Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gameztar toolbar removal


  • This topic is locked This topic is locked
35 replies to this topic

#1 YellowtheCat

YellowtheCat

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 21 February 2010 - 01:54 PM

I'm trying to remove the Gameztar toolbar from the "Add or Remove Programs" applet. It keeps coming back despite removing it with CCleaner ?

What next ?

Edited by Orange Blossom, 21 February 2010 - 03:07 PM.
Move to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 YellowtheCat

YellowtheCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 21 February 2010 - 03:11 PM

OK Here's the DDS Log..


DDS (Ver_09-12-01.01) - NTFSx86
Run by YellowCat Services at 20:01:32,85 on 21/02/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2812.1599 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Users\YellowCat Services\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\YellowCat Services\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\YellowCat Services\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\YellowCat Services\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\3.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\yellowcat services\appdata\local\google\update\GoogleUpdate.exe" /c
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier edition\engine\3.8.0.41\CoIEPlg.dll
AppInit_DLLs: c:\windows\system32\apshook.dll c:\windows\system32\apshook.dll c:\windows\system32\APSHook.dll

============= SERVICES / DRIVERS ===============

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-30 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-30 12928]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-7 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-7 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-7 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100218.001\IDSvix86.sys [2010-2-21 343088]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-30 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-6-25 21504]
R2 ASChannel;Canal de communication local;c:\windows\system32\svchost.exe -k Cognizance [2008-6-25 21504]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-9 1168632]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-2 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-30 256512]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-7 24936]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\3.8.0.41\ccSvcHst.exe [2010-2-7 117640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-2-7 583640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-11-29 181760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-30 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-7 48688]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-5-13 475520]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-25 193840]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-25 21504]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]

=============== Created Last 30 ================

2010-02-21 19:00:07 0 ----a-w- c:\users\yellowcat services\defogger_reenable
2010-02-21 18:22:53 0 d-sh--w- C:\$RECYCLE.BIN
2010-02-21 18:09:32 0 d-----w- C:\ComboFix
2010-02-21 17:48:19 0 d-----w- c:\program files\Trend Micro
2010-02-21 17:16:45 77312 ----a-w- c:\windows\MBR.exe
2010-02-21 17:16:45 261632 ----a-w- c:\windows\PEV.exe
2010-02-21 17:16:44 98816 ----a-w- c:\windows\sed.exe
2010-02-21 17:16:44 161792 ----a-w- c:\windows\SWREG.exe
2010-02-07 17:45:56 0 d-----w- c:\users\yellow~1\appdata\roaming\Malwarebytes
2010-02-07 17:18:21 0 d---a-w- c:\programdata\TEMP
2010-02-07 17:17:55 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-02-07 17:17:55 506368 ----a-w- c:\windows\system32\msxml.dll
2010-02-07 17:17:55 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-02-07 17:17:55 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-02-07 17:17:53 0 d-----w- c:\program files\common files\PC Tools
2010-02-07 15:05:55 0 d-----w- c:\users\yellow~1\appdata\roaming\HPQLOG
2010-02-07 14:12:39 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-01-27 22:42:26 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-27 22:42:26 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-27 22:42:26 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-14 10:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 20:30:30 49472 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-11 20:30:30 11720 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-22 15:23:22 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-06-25 22:14:54 174 --sha-w- c:\program files\desktop.ini
2006-11-02 15:43:03 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2006-11-02 15:43:03 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2006-11-02 15:43:03 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2006-11-02 15:43:03 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-23 11:01:47 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-10-23 11:01:47 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-10-23 11:01:47 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-23 11:01:47 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-19 16:00:44 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 20:01:51,99 ===============


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:23 AM

Posted 23 February 2010 - 05:51 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 YellowtheCat

YellowtheCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 23 February 2010 - 07:16 AM

Hi Elise,

Let me first thank you for taking the time to help. Much appreciated.

Here are the first two logs that you requested...

I'll run GMER next and post a reply

Thanks again



OTL logfile created on: 23/02/2010 13:04:17 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\YellowCat Services\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 70,01 Gb Free Space | 62,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YCS17PORTABLE
Current User Name: YellowCat Services
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/23 13:02:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\YellowCat Services\Desktop\OTL.exe
PRC - [2010/02/05 19:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Users\YellowCat Services\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/11/25 15:42:18 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/08/22 09:18:35 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 09:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/05/30 08:36:20 | 000,256,512 | ---- | M] (SafeBoot International) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/05/21 10:36:04 | 000,671,744 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/05/21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
PRC - [2008/05/09 15:09:08 | 001,168,632 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/04/16 07:18:34 | 000,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/04/07 17:13:38 | 000,024,936 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\hpservice.exe
PRC - [2008/03/25 19:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/12/11 11:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/05/15 15:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 15:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/02/23 13:02:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\YellowCat Services\Desktop\OTL.exe
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/05/21 01:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/25 15:42:18 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/22 09:18:35 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/19 18:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/06/02 09:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/05/30 08:36:20 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/05/21 10:36:04 | 000,671,744 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/05/21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/05/21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll -- (ASChannel)
SRV - [2008/05/09 15:09:08 | 001,168,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/04/16 07:18:34 | 000,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/04/08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/04/07 17:13:38 | 000,024,936 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\System32\hpservice.exe -- (hpsrv)
SRV - [2008/04/03 10:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 20:25:50 | 000,630,784 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/03/24 06:35:22 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/12/11 11:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/05/15 15:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/02/06 10:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100222.039\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/06 10:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100222.039\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/30 21:48:18 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/09/11 02:11:04 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/09 21:17:11 | 000,026,600 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/08/29 10:34:50 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/29 10:34:50 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/22 09:18:36 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 09:18:36 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 09:18:36 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 09:18:36 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 09:18:36 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 09:18:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 09:18:35 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/22 09:18:35 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 09:18:24 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2008/06/25 15:07:57 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/05/30 08:37:06 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/05/30 08:37:02 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/05/30 08:37:00 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/05/30 08:36:58 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/21 11:35:06 | 003,552,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/13 07:30:34 | 000,475,520 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/04/28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/04/14 13:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/11 15:38:44 | 000,382,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/04/08 04:00:00 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/07 17:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/04/07 17:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/03/27 20:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/02/29 15:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/18 22:42:14 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) Module de plateforme sécurisée (TPM)
DRV - [2008/01/18 21:14:12 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV - [2008/01/18 20:57:16 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2007/11/29 15:56:40 | 000,181,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3645261703-2824615500-2659958386-1015\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3645261703-2824615500-2659958386-1015\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3645261703-2824615500-2659958386-1015\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 72 22 DF 14 A8 CA 01 [binary data]
IE - HKU\S-1-5-21-3645261703-2824615500-2659958386-1015\S-1-5-21-3645261703-2824615500-2659958386-1015\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/02/23 10:36:57 | 000,000,000 | ---D | M]

