Device\HarddiskVolume7 8B28CC78
Device \Driver\USBSTOR \Device\000000a9 8A5257F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A5CE7F8
Device \Driver\NetBT \Device\NetbiosSmb 8A5CE7F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk0\DR0 8B286EB0

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk1\DR1 8B286EB0
Device \Driver\USBSTOR \Device\000000aa 8A5257F8
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+d 8B286EB0
Device \Driver\Disk \Device\Harddisk2\DR9 8B286EB0
Device \Driver\USBSTOR \Device\000000ab 8A5257F8
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+e 8B286EB0
Device \Driver\Disk \Device\Harddisk3\DR10 8B286EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A5577F8
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+f 8B286EB0
Device \Driver\Disk \Device\Harddisk4\DR11 8B286EB0
Device \Driver\00000057 \Device\0000007b sptd.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A5577F8
Device \Driver\Disk \Device\Harddisk5\DP(1)0-0+10 8B286EB0
Device \Driver\Disk \Device\Harddisk5\DR12 8B286EB0
Device \FileSystem\Npfs \Device\NamedPipe 8A5E77F8
Device \Driver\Ftdisk \Device\FtControl 8B28CC78
Device \FileSystem\Msfs \Device\Mailslot 8A5F97F8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 8B08D898
Device \Driver\dtscsi \Device\Scsi\dtscsi1 8B08D898
Device \FileSystem\Fastfat \Fat 8A53D7F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat MFX.sys

Device \FileSystem\Cdfs \Cdfs 8A5757F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0x15 0xF7 0xFA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAE 0xFA 0x45 0x4B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE4 0x81 0x39 0xF2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xCF 0x63 0x53 0x11 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8B 0x52 0xC7 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAE 0xFA 0x45 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3A 0xE0 0xDA 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x25 0xBD 0x99 0x3A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0x15 0xF7 0xFA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAE 0xFA 0x45 0x4B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0E 0x45 0xB8 0x73 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x25 0xBD 0x99 0x3A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x35 0x15 0xF7 0xFA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAE 0xFA 0x45 0x4B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x95 0x46 0xBF 0x0C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x25 0xBD 0x99 0x3A ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0xF5 0x1E 0x21 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0x0D 0x75 0x52 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBA 0x6B 0xF8 0x7A ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x25 0xBD 0x99 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 752896058
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -919401776
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1288044797
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0xF5 0x1E 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0x0D 0x75 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE1 0x2D 0xBD 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x25 0xBD 0x99 0x3A ...
Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset007\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\controlset007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\controlset007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\controlset007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\controlset007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0xF5 0x1E 0x21 ...
Reg HKLM\SYSTEM\controlset007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\controlset007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\controlset007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x23 0x0D 0x75 0x52 ...
Reg HKLM\SYSTEM\controlset007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\controlset007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE1 0x2D 0xBD 0x4B ...
Reg HKLM\SYSTEM\controlset007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\controlset007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x25 0xBD 0x99 0x3A ...

---- Files - GMER 1.0.15 ----

File C:\SYZ_DAT 0 bytes
File C:\SYZ_DAT\ali.exe 28672 bytes executable
File C:\SYZ_DAT\cdlock.dll 49152 bytes executable
File C:\SYZ_DAT\cpy.exe 32768 bytes executable
File C:\SYZ_DAT\dirlist 210 bytes
File C:\SYZ_DAT\dirlist_bak 210 bytes
File C:\SYZ_DAT\DL.BAK 210 bytes
File C:\SYZ_DAT\EMF_Decrypt.exe 135168 bytes executable
File C:\SYZ_DAT\fldrvw61.ocx 417792 bytes
File C:\SYZ_DAT\install.exe 1163264 bytes executable
File C:\SYZ_DAT\magic.exe 24576 bytes executable
File C:\SYZ_DAT\mf.chm 33137 bytes
File C:\SYZ_DAT\mf.txx 24994 bytes
File C:\SYZ_DAT\mfx 45824 bytes executable
File C:\SYZ_DAT\MFX.CFG 104 bytes
File C:\SYZ_DAT\mfx_cfg.org 100 bytes
File C:\SYZ_DAT\readme.txt 3162 bytes
File C:\SYZ_DAT\systray.exe 32768 bytes executable
File C:\SYZ_DAT\tb.exe 24576 bytes executable
File C:\WINDOWS\system32\drivers\MFX.sys 45824 bytes executable