[2010/02/07 09:33:25 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

O1 HOSTS File: ([2010/02/21 18:33:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3645261703-2824615500-2659958386-1015\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3645261703-2824615500-2659958386-1015\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O4 - HKU\S-1-5-21-3645261703-2824615500-2659958386-1015..\Run: [Google Update] C:\Users\YellowCat Services\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3645261703-2824615500-2659958386-1015\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3645261703-2824615500-2659958386-1015\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-3645261703-2824615500-2659958386-1015\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3645261703-2824615500-2659958386-1015_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/23 13:02:46 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\YellowCat Services\Desktop\OTL.exe
[2010/02/23 10:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/02/23 10:25:26 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpz3l5ha.dll
[2010/02/23 10:25:22 | 000,000,000 | ---D | C] -- C:\Windows\LastGood.Tmp
[2010/02/23 10:25:17 | 001,373,528 | ---- | C] (Hewlett-Packard) -- C:\Windows\hpzshl01.exe
[2010/02/23 10:25:17 | 001,140,056 | ---- | C] (Hewlett-Packard) -- C:\Windows\hpzmsi01.exe
[2010/02/23 10:25:16 | 000,000,000 | ---D | C] -- C:\Windows\carrier
[2010/02/23 10:25:16 | 000,000,000 | ---D | C] -- C:\Windows\braveheart
[2010/02/23 10:24:34 | 000,000,000 | ---D | C] -- C:\TEMP
[2010/02/23 10:23:47 | 000,970,752 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtiop3.dll
[2010/02/23 10:23:47 | 000,729,088 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax3.dll
[2010/02/23 10:23:47 | 000,364,544 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2010/02/23 10:23:47 | 000,294,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst11.dll
[2010/02/23 10:23:47 | 000,271,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2010/02/23 10:23:47 | 000,036,352 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpw6400co.dll
[2010/02/23 10:23:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2010/02/21 20:33:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/02/21 19:22:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/21 19:09:32 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/02/21 19:09:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/21 18:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/21 18:41:00 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Local\temp
[2010/02/21 18:16:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/21 18:16:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/21 18:16:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/21 18:16:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/21 18:15:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/21 17:42:28 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/21 17:42:27 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/21 17:42:26 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/21 17:42:26 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/07 18:45:56 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Roaming\Malwarebytes
[2010/02/07 18:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/02/07 18:17:55 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010/02/07 18:17:55 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010/02/07 18:17:55 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2010/02/07 18:17:55 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010/02/07 18:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/02/07 18:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/02/07 18:17:15 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\Documents\Downloads
[2010/02/07 18:03:02 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Local\Google
[2010/02/07 18:02:50 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Local\Deployment
[2010/02/07 18:02:50 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Local\Apps
[2010/02/07 17:44:56 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Roaming\Macromedia
[2010/02/07 17:21:05 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Roaming\Adobe
[2010/02/07 17:21:05 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Local\Adobe
[2010/02/07 16:06:14 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Roaming\ATI
[2010/02/07 16:06:14 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Local\ATI
[2010/02/07 16:05:55 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Roaming\HPQLOG
[2010/02/07 16:05:25 | 000,000,000 | R--D | C] -- C:\Users\YellowCat Services\Searches
[2010/02/07 16:05:13 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Roaming\Identities
[2010/02/07 16:05:11 | 000,000,000 | R--D | C] -- C:\Users\YellowCat Services\Contacts
[2010/02/07 16:04:54 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Local\VirtualStore
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\Voisinage réseau
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\Voisinage d'impression
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\AppData\Local\Temporary Internet Files
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\SendTo
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\Recent
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\Modèles
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\Documents\Mes vidéos
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\Documents\Mes images
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\Mes documents
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\Menu Démarrer
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\Documents\Ma musique
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\Local Settings
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\AppData\Local\Historique
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\Cookies
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\Application Data
[2010/02/07 16:04:52 | 000,000,000 | -HSD | C] -- C:\Users\YellowCat Services\AppData\Local\Application Data
[2010/02/07 16:04:50 | 000,000,000 | --SD | C] -- C:\Users\YellowCat Services\AppData\Roaming\Microsoft
[2010/02/07 16:04:50 | 000,000,000 | R--D | C] -- C:\Users\YellowCat Services\Videos
[2010/02/07 16:04:50 | 000,000,000 | R--D | C] -- C:\Users\YellowCat Services\Saved Games
[2010/02/07 16:04:50 | 000,000,000 | R--D | C] -- C:\Users\YellowCat Services\Pictures
[2010/02/07 16:04:50 | 000,000,000 | R--D | C] -- C:\Users\YellowCat Services\Music
[2010/02/07 16:04:50 | 000,000,000 | R--D | C] -- C:\Users\YellowCat Services\Links
[2010/02/07 16:04:50 | 000,000,000 | R--D | C] -- C:\Users\YellowCat Services\Favorites
[2010/02/07 16:04:50 | 000,000,000 | R--D | C] -- C:\Users\YellowCat Services\Downloads
[2010/02/07 16:04:50 | 000,000,000 | R--D | C] -- C:\Users\YellowCat Services\Documents
[2010/02/07 16:04:50 | 000,000,000 | R--D | C] -- C:\Users\YellowCat Services\Desktop
[2010/02/07 16:04:50 | 000,000,000 | -H-D | C] -- C:\Users\YellowCat Services\AppData
[2010/02/07 16:04:50 | 000,000,000 | ---D | C] -- C:\Users\YellowCat Services\AppData\Local\Microsoft
[2010/02/07 15:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/23 13:08:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3645261703-2824615500-2659958386-1015UA.job
[2010/02/23 13:05:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E81EC49E-6831-4221-8D98-A3310C6CFB82}.job
[2010/02/23 13:03:56 | 000,786,432 | -HS- | M] () -- C:\Users\YellowCat Services\NTUSER.DAT
[2010/02/23 13:02:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\YellowCat Services\Desktop\OTL.exe
[2010/02/23 12:36:16 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/23 12:36:16 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/23 12:29:33 | 001,814,966 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.DB
[2010/02/23 10:36:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/23 10:36:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/23 10:33:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/23 10:33:49 | 000,524,288 | -HS- | M] () -- C:\Users\YellowCat Services\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/02/23 10:33:49 | 000,065,536 | -HS- | M] () -- C:\Users\YellowCat Services\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/02/23 10:33:47 | 002,621,798 | -H-- | M] () -- C:\Users\YellowCat Services\AppData\Local\IconCache.db
[2010/02/23 10:30:43 | 000,118,182 | ---- | M] () -- C:\Windows\hpwins14.dat
[2010/02/21 21:04:27 | 325,036,144 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/21 20:06:11 | 000,293,376 | ---- | M] () -- C:\Users\YellowCat Services\Desktop\2ui78lu7.exe
[2010/02/21 20:00:47 | 000,524,288 | ---- | M] () -- C:\Users\YellowCat Services\Desktop\dds.scr
[2010/02/21 20:00:07 | 000,000,000 | ---- | M] () -- C:\Users\YellowCat Services\defogger_reenable
[2010/02/21 19:18:11 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/21 18:48:20 | 000,001,874 | ---- | M] () -- C:\Users\YellowCat Services\Desktop\HijackThis.lnk
[2010/02/21 18:33:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/21 18:14:05 | 003,866,973 | R--- | M] () -- C:\Users\YellowCat Services\Desktop\ComboFix.exe
[2010/02/21 18:08:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3645261703-2824615500-2659958386-1015Core.job
[2010/02/21 17:38:14 | 000,002,107 | ---- | M] () -- C:\Users\YellowCat Services\Desktop\Google Chrome.lnk
[2010/02/07 18:17:57 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010/02/07 17:52:57 | 000,006,598 | ---- | M] () -- C:\Users\YellowCat Services\Documents\cc_20100207_175246.reg
[2010/02/07 17:51:05 | 000,000,804 | ---- | M] () -- C:\Users\YellowCat Services\Desktop\CCleaner - Raccourci.lnk
[2010/02/07 16:31:35 | 000,524,288 | -HS- | M] () -- C:\Users\YellowCat Services\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2010/02/07 16:05:53 | 000,097,672 | ---- | M] () -- C:\Users\YellowCat Services\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/07 16:04:52 | 000,000,020 | -HS- | M] () -- C:\Users\YellowCat Services\ntuser.ini
[2010/02/07 10:43:58 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\isolate.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/23 10:25:17 | 000,011,362 | ---- | C] () -- C:\Windows\hpwscr14.dat
[2010/02/23 10:24:35 | 000,118,182 | ---- | C] () -- C:\Windows\hpwins14.dat
[2010/02/23 10:24:35 | 000,000,467 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2010/02/21 20:33:13 | 325,036,144 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/02/21 20:06:10 | 000,293,376 | ---- | C] () -- C:\Users\YellowCat Services\Desktop\2ui78lu7.exe
[2010/02/21 20:00:45 | 000,524,288 | ---- | C] () -- C:\Users\YellowCat Services\Desktop\dds.scr
[2010/02/21 20:00:07 | 000,000,000 | ---- | C] () -- C:\Users\YellowCat Services\defogger_reenable
[2010/02/21 18:48:20 | 000,001,874 | ---- | C] () -- C:\Users\YellowCat Services\Desktop\HijackThis.lnk
[2010/02/21 18:16:45 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/21 18:16:45 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/21 18:16:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/21 18:16:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/21 18:16:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/21 18:13:57 | 003,866,973 | R--- | C] () -- C:\Users\YellowCat Services\Desktop\ComboFix.exe
[2010/02/07 18:17:57 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2010/02/07 18:12:38 | 000,002,107 | ---- | C] () -- C:\Users\YellowCat Services\Desktop\Google Chrome.lnk
[2010/02/07 18:03:06 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3645261703-2824615500-2659958386-1015UA.job
[2010/02/07 18:03:05 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3645261703-2824615500-2659958386-1015Core.job
[2010/02/07 17:52:52 | 000,006,598 | ---- | C] () -- C:\Users\YellowCat Services\Documents\cc_20100207_175246.reg
[2010/02/07 17:51:05 | 000,000,804 | ---- | C] () -- C:\Users\YellowCat Services\Desktop\CCleaner - Raccourci.lnk
[2010/02/07 16:06:01 | 000,000,000 | ---- | C] () -- C:\Users\YellowCat Services\AppData\Local\QSwitch.txt
[2010/02/07 16:06:01 | 000,000,000 | ---- | C] () -- C:\Users\YellowCat Services\AppData\Local\DSwitch.txt
[2010/02/07 16:06:01 | 000,000,000 | ---- | C] () -- C:\Users\YellowCat Services\AppData\Local\AtStart.txt
[2010/02/07 16:04:52 | 000,000,020 | -HS- | C] () -- C:\Users\YellowCat Services\ntuser.ini
[2010/02/07 16:04:51 | 000,524,288 | -HS- | C] () -- C:\Users\YellowCat Services\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2010/02/07 16:04:51 | 000,524,288 | -HS- | C] () -- C:\Users\YellowCat Services\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/02/07 16:04:51 | 000,065,536 | -HS- | C] () -- C:\Users\YellowCat Services\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/02/07 16:04:50 | 000,786,432 | -HS- | C] () -- C:\Users\YellowCat Services\NTUSER.DAT
[2009/07/07 21:52:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/10/18 11:09:30 | 000,002,146 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/10/11 17:06:19 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/25 16:38:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/06/25 16:38:47 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/06/25 16:38:47 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/06/25 16:38:47 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/06/25 16:38:47 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/06/25 16:38:47 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/25 14:50:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/30 08:36:58 | 000,108,752 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2008/05/21 10:38:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/04/03 23:30:00 | 000,110,592 | ---- | C] () -- C:\Windows\System32\scardsyn.dll
[1998/05/07 04:10:00 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ODMA32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >



OTL Extras logfile created on: 23/02/2010 13:04:17 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\YellowCat Services\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 70,01 Gb Free Space | 62,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YCS17PORTABLE
Current User Name: YellowCat Services
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3645261703-2824615500-2659958386-1015\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.YellowCat Services] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2208E1B7-5EEE-41B7-AF4C-7C26C0786096}" = rport=445 | protocol=6 | dir=out | app=system |
"{453D4FA0-18C1-40B8-90B2-BBEF73BA64F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{531975D8-B608-48FA-902A-0A2AB2D7A7D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{57633850-54CF-491A-A51A-4BBFA47B0A51}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B75B582-1E30-4A3D-BE3A-72BFE95C8218}" = lport=445 | protocol=6 | dir=in | app=system |
"{6C25A391-CE9A-4FAF-94CE-59524CF3D1F9}" = lport=137 | protocol=17 | dir=in | app=system |
"{6EDA6D48-064D-4798-B1A6-C7FACEFCC53A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9862237D-A139-4506-886C-15CE2F701E48}" = rport=138 | protocol=17 | dir=out | app=system |
"{C3F1CECB-1278-45ED-956B-1D61F943421C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E2971972-D469-45EE-9ADD-13358B09CE8A}" = rport=139 | protocol=6 | dir=out | app=system |
"{F132493A-2733-4086-8230-1852D3B07B97}" = lport=139 | protocol=6 | dir=in | app=system |
"{FDFA3CC1-9FD5-4395-8EC4-F3B9D75E5432}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BD539FD-5CB5-4A92-8AB0-81C611636FCA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{48DF809B-99B5-43ED-A916-1E139F655EBD}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{4F5CB254-AD04-4A56-873E-0D3CA442520D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7A001230-C715-46FA-A735-01047CBA9942}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{88088A7B-21BA-4564-800F-B57E2D02692D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{91EAA77F-7C9D-4CBB-A9C6-4F9936D43459}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{C6A09E39-BE6D-4133-8CF0-6A19F2DE11C3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E5CBB34F-8079-40F9-B167-E882CA9E79AD}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A7C581D-FE89-1A48-F67D-04C1BBAAB370}" = CCC Help Chinese Standard
"{0CA6047C-D28B-4295-834A-07C52BA20C2D}" = Extension de Windows Live Toolbar (Windows Live Toolbar)
"{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}" = Menus intelligents (Windows Live Toolbar)
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E4EDFCB-DC4D-4339-AB85-A8444E85D37B}" = 2600
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{1669ABD9-38D2-2026-39AB-88F74193483F}" = Catalyst Control Center Localization Chinese Traditional
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{19AEFDC0-600A-439b-B5AA-14035AF21B6D}" = Enterprise
"{1A40B60D-62A4-89FA-3505-A4633FBC3938}" = Catalyst Control Center Localization Spanish
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20F23F8E-C635-630C-D558-F8E43182E53E}" = CCC Help Portuguese
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21792334-521E-FD94-77DC-8B225DD3FD3D}" = CCC Help Czech
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2486EE70-605E-88B7-7424-D71621ECFBB4}" = Catalyst Control Center Localization French
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{266E6165-BD49-BD22-C85B-54933C8E0029}" = Catalyst Control Center Localization Thai
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{281A82A5-F588-7DE0-FD18-E64E6A920FE9}" = Catalyst Control Center Core Implementation
"{29742BFF-CE0F-8297-8FD5-9CE1A944E927}" = Catalyst Control Center Localization Turkish
"{2A40BFCD-7FE4-48c6-9B7C-82EF9AD3DAA8}" = HP Officejet J6400 AiO Series Corporate Edition 10.0
"{2FBA568F-3571-6345-B043-CAC9DABD25A3}" = CCC Help Danish
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34A1D4DF-AB51-EDD2-70F2-4FD227B0F9B0}" = Catalyst Control Center Localization Japanese
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3ADB8044-C940-5B4D-0268-46B80AC9B411}" = Catalyst Control Center Localization Hungarian
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{408E00AE-4806-34B5-32DE-436F149D5CFB}" = CCC Help Russian
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4AA1D50C-6807-6EDC-E3CD-F8D74D138654}" = Catalyst Control Center Localization Portuguese
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D182430-D2B8-D788-D314-BBE9BA7DADE4}" = CCC Help English
"{5217429A-2B2E-952C-C416-D7B11980EB9F}" = Catalyst Control Center Localization Norwegian
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{53B20C18-D8D4-4588-8737-9BBFE303C354}" = Windows Live Movie Maker
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{584D455A-135C-5628-A0C1-DB21EC463DD4}" = CCC Help Japanese
"{5AAF085B-C7F9-E981-E27C-B3E4BF53F3AC}" = CCC Help Spanish
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D74D545-CBD1-E68C-C332-3C905F1FBAE7}" = CCC Help Dutch
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{642A880D-8287-34A6-73FD-89D0E03F4DBA}" = ATI Catalyst Install Manager
"{644865B5-D50E-52D4-66CC-672C830D7BD2}" = Catalyst Control Center Localization Russian
"{65B59CB0-A312-C7C1-E4BF-C93883AE70B8}" = CCC Help German
"{65E1184F-5B38-44D4-8C73-350BAF88277D}" = Catalyst Control Center Localization Greek
"{661477C4-1913-B932-D4C8-270003F2A720}" = Catalyst Control Center Localization Finnish
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6726A98B-33D8-36CD-7EF2-AFFA3A2CC7BF}" = Catalyst Control Center Localization German
"{674E46EE-B9EC-B22F-0075-82922E46DB68}" = ccc-core-static
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6994058A-113A-CA27-F6CF-AAFDD609AC7B}" = CCC Help Chinese Traditional
"{69D2FA87-8738-799C-D4B0-2081CF772DB5}" = Catalyst Control Center Graphics Full New
"{6BDE72FA-F917-B29B-2B26-263BB251EEC0}" = Catalyst Control Center Localization Korean
"{6D290CD5-4058-9A87-A6A6-5F730B8258B6}" = Catalyst Control Center Localization Chinese Standard
"{6F215D53-6560-4E65-B268-3358508C6D6D}" = 2600Trb
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{7665FEBD-466A-E02C-4DD2-8D7750BD1660}" = CCC Help Swedish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7F1B48B4-A03E-C8FB-4F47-3AB2B98C153E}" = CCC Help Greek
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{81B5F83F-2291-48B0-8375-36B63A9BF5B0}" = Surligneur (Windows Live Toolbar)
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{86B6D03D-9F17-3B59-DF55-D9084AF25A3E}" = CCC Help French
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4B0C5D-035C-4643-B80F-AFF81534D117}" = 2600_Help
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFCE2CD-F17E-F7B6-6A2B-DCE25D9614A0}" = Catalyst Control Center Localization Danish
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{933FEE2C-AE34-11A4-7527-848864FC19E1}" = Catalyst Control Center Localization Italian
"{94F0D398-4ADF-A61E-724D-4DF7710CA42E}" = Catalyst Control Center Localization Czech
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB9FBC4B-594A-1A90-DD8C-F83BDEA280E7}" = CCC Help Finnish
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{B0D00291-DFC7-28B0-9A50-C1A29FE1CB89}" = CCC Help Thai
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B1BB093B-D71F-288D-415D-555DD62180CC}" = Catalyst Control Center Graphics Full Existing
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6E3E58C-94F4-E31A-1B0D-217C5FC30CF7}" = Catalyst Control Center Graphics Light
"{BC6E1B87-AC2A-5ED5-50F4-9DA06292BD9C}" = CCC Help Polish
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1161615-C06F-72E2-8714-EB6F008F396A}" = CCC Help Korean
"{C44218BE-86A6-6015-303A-3E92CD800B48}" = CCC Help Norwegian
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CABCDCC9-31F6-407E-ADD1-9D48BC6B17EB}" = HP ProtectTools Security Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}" = HP JavaCard for HP ProtectTools
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6CEE47-8D73-30C2-FC8D-0E4D5A30490E}" = ccc-utility
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D8C06571-A73B-7047-B99A-EDCDC19BAD27}" = Catalyst Control Center Localization Dutch
"{D95DED27-9DF2-C33F-2172-DF1DF1169F8D}" = Skins
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E2E81CE7-B79F-31F0-53E5-B4D94F477940}" = Catalyst Control Center Localization Polish
"{E44FFEA5-177E-4C5C-9EE1-33C8E3F2755B}" = HP 3D DriveGuard
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9278FF1-EB10-043E-FD0C-B77481DA67A8}" = Catalyst Control Center Localization Swedish
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0EB143C-BCC7-58C1-1E51-DE338A260CD9}" = CCC Help Hungarian
"{F131A7DA-8104-4ff2-A4B4-1F4CB0AB8952}" = BPDSoftware_2k
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F657EF23-08BB-4C8D-B688-78C20FA657EA}" = Drive Encryption for HP ProtectTools
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{F803B959-C47E-DC8D-A19F-1493C709586B}" = CCC Help Turkish
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
"{FECE9B59-2B99-4337-D0D4-E9BEA502A25C}" = CCC Help Italian
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}" = AuthenTec Fingerprint System
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Belarc Advisor" = Belarc Advisor 7.2
"Broadcom 802.11b Network Adapter" = Carte réseau local sans fil 802.11 Broadcom
"CCleaner" = CCleaner
"eureka" = Encyclopédie Hachette Multimédia (désinstallation)
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"N360" = Norton 360 Premier Edition
"QuestService" = QuestService 1.0 build 133
"Registry Mechanic_is1" = Registry Mechanic 9.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Installation Windows Live