---- EOF - GMER 1.0.15 ----



Thats a long page of logs :(

Attached Files



#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:35 AM

Posted 08 October 2009 - 04:47 AM

Hi,

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

How is your PC behaving now?
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 smigo

smigo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 09 October 2009 - 06:09 AM

Hey,

Before using the combofix, i did try google search and it is working fine..no redirects to third party weirdo websites.

See below the log for combofix.. Also since my Os is french the log details are kinda in french .. I hope you do speak French to my luck cos now after the combofix scan my avast antivirus is gone dead. I ran combo fix during the scan mid way it said combofix has detected a presence of rootkit activity and needs to restart, it did restart and completed it scan.

Now my Avast antivirus is not running on startup when i clicked on avast from the desktop its says skin is not complete. look at the following description: skin is not loading properly. Should i reinstall avast .

Also on my D: drive, I had a System Restauration boot disk pre configured when i purchased my computer. so whenever i double clicked on D drive, it would beep and i would get a screen saying System restauration partition : This zone of your hard disk contains important files for the restauration of your system ... etc ....
Now after the scan i can enter the partition and see all the files.. also previously when the pc would start or restart , it would give me an option to boot from this disk if i wanted to restore windows by pressing any key.
From the log file i can see it has deleted D:\Autorun.inf ? Also on the last restart i did not see that option of restoring windows ..

I will restart my pc again to see if i have any other issues ...see below the log file

Thanks again for your help .. i have seen that couple of trojans have been erased after your help. I am not sure how good avast is know cos avast had detected a couple of those before but it still seemed to be in the system. Also what do you think of ad aware and spybot tea timer ? are they good ... After using Mbam I was thinking i should get rid of the two ..cos mbam did wonders in cleaning the system


ComboFix 09-10-07.05 - Darty-Jp 09/10/2009 12:31.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3070.2401 [GMT 2:00]
Lancé depuis: f:\nisha music\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091008-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\mimic.log
c:\recycler\S-1-5-21-3946245813-1249940695-3369626496-1003
c:\recycler\S-1-5-21-828035040-2559728273-1916556668-1003
c:\windows\Installer\6d5838.msi
c:\windows\Installer\98c361.msi
c:\windows\system32\abowipop.ini
c:\windows\system32\azutoveh.ini
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\imuzufek.ini
c:\windows\system32\iwuyepop.ini
c:\windows\system32\ohosiwiw.ini
c:\windows\system32\owejusig.ini

K:\Autorun.inf

Une copie infectée de c:\windows\system32\drivers\dtscsi.sys a été trouvée et désinfectée
Kitty ate it :(
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-09 au 2009-10-09 ))))))))))))))))))))))))))))))))))))
.