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3645261703-2824615500-2659958386-1015\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/01/2010 18:47:36 | Computer Name = PC_Magali | Source = Application Error | ID = 1000
Description = Application défaillante firefox.exe, version 1.9.1.3622, horodatage
0x4b16159b, module défaillant ACEFFAddOn.dll, version 4.1.0.5240, horodatage 0x4b1c8230,
code d’exception 0xc000000d, décalage d’erreur 0x00014881, ID du processus 0xe3c,
heure de début de l’application 0x01ca8d8fa05eaf40.

Error - 04/01/2010 18:49:26 | Computer Name = PC_Magali | Source = Application Error | ID = 1000
Description = Application défaillante firefox.exe, version 1.9.1.3622, horodatage
0x4b16159b, module défaillant ACEFFAddOn.dll, version 4.1.0.5240, horodatage 0x4b1c8230,
code d’exception 0xc000000d, décalage d’erreur 0x00014881, ID du processus 0x1734,
heure de début de l’application 0x01ca8d8fede44400.

Error - 05/01/2010 07:38:28 | Computer Name = PC_Magali | Source = LoadPerf | ID = 3012
Description =

Error - 05/01/2010 18:02:42 | Computer Name = PC_Magali | Source = LoadPerf | ID = 3012
Description =

Error - 05/01/2010 18:02:51 | Computer Name = PC_Magali | Source = MsiInstaller | ID = 11706
Description =

Error - 05/01/2010 18:55:04 | Computer Name = PC_Magali | Source = LoadPerf | ID = 3012
Description =

Error - 06/01/2010 07:50:57 | Computer Name = PC_Magali | Source = System Restore | ID = 8193
Description =

Error - 06/01/2010 13:21:39 | Computer Name = PC_Magali | Source = System Restore | ID = 8193
Description =

Error - 08/01/2010 07:56:25 | Computer Name = PC_Magali | Source = System Restore | ID = 8193
Description =

Error - 08/01/2010 11:24:37 | Computer Name = PC_Magali | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 21/02/2010 16:06:37 | Computer Name = PC_Magali | Source = Service Control Manager | ID = 7022
Description =

Error - 21/02/2010 16:06:37 | Computer Name = PC_Magali | Source = Service Control Manager | ID = 7026
Description =

Error - 21/02/2010 16:07:16 | Computer Name = PC_Magali | Source = bowser | ID = 8003
Description =

Error - 23/02/2010 03:49:41 | Computer Name = PC_Magali | Source = DCOM | ID = 10010
Description =

Error - 23/02/2010 04:49:06 | Computer Name = PC_Magali | Source = Service Control Manager | ID = 7022
Description =

Error - 23/02/2010 04:49:06 | Computer Name = PC_Magali | Source = Service Control Manager | ID = 7026
Description =

Error - 23/02/2010 05:28:16 | Computer Name = PC_Magali | Source = DCOM | ID = 10016
Description =

Error - 23/02/2010 05:28:17 | Computer Name = PC_Magali | Source = DCOM | ID = 10016
Description =

Error - 23/02/2010 05:38:17 | Computer Name = YCS17portable | Source = Service Control Manager | ID = 7022
Description =

Error - 23/02/2010 05:38:17 | Computer Name = YCS17portable | Source = Service Control Manager | ID = 7026
Description =


< End of report >





#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:23 AM

Posted 23 February 2010 - 08:25 AM

Hello YellowtheCat,

I notice the presence of Registry Mechanic Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
QUOTE
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html


Your logs show you have been running Combofix. Please post me the log you will find at c:\combofix.txt toghether with the GMER log.

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for unsupervised use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 YellowtheCat

YellowtheCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 23 February 2010 - 08:35 AM

Thanks for the advice on Registry Mechanic...

GMER Runs for a while and then blue screen crashes....all I can make out on the screen is kxliakog.sys, it seemed to be going thru something realted to the Hachette program at the time ?

Any suggestions ?

I'll run the very dangerous combofix now !

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:23 AM

Posted 23 February 2010 - 08:40 AM

No need to re-run Combofix. I need to see the log from the previous run.

As for GMER, try to run it with the Devices box unchecked.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 YellowtheCat

YellowtheCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 23 February 2010 - 09:00 AM

ComboFix Log Attached....

I'll go and try an run GMER without devices and then in Safe Mode...



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:23 AM

Posted 23 February 2010 - 09:10 AM

QUOTE
ComboFix Log Attached....
Not here ohmy.gif

Can you please copy/paste it? That makes it a lot easier for me to read (no download needed), thanks!

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 YellowtheCat

YellowtheCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 23 February 2010 - 09:57 AM

Sorry....

Combofix and GMER pasted below...

ComboFix 10-02-20.04 - YellowCat Services 23/02/2010 14:38:31.3.1 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2812.1832 [GMT 1:00]
Lancé depuis: c:\users\YellowCat Services\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-23 au 2010-02-23 ))))))))))))))))))))))))))))))))))))
.

2010-02-23 13:45 . 2010-02-23 13:46 -------- d-----w- c:\users\YellowCat Services\AppData\Local\temp
2010-02-23 13:45 . 2010-02-23 13:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-23 13:45 . 2010-02-23 13:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-23 13:45 . 2010-02-23 13:45 -------- d-----w- c:\users\AdminSAV\AppData\Local\temp
2010-02-23 13:24 . 2010-02-12 16:41 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-23 09:28 . 2010-02-23 09:28 -------- d-----w- c:\programdata\Hewlett-Packard
2010-02-23 09:28 . 2007-03-15 14:32 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2010-02-23 09:25 . 2007-03-15 14:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2010-02-23 09:25 . 2008-02-13 07:31 11362 ----a-w- c:\windows\hpwscr14.dat
2010-02-23 09:25 . 2007-11-06 18:15 1140056 ----a-w- c:\windows\hpzmsi01.exe
2010-02-23 09:25 . 2007-11-06 18:04 1373528 ----a-w- c:\windows\hpzshl01.exe
2010-02-23 09:25 . 2010-02-23 09:25 -------- d-----w- c:\windows\carrier
2010-02-23 09:25 . 2010-02-23 09:25 -------- d-----w- c:\windows\braveheart
2010-02-23 09:24 . 2010-02-23 09:30 118182 ----a-w- c:\windows\hpwins14.dat
2010-02-23 09:24 . 2008-02-13 07:31 467 ----a-w- c:\windows\hpwmdl14.dat
2010-02-23 09:24 . 2010-02-23 09:24 -------- d-----w- C:\TEMP
2010-02-23 09:24 . 2008-02-15 03:17 280443 ----a-w- c:\temp\hpwins14.dat
2010-02-23 09:24 . 2008-02-13 07:31 467 ----a-w- c:\temp\hpwmdl14.dat
2010-02-23 09:23 . 2007-12-14 06:58 36352 ----a-w- c:\windows\system32\hpw6400co.dll
2010-02-23 09:23 . 2007-11-06 18:10 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-02-23 09:23 . 2007-10-31 04:19 729088 ----a-w- c:\windows\system32\hpwwiax3.dll
2010-02-23 09:23 . 2007-10-31 04:19 970752 ----a-w- c:\windows\system32\hpwtiop3.dll
2010-02-23 09:23 . 2007-01-17 08:37 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2010-02-23 09:23 . 2007-01-17 08:31 294912 ----a-w- c:\windows\system32\hpovst11.dll
2010-02-23 09:23 . 2007-01-17 08:37 309760 ----a-w- c:\windows\system32\difxapi.dll
2010-02-23 09:12 . 2010-02-06 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100222.039\NAVENG.SYS
2010-02-23 09:12 . 2010-02-06 09:00 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100222.039\NAVEX15.SYS
2010-02-23 09:12 . 2009-08-29 09:34 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100222.039\NAVENG32.DLL
2010-02-23 09:12 . 2009-08-29 09:34 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100222.039\NAVEX32A.DLL
2010-02-23 09:12 . 2009-12-10 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100222.039\CCERASER.DLL
2010-02-23 09:12 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100222.039\ECMSVR32.DLL
2010-02-23 09:12 . 2009-08-29 09:34 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100222.039\EECTRL.SYS
2010-02-23 09:12 . 2009-08-29 09:34 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100222.039\ERASER.SYS
2010-02-21 17:48 . 2010-02-21 17:48 -------- d-----w- c:\program files\Trend Micro
2010-02-21 16:47 . 2009-12-30 20:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\Scxpx86.dll
2010-02-21 16:47 . 2009-12-30 20:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSxpx86.dll
2010-02-21 16:47 . 2009-12-30 20:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSvix86.sys
2010-02-21 16:47 . 2009-12-30 20:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys
2010-02-21 16:47 . 2009-12-30 20:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSviA64.sys
2010-02-07 17:45 . 2010-02-07 17:45 -------- d-----w- c:\users\YellowCat Services\AppData\Roaming\Malwarebytes
2010-02-07 17:17 . 2004-08-04 07:00 506368 ----a-w- c:\windows\system32\msxml.dll
2010-02-07 17:17 . 2010-02-07 17:17 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-07 17:03 . 2010-02-07 17:07 -------- d-----w- c:\users\YellowCat Services\AppData\Local\Google
2010-02-07 17:02 . 2010-02-07 17:02 -------- d-----w- c:\users\YellowCat Services\AppData\Local\Deployment
2010-02-07 17:02 . 2010-02-07 17:02 -------- d-----w- c:\users\YellowCat Services\AppData\Local\Apps
2010-02-07 16:21 . 2010-02-07 16:21 -------- d-----w- c:\users\YellowCat Services\AppData\Local\Adobe
2010-02-07 15:06 . 2010-02-07 15:06 -------- d-----w- c:\users\YellowCat Services\AppData\Roaming\ATI
2010-02-07 15:06 . 2010-02-07 15:06 -------- d-----w- c:\users\YellowCat Services\AppData\Local\ATI
2010-02-07 15:05 . 2010-02-07 16:30 -------- d-----w- c:\users\YellowCat Services\AppData\Roaming\HPQLOG
2010-02-07 15:05 . 2010-02-07 15:05 97672 ----a-w- c:\users\YellowCat Services\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-07 14:12 . 2010-02-07 14:12 -------- d-----w- c:\program files\CCleaner
2010-02-07 08:30 . 2009-12-30 20:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\Scxpx86.dll
2010-02-07 08:30 . 2009-12-30 20:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSxpx86.dll
2010-02-07 08:30 . 2009-12-30 20:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSvix86.sys
2010-02-07 08:30 . 2009-12-30 20:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSXpx86.sys
2010-02-07 08:30 . 2009-12-30 20:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 13:23 . 2008-06-25 14:09 -------- d-----w- c:\programdata\hpqLog
2010-02-23 09:33 . 2008-06-30 05:59 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-23 08:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-07 08:49 . 2008-10-09 17:45 -------- d-----w- c:\program files\Windows Live
2010-02-07 08:37 . 2008-06-25 16:12 -------- d-----w- c:\program files\OpenOffice.org 2.4
2010-01-27 23:22 . 2009-03-28 00:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-26 23:17 . 2008-06-25 14:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 10:12 . 2009-10-03 09:25 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 20:30 . 2006-11-02 15:45 49472 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-11 20:30 . 2006-11-02 15:45 11720 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-05 11:28 . 2009-12-07 23:03 -------- d-----w- c:\programdata\QuestService
2010-01-05 11:28 . 2009-12-07 23:03 -------- d-----w- c:\program files\QuestService
2010-01-02 06:38 . 2010-01-21 22:10 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 22:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 22:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 22:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 20:09 . 2010-01-02 17:36 58744 ----a-w- c:\programdata\QuestService\questservice133.exe
2009-12-30 20:48 . 2010-01-05 11:40 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-12-30 20:48 . 2010-01-05 11:40 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-12-30 20:48 . 2010-01-05 11:40 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-12-30 20:48 . 2010-01-05 11:40 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-12-30 20:48 . 2010-01-05 11:40 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-12-11 11:43 . 2010-02-21 16:42 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-21 16:42 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-21 16:42 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-21 16:42 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-07 23:01 . 2009-12-07 23:01 620532 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\TPSetup.exe
2009-12-07 23:00 . 2009-12-07 23:00 999675 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\CMWSetup.exe
2009-12-07 22:59 . 2009-12-07 22:59 1381322 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\ITSetup.exe
2009-12-07 22:58 . 2009-12-07 22:58 735748 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\psksetup.exe
2009-12-07 22:57 . 2009-12-07 22:57 698804 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\aiaSetup.exe
2009-12-07 22:56 . 2009-12-07 22:56 629721 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\sessetup.exe
2009-12-07 08:13 . 2009-12-07 22:56 3035270 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\Setup.exe
2009-12-07 08:13 . 2009-12-07 22:46 581632 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\53CCABA1\B94081D6\mvbdl.exe
2009-12-07 07:34 . 2009-12-07 22:55 1208320 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\SetupArchive\FFB013D3\B94081D6\mvb0.dll
2009-12-07 07:33 . 2009-12-07 22:55 544768 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\SetupArchive\9B0CAB90\B94081D6\mvbapp.dll
2009-12-07 07:32 . 2009-12-07 22:47 204800 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\mvbsh.dll
2009-12-07 07:32 . 2009-12-07 22:47 176128 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\ProductInfo.dll
2009-12-07 07:32 . 2009-12-07 22:47 176128 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\48C8FBD2\B94081D6\ProductInfo.dll
2009-12-04 18:30 . 2010-02-21 16:42 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-21 16:42 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-21 16:42 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-21 16:42 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-21 16:42 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-21 16:42 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-21 16:42 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-21 16:42 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-21 16:42 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-21 16:42 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-21 16:42 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\YellowCat Services\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-07 135664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-25 197904]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-11-25 14:42 292824 ----a-w- c:\program files\Registry Mechanic\RMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2009-11-25 14:42 104408 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:10,cf,49,46,53,ff,c9,01