2009-10-07 16:48 . 2009-10-07 17:01 -------- d-----w- C:\mfx_temp
2009-10-07 16:16 . 2009-10-07 16:16 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-07 16:14 . 2009-10-07 16:14 -------- d-----w- c:\program files\Microsoft
2009-10-06 11:21 . 2009-10-06 11:21 -------- d-----w- c:\documents and settings\Darty-Jp\Application Data\Malwarebytes
2009-10-06 11:21 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 11:21 . 2009-10-06 11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 11:21 . 2009-10-06 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-06 11:21 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-04 16:58 . 2009-10-04 16:58 -------- d-----w- c:\program files\Fichiers communs\Nikon
2009-09-19 13:22 . 2009-09-19 13:22 -------- d-----w- c:\documents and settings\Darty-Jp\Local Settings\Application Data\Downloaded Installations
2009-09-16 18:08 . 2009-09-16 18:08 -------- d-----w- c:\documents and settings\Darty-Jp\BitNami Drupal 6 Stack projects
2009-09-15 14:25 . 2009-09-15 14:30 -------- d-----w- c:\program files\Drupal 6 Stack
2009-09-10 12:30 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-10 12:27 . 2009-09-10 12:27 -------- d-----w- c:\documents and settings\LocalService\Bureau
2009-09-10 10:57 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-10 10:25 . 2009-09-10 10:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-10 10:24 . 2009-09-10 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-10 10:24 . 2009-09-10 10:24 -------- d-----w- c:\program files\Lavasoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 09:43 . 2007-01-28 12:48 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-10-08 22:09 . 2008-04-28 12:08 -------- d-----w- c:\documents and settings\Darty-Jp\Application Data\uTorrent
2009-10-06 15:05 . 2007-05-01 21:55 -------- d-----w- c:\documents and settings\Darty-Jp\Application Data\AvaFind Data
2009-10-06 11:49 . 2009-10-02 09:28 0 ----a-w- c:\documents and settings\Darty-Jp\ntuser.tmp
2009-10-06 11:42 . 2009-10-06 11:42 5607 ----a-w- c:\windows\~GLH0000.TMP
2009-10-06 11:42 . 2009-10-06 11:42 139264 ----a-w- c:\windows\~GLC0000.TMP
2009-09-26 21:55 . 2007-07-05 13:48 -------- d-----w- c:\program files\DivX
2009-09-26 21:54 . 2009-04-11 16:32 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-09-20 19:21 . 2006-10-08 21:59 -------- d-----w- c:\program files\FlashGet
2009-09-18 13:38 . 2007-05-29 17:41 -------- d-----w- c:\program files\LimeWire
2009-09-18 13:38 . 2007-07-22 17:40 -------- d-----w- c:\program files\Clean MemXP
2009-09-18 00:29 . 2008-11-07 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-16 15:58 . 2006-10-08 18:54 77824 ----a-w- c:\documents and settings\Darty-Jp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-16 10:03 . 2009-04-01 21:40 -------- d-----w- c:\program files\Fichiers communs\Ciel
2009-09-16 10:00 . 2006-04-29 18:24 -------- d-----w- c:\program files\CyberLink
2009-09-16 09:59 . 2006-11-19 13:55 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-09-16 09:57 . 2006-04-29 18:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 16:30 . 2006-10-09 15:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-10 16:30 . 2006-10-09 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-26 14:08 . 2009-01-10 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-26 13:40 . 2009-08-26 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-26 13:40 . 2009-01-10 09:56 -------- d-----w- c:\program files\iTunes
2009-08-26 13:40 . 2009-08-26 13:40 -------- d-----w- c:\program files\iPod
2009-08-26 13:40 . 2009-01-10 09:53 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-08-26 13:38 . 2009-08-26 13:38 -------- d-----w- c:\program files\Bonjour
2009-08-26 13:38 . 2006-10-08 21:14 -------- d-----w- c:\program files\QuickTime
2009-08-24 12:12 . 2006-10-09 15:05 -------- d-----w- c:\documents and settings\Darty-Jp\Application Data\Lavasoft
2009-08-22 12:04 . 2006-10-27 13:06 -------- d-----w- c:\documents and settings\Darty-Jp\Application Data\VoipStunt
2009-08-17 16:10 . 2009-03-01 23:18 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-03-01 23:18 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-03-01 23:18 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-03-01 23:18 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-03-01 23:18 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-03-01 23:18 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-03-01 23:18 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-03-01 23:18 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-03-01 23:18 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 21:31 . 2009-06-26 09:42 477096 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-01-16 18:51 . 2007-03-08 16:34 44678176 -csha-w- c:\windows\system32\drivers\fidbox.dat
2008-01-16 18:51 . 2007-03-08 16:34 2544160 -csha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"nmctxth"="c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" [2008-09-14 648488]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-01-17 705832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-08 550912]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-22 28160]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-12-23 528384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ava Find Professional 1.5.218.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Ava Find Professional 1.5.218.lnk
backup=c:\windows\pss\Ava Find Professional 1.5.218.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^La Solution Ciel.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\La Solution Ciel.lnk
backup=c:\windows\pss\La Solution Ciel.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TB-Tray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\TB-Tray.lnk
backup=c:\windows\pss\TB-Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Darty-Jp^Menu Démarrer^Programmes^Démarrage^Cyber-shot Viewer Media Check Tool.lnk]
path=c:\documents and settings\Darty-Jp\Menu Démarrer\Programmes\Démarrage\Cyber-shot Viewer Media Check Tool.lnk
backup=c:\windows\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Darty-Jp^Menu Démarrer^Programmes^Démarrage^IPMSG for Win32.lnk]
path=c:\documents and settings\Darty-Jp\Menu Démarrer\Programmes\Démarrage\IPMSG for Win32.lnk
backup=c:\windows\pss\IPMSG for Win32.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Darty-Jp^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Darty-Jp\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Darty-Jp^Menu Démarrer^Programmes^Démarrage^Raccourci vers anim_services_num.lnk]
path=c:\documents and settings\Darty-Jp\Menu Démarrer\Programmes\Démarrage\Raccourci vers anim_services_num.lnk
backup=c:\windows\pss\Raccourci vers anim_services_num.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\achital2@yahoo.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\VoipStunt.com\\VoipStunt\\voipstunt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Infogrames Interactive\\Monopoly\\Monopoly.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\zHotkey.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32Info.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Updater5\\AdobeUpdater.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\GameOverlayUI.exe"=
"c:\\WINDOWS\\system32\\sndvol32.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Karen's Computer Profiler\\PTProfiler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Drupal 6 Stack\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Drupal 6 Stack\\apache2\\bin\\httpd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11816:TCP"= 11816:TCP:BitComet 11816 TCP
"11816:UDP"= 11816:UDP:BitComet 11816 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
"53830:TCP"= 53830:TCP:BitComet 53830 TCP
"53830:UDP"= 53830:UDP:BitComet 53830 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"22234:TCP"= 22234:TCP:BitComet 22234 TCP
"22234:UDP"= 22234:UDP:BitComet 22234 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/09/2009 12:57 64160]
R0 MFX;MFX; [x]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [02/03/2009 01:18 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02/03/2009 01:18 20560]
R2 drupalApache;drupalApache;c:\progra~1\DRUPAL~1\apache2\bin\httpd.exe [15/09/2009 16:25 24636]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 16:49 1028432]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [19/11/2006 15:55 31744]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [11/07/2008 23:51 93696]
S2 drupalMySQL;drupalMySQL;c:\program files\Drupal 6 Stack\mysql\bin\mysqld.exe [15/09/2009 16:25 6447744]
S2 xwoarh;xwoarh;\??\c:\windows\system32\Drivers\xwoarh.sys --> c:\windows\system32\Drivers\xwoarh.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [25/01/2009 23:48 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [25/01/2009 23:48 8320]
S3 USRWGU(USR);USRobotics Wireless USB Adapter(USR);c:\windows\system32\drivers\USRWGU.sys [03/08/2007 16:18 408064]
.
Contenu du dossier 'Tâches planifiées'