R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [30/05/2008 08:37 51376]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [30/05/2008 08:37 12928]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0308000.029\SymEFA.sys [07/02/2010 10:44 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0308000.029\BHDrvx86.sys [07/02/2010 10:44 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0308000.029\cchpx86.sys [07/02/2010 10:44 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSvix86.sys [21/02/2010 17:47 343088]
R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [30/05/2008 08:37 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [15/05/2007 15:08 182576]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [25/06/2008 21:36 21504]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [25/06/2008 21:36 21504]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [09/05/2008 15:09 1168632]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [02/06/2008 09:32 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [30/05/2008 08:36 256512]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [07/04/2008 17:13 24936]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [07/02/2010 10:44 117640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [07/02/2010 18:17 583640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [29/11/2007 15:56 181760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/08/2009 17:11 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0308000.029\symndisv.sys [07/02/2010 10:44 48688]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [13/05/2008 07:30 475520]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/06/2008 15:18 193840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 13:12 1112560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3645261703-2824615500-2659958386-1015Core.job
- c:\users\YellowCat Services\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 17:03]

2010-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3645261703-2824615500-2659958386-1015UA.job
- c:\users\YellowCat Services\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 17:03]

2010-02-23 c:\windows\Tasks\User_Feed_Synchronization-{E81EC49E-6831-4221-8D98-A3310C6CFB82}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 14:46
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\System32\APSHook.dll

- - - - - - - > 'lsass.exe'(668)
c:\windows\System32\APSHook.dll

- - - - - - - > 'Explorer.exe'(4748)
c:\windows\System32\NLSLexicons000c.dll
c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccVrTrst.dll
c:\windows\System32\netshell.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2010-02-23 14:50:10
ComboFix-quarantined-files.txt 2010-02-23 13:50
ComboFix2.txt 2010-02-21 18:23
ComboFix3.txt 2010-02-21 17:40

Avant-CF: 74 969 157 632 octets libres
Après-CF: 75 085 017 088 octets libres

- - End Of File - - 59A26A5014741B6D311D5CB6948489A0


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-23 15:47:16
Windows 6.0.6002 Service Pack 2
Running: 2ui78lu7.exe; Driver: C:\Users\YELLOW~1\AppData\Local\Temp\kxliakog.sys


---- System - GMER 1.0.15 ----

SSDT 86A1D068 ZwAlertResumeThread
SSDT 862A89D0 ZwAlertThread
SSDT 86ABB818 ZwAllocateVirtualMemory
SSDT 866F0938 ZwAlpcConnectPort
SSDT 86A08EF0 ZwAssignProcessToJobObject
SSDT 86A78AC8 ZwCreateMutant
SSDT 86ABED88 ZwCreateSymbolicLinkObject
SSDT 86ABF6B8 ZwCreateThread
SSDT 86A3D118 ZwDebugActiveProcess
SSDT 86ABC2F0 ZwDuplicateObject
SSDT 86A49A00 ZwFreeVirtualMemory
SSDT 869DA790 ZwImpersonateAnonymousToken
SSDT 86A14A00 ZwImpersonateThread
SSDT 86899D80 ZwLoadDriver
SSDT 86A49920 ZwMapViewOfSection
SSDT 86A45B58 ZwOpenEvent
SSDT 86ABD2C0 ZwOpenProcess
SSDT 86CE4138 ZwOpenProcessToken
SSDT 86A52CE8 ZwOpenSection
SSDT 86ABC3C0 ZwOpenThread
SSDT 86ABEF38 ZwProtectVirtualMemory
SSDT 86E65748 ZwResumeThread
SSDT 86EC6220 ZwSetContextThread
SSDT 86A936B8 ZwSetInformationProcess
SSDT 86A70B20 ZwSetSystemInformation
SSDT 86A23118 ZwSuspendProcess
SSDT 862A96B8 ZwSuspendThread
SSDT 86EE9068 ZwTerminateProcess
SSDT 8683B4A0 ZwTerminateThread
SSDT 862AAA80 ZwUnmapViewOfSection
SSDT 86ABB748 ZwWriteVirtualMemory
SSDT 86ABEE58 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81EEC860 8 Bytes [68, D0, A1, 86, D0, 89, 2A, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 81EEC874 4 Bytes [18, B8, AB, 86]
.text ntkrnlpa.exe!KeSetEvent + 13D 81EEC880 4 Bytes [38, 09, 6F, 86]
.text ntkrnlpa.exe!KeSetEvent + 191 81EEC8D4 4 Bytes [F0, 8E, A0, 86]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81EEC938 4 Bytes [C8, 8A, A7, 86] {ENTER 0xa78a, 0x86}
.text ...
? C:\Windows\System32\Drivers\SafeBoot.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9D40C000, 0x1FB97A, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F87817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FDA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F8BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F7F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F7E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FB8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F8DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F7FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F7FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7400CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FAC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F7D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F76853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F7687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2988] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F82AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015831838b4
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015831838b4@0025e507023a 0xE0 0x43 0x4D 0xCA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37dd7b54
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015831838b4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015831838b4@0025e507023a 0xE0 0x43 0x4D 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37dd7b54 (not active ControlSet)

---- EOF - GMER 1.0.15 ----


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:23 AM

Posted 23 February 2010 - 10:04 AM

Please navigate to c:\qoobox\combofix3.txt and post its contents in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 YellowtheCat

YellowtheCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 23 February 2010 - 10:08 AM

As Requested...

ComboFix 10-02-20.04 - YellowCat Services 21/02/2010 18:19:53.1.1 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2812.1476 [GMT 1:00]
Lancé depuis: c:\users\YellowCat Services\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Automated Content Enhancer
c:\program files\Automated Content Enhancer\4.1.0.5240\ACECommon.dll
c:\program files\Automated Content Enhancer\4.1.0.5240\ACEIeaddon.dll
c:\program files\Automated Content Enhancer\4.1.0.5240\Data\config.md
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\chrome.manifest
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\chrome\ACEAddOn.jar
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\chrome\content\ACEAddOn.js
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\chrome\content\ACEAddOn.xul
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFAddOn.dll
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFAddOn.xpt
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFHelperComponent.js
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\install.rdf
c:\program files\Automated Content Enhancer\4.1.0.5240\lri.dll
c:\program files\Automated Content Enhancer\4.1.0.5240\unins000.dat
c:\program files\Automated Content Enhancer\4.1.0.5240\unins000.exe
c:\program files\Common Files\System\Uninstall
c:\program files\Customized Platform Advancer
c:\program files\Customized Platform Advancer\4.1.0.1800\CPACommon.dll
c:\program files\Customized Platform Advancer\4.1.0.1800\Data\config.md
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\chrome.manifest
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\chrome\content\CPAAddOn.js
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\chrome\content\CPAAddOn.xul
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\chrome\CPAAddOn.jar
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFAddOn.dll
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFAddOn.xpt
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFHelperComponent.js
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\install.rdf
c:\program files\Customized Platform Advancer\4.1.0.1800\lri.dll
c:\program files\Customized Platform Advancer\4.1.0.1800\unins000.dat
c:\program files\Customized Platform Advancer\4.1.0.1800\unins000.exe
c:\program files\Web Search Operator
c:\program files\Web Search Operator\3.1.0.1840\Data\config.md
c:\program files\Web Search Operator\3.1.0.1840\FF\chrome.manifest
c:\program files\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.js
c:\program files\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.xul
c:\program files\Web Search Operator\3.1.0.1840\FF\chrome\WSOAddOn.jar
c:\program files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.dll
c:\program files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.xpt
c:\program files\Web Search Operator\3.1.0.1840\FF\components\WSOFFHelperComponent.js
c:\program files\Web Search Operator\3.1.0.1840\FF\install.rdf
c:\program files\Web Search Operator\3.1.0.1840\unins000.dat
c:\program files\Web Search Operator\3.1.0.1840\unins000.exe
c:\program files\Web Search Operator\3.1.0.1840\WSOCommon.dll
c:\windows\system32\oem11.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-21 au 2010-02-21 ))))))))))))))))))))))))))))))))))))
.

2010-02-21 17:32 . 2010-02-12 16:41 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-21 17:28 . 2010-02-21 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-21 17:28 . 2010-02-21 17:28 -------- d-----w- c:\users\AdminSAV\AppData\Local\temp
2010-02-07 17:45 . 2010-02-07 17:45 -------- d-----w- c:\users\YellowCat Services\AppData\Roaming\Malwarebytes
2010-02-07 17:17 . 2004-08-04 07:00 506368 ----a-w- c:\windows\system32\msxml.dll
2010-02-07 17:17 . 2010-02-07 17:17 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-07 17:03 . 2010-02-07 17:07 -------- d-----w- c:\users\YellowCat Services\AppData\Local\Google
2010-02-07 17:02 . 2010-02-07 17:02 -------- d-----w- c:\users\YellowCat Services\AppData\Local\Deployment
2010-02-07 17:02 . 2010-02-07 17:02 -------- d-----w- c:\users\YellowCat Services\AppData\Local\Apps
2010-02-07 16:21 . 2010-02-07 16:21 -------- d-----w- c:\users\YellowCat Services\AppData\Local\Adobe
2010-02-07 15:06 . 2010-02-07 15:06 -------- d-----w- c:\users\YellowCat Services\AppData\Roaming\ATI
2010-02-07 15:06 . 2010-02-07 15:06 -------- d-----w- c:\users\YellowCat Services\AppData\Local\ATI
2010-02-07 15:05 . 2010-02-07 16:30 -------- d-----w- c:\users\YellowCat Services\AppData\Roaming\HPQLOG
2010-02-07 15:05 . 2010-02-07 15:05 97672 ----a-w- c:\users\YellowCat Services\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-07 14:12 . 2010-02-07 14:12 -------- d-----w- c:\program files\CCleaner
2010-02-07 08:30 . 2009-12-30 20:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\Scxpx86.dll
2010-02-07 08:30 . 2009-12-30 20:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSxpx86.dll
2010-02-07 08:30 . 2009-12-30 20:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSvix86.sys
2010-02-07 08:30 . 2009-12-30 20:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSXpx86.sys
2010-02-07 08:30 . 2009-12-30 20:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 17:32 . 2008-06-25 14:09 -------- d-----w- c:\programdata\hpqLog
2010-02-21 17:29 . 2008-06-30 05:59 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-07 08:49 . 2008-10-09 17:45 -------- d-----w- c:\program files\Windows Live
2010-02-07 08:37 . 2008-06-25 16:12 -------- d-----w- c:\program files\OpenOffice.org 2.4
2010-02-06 09:00 . 2010-02-21 16:47 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100221.004\NAVENG.SYS
2010-02-06 09:00 . 2010-02-21 16:47 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100221.004\NAVEX15.SYS
2010-01-27 23:22 . 2009-03-28 00:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-27 23:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-26 23:17 . 2008-06-25 14:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 10:12 . 2009-10-03 09:25 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 20:30 . 2006-11-02 15:45 49472 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-11 20:30 . 2006-11-02 15:45 11720 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-05 11:28 . 2009-12-07 23:03 -------- d-----w- c:\programdata\QuestService
2010-01-05 11:28 . 2009-12-07 23:03 -------- d-----w- c:\program files\QuestService
2010-01-02 06:38 . 2010-01-21 22:10 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 22:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 22:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 22:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 20:09 . 2010-01-02 17:36 58744 ----a-w- c:\programdata\QuestService\questservice133.exe
2009-12-30 20:48 . 2010-02-21 16:47 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\Scxpx86.dll
2009-12-30 20:48 . 2010-02-21 16:47 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSxpx86.dll
2009-12-30 20:48 . 2010-02-21 16:47 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSvix86.sys
2009-12-30 20:48 . 2010-02-21 16:47 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys
2009-12-30 20:48 . 2010-02-21 16:47 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSviA64.sys
2009-12-30 20:48 . 2010-01-05 11:40 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-12-30 20:48 . 2010-01-05 11:40 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-12-30 20:48 . 2010-01-05 11:40 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-12-30 20:48 . 2010-01-05 11:40 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-12-30 20:48 . 2010-01-05 11:40 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-12-10 09:00 . 2010-02-21 16:47 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100221.004\CCERASER.DLL
2009-12-07 23:01 . 2009-12-07 23:01 620532 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\TPSetup.exe
2009-12-07 23:00 . 2009-12-07 23:00 999675 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\CMWSetup.exe
2009-12-07 22:59 . 2009-12-07 22:59 1381322 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\ITSetup.exe
2009-12-07 22:58 . 2009-12-07 22:58 735748 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\psksetup.exe
2009-12-07 22:57 . 2009-12-07 22:57 698804 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\aiaSetup.exe
2009-12-07 22:56 . 2009-12-07 22:56 629721 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\sessetup.exe
2009-12-07 08:13 . 2009-12-07 22:56 3035270 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\Setup.exe
2009-12-07 08:13 . 2009-12-07 22:46 581632 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\53CCABA1\B94081D6\mvbdl.exe
2009-12-07 07:34 . 2009-12-07 22:55 1208320 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\SetupArchive\FFB013D3\B94081D6\mvb0.dll
2009-12-07 07:33 . 2009-12-07 22:55 544768 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\SetupArchive\9B0CAB90\B94081D6\mvbapp.dll
2009-12-07 07:32 . 2009-12-07 22:47 204800 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\mvbsh.dll
2009-12-07 07:32 . 2009-12-07 22:47 176128 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\ProductInfo.dll
2009-12-07 07:32 . 2009-12-07 22:47 176128 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\48C8FBD2\B94081D6\ProductInfo.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\YellowCat Services\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-07 135664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-25 197904]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-11-25 14:42 292824 ----a-w- c:\program files\Registry Mechanic\RMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2009-11-25 14:42 104408 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:10,cf,49,46,53,ff,c9,01