2009-10-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 10:57]

2009-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Messenger Backup\Messenger Backup
Trusted Zone: plaxo.com\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Darty-Jp\Application Data\Mozilla\Firefox\Profiles\fxbnhja4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329536&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google (Language: EN)
FF - plugin: c:\documents and settings\Darty-Jp\Application Data\Mozilla\Firefox\Profiles\fxbnhja4.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9d.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 12:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\drivers\MFX.sys 45824 bytes executable
C:\SYZ_DAT

Scan terminé avec succès
Fichiers cachés: 2

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2797797460-190285534-1131222945-1006\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Documents and Settings\\Darty-Jp\\Mes documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Darty-Jp\\Mes documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Documents and Settings\\Darty-Jp\\Mes documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="f:\\FM Genie Scout 2009 XE\\History Points"
"LangDB"="f:\\Football Manager 2009\\data\\updates\\update-930\\db\\930\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Darty-Jp\\Mes documents\\Sports Interactive\\Football Manager 2009\\games\\season 2014.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="46-F545-0F03"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-2797797460-190285534-1131222945-1006\Software\SecuROM\License information*]
"datasecu"=hex:a6,b4,2e,31,10,f2,b2,0e,6e,db,aa,40,47,d6,c4,3b,c1,6f,08,42,7e,
49,97,da,83,45,28,42,af,23,1e,1e,31,64,b6,85,a0,c8,0e,92,26,f7,f6,ea,41,49,\
"rkeysecu"=hex:ad,0f,29,0b,05,a1,e2,d6,05,c7,42,7b,ff,54,62,04