R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [30/05/2008 08:37 51376]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [30/05/2008 08:37 12928]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0308000.029\SymEFA.sys [07/02/2010 10:44 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0308000.029\BHDrvx86.sys [07/02/2010 10:44 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0308000.029\cchpx86.sys [07/02/2010 10:44 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSvix86.sys [21/02/2010 17:47 343088]
R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [30/05/2008 08:37 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [15/05/2007 15:08 182576]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [25/06/2008 21:36 21504]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [25/06/2008 21:36 21504]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [09/05/2008 15:09 1168632]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [02/06/2008 09:32 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [30/05/2008 08:36 256512]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [07/04/2008 17:13 24936]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [07/02/2010 10:44 117640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [07/02/2010 18:17 583640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [29/11/2007 15:56 181760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/08/2009 17:11 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0308000.029\symndisv.sys [07/02/2010 10:44 48688]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [13/05/2008 07:30 475520]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/06/2008 15:18 193840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 13:12 1112560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3645261703-2824615500-2659958386-1015Core.job
- c:\users\YellowCat Services\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 17:03]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3645261703-2824615500-2659958386-1015UA.job
- c:\users\YellowCat Services\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 17:03]

2010-02-21 c:\windows\Tasks\User_Feed_Synchronization-{E81EC49E-6831-4221-8D98-A3310C6CFB82}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.

**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(2548)
c:\windows\System32\NLSLexicons000c.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Heure de fin: 2010-02-21 18:40:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-21 17:40

Avant-CF: 74 952 642 560 octets libres
Après-CF: 76 855 246 848 octets libres

- - End Of File - - E9BC83D9340011AAB56C14D3427FCF25


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:23 AM

Posted 23 February 2010 - 10:14 AM

Please navigate to c:\qoobox\combofix3.txt and post its contents in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 YellowtheCat

YellowtheCat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 23 February 2010 - 10:44 AM

Was I supposed to do anything in between ?...I posted this in my last post and you requested it again ?


ComboFix 10-02-20.04 - YellowCat Services 21/02/2010 18:19:53.1.1 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2812.1476 [GMT 1:00]
Lancé depuis: c:\users\YellowCat Services\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Automated Content Enhancer
c:\program files\Automated Content Enhancer\4.1.0.5240\ACECommon.dll
c:\program files\Automated Content Enhancer\4.1.0.5240\ACEIeaddon.dll
c:\program files\Automated Content Enhancer\4.1.0.5240\Data\config.md
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\chrome.manifest
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\chrome\ACEAddOn.jar
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\chrome\content\ACEAddOn.js
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\chrome\content\ACEAddOn.xul
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFAddOn.dll
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFAddOn.xpt
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFHelperComponent.js
c:\program files\Automated Content Enhancer\4.1.0.5240\FF\install.rdf
c:\program files\Automated Content Enhancer\4.1.0.5240\lri.dll
c:\program files\Automated Content Enhancer\4.1.0.5240\unins000.dat
c:\program files\Automated Content Enhancer\4.1.0.5240\unins000.exe
c:\program files\Common Files\System\Uninstall
c:\program files\Customized Platform Advancer
c:\program files\Customized Platform Advancer\4.1.0.1800\CPACommon.dll
c:\program files\Customized Platform Advancer\4.1.0.1800\Data\config.md
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\chrome.manifest
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\chrome\content\CPAAddOn.js
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\chrome\content\CPAAddOn.xul
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\chrome\CPAAddOn.jar
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFAddOn.dll
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFAddOn.xpt
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFHelperComponent.js
c:\program files\Customized Platform Advancer\4.1.0.1800\FF\install.rdf
c:\program files\Customized Platform Advancer\4.1.0.1800\lri.dll
c:\program files\Customized Platform Advancer\4.1.0.1800\unins000.dat
c:\program files\Customized Platform Advancer\4.1.0.1800\unins000.exe
c:\program files\Web Search Operator
c:\program files\Web Search Operator\3.1.0.1840\Data\config.md
c:\program files\Web Search Operator\3.1.0.1840\FF\chrome.manifest
c:\program files\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.js
c:\program files\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.xul
c:\program files\Web Search Operator\3.1.0.1840\FF\chrome\WSOAddOn.jar
c:\program files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.dll
c:\program files\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.xpt
c:\program files\Web Search Operator\3.1.0.1840\FF\components\WSOFFHelperComponent.js
c:\program files\Web Search Operator\3.1.0.1840\FF\install.rdf
c:\program files\Web Search Operator\3.1.0.1840\unins000.dat
c:\program files\Web Search Operator\3.1.0.1840\unins000.exe
c:\program files\Web Search Operator\3.1.0.1840\WSOCommon.dll
c:\windows\system32\oem11.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-21 au 2010-02-21 ))))))))))))))))))))))))))))))))))))
.

2010-02-21 17:32 . 2010-02-12 16:41 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-21 17:28 . 2010-02-21 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-21 17:28 . 2010-02-21 17:28 -------- d-----w- c:\users\AdminSAV\AppData\Local\temp
2010-02-07 17:45 . 2010-02-07 17:45 -------- d-----w- c:\users\YellowCat Services\AppData\Roaming\Malwarebytes
2010-02-07 17:17 . 2004-08-04 07:00 506368 ----a-w- c:\windows\system32\msxml.dll
2010-02-07 17:17 . 2010-02-07 17:17 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-07 17:03 . 2010-02-07 17:07 -------- d-----w- c:\users\YellowCat Services\AppData\Local\Google
2010-02-07 17:02 . 2010-02-07 17:02 -------- d-----w- c:\users\YellowCat Services\AppData\Local\Deployment
2010-02-07 17:02 . 2010-02-07 17:02 -------- d-----w- c:\users\YellowCat Services\AppData\Local\Apps
2010-02-07 16:21 . 2010-02-07 16:21