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-10-09 12:43
ComboFix-quarantined-files.txt 2009-10-09 10:43

Avant-CF: 5 672 701 952 octets libres
Après-CF: 5 813 362 688 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
346 --- E O F --- 2008-12-17 21:52

#11 smigo

smigo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 09 October 2009 - 06:25 AM

got my pc restarted ..few updates

1) I do get the option of system restore on startup :(
2) Avast is running on startup but i cant start the program from the desktop (skin issue) Should i reinstall
3) I have drupal (CMS) running on my system using a Bitnami stack(drupal+apache+mysql+php). The biggest problem now is mysqld.exe giving and error on windows startup :( I cant access my drupal testsites i was working on ..something seems to either blocking mysqld.exe from running, can you help . I will google windows as well to get that up and running asap

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:35 AM

Posted 09 October 2009 - 08:10 AM

Hi,

I'm sorry to say that I'm absolutely not familiar with drupal, so I fear I can't help you with that.

What exactly is the error message you get for mysql?
Do you know the following file and folder:

c:\windows\system32\drivers\MFX.sys
C:\SYZ_DAT

These files are hidden from your view, but this may be voluntary.

I suspect that ComboFix might have deleted a legit file. This may or may not be related. I would like you to run the following script to restore the file:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DeQuarantine::
C:\Qoobox\Quarantine\C\Windows\System32\drivers\Sonyhcp.dll.vir

Quit::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please also check if this helps with your mysql problem.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 smigo

smigo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 10 October 2009 - 03:07 PM

Hey,

mfx and syz_dat belongs to magic folders. I had that installed and uninstalled last week so dosent matter if its gone :(

Sonyhcp.dll.vir - probably belongs to some sony drivers i might have installed for the sony ericcsson phone years back, i no longer use SE phones even my PSP is damaged so i dont care if that dll is missing.. I think i can give it a skip ..

What do you advice ? Is it absolutely necessary to restore that dll?

Also one more question about IE , i dont use it as a default browser though ..

In IE, on the right hand top corner there is google search option .. when i type and search for anything , it goes to httx://start.waabe.com/ and gives a field to search. I am adding a print screen for your review , should give you a better idea.

Also i need your advice on Spybot and ad-aware compared to just malwarebytes. can i get rid of the two and have just mbam?

Attached Files



#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:35 AM

Posted 11 October 2009 - 05:00 PM

Hi,

I am aware that the listed items belong to magic folders, I just wanted to make sure, you also knew, that the software was being used on your PC. :(

Concerncing the sony file: This is up to you, you do not have to restore the file, but the missing file may cause problems with sony applications later on. If you do not use them anymore, you can simply uninstall them.

Concering your google search could you please check if you can remove waabe.com from the list of proposed search engines: Click on the arrow at the right of the loop besides the google search field and select "manage search engines". Does waabe.com appear in that list? If so, please delete it and set another search engine to your default search engine.

If the entry is not listed, please let me know.

Personally I prefer Malwarebytes Anti-Malware to Ad-Aware and Spybot. Malwarebytes does not offer realtime protection and automatic updates in the free version, only in the paid version. (This is a one time payment only, no need to pay for future updates/upgrades) However I personally believe, that the realtime protection from your anti virus program should be sufficient.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 smigo

smigo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 11 October 2009 - 05:23 PM

cool that worked on the IE .. no clue what waabe is anyways ..

Cool i ll get rid of ad aware and spybot ..not a fan of either.

One last issue .. Always on restart my Q drive gets scanned for issues (chkdisk) it checks for errors. I dont understand why ...i just skip it cos it does it all the time on restart. can i do something to stop that from happening ?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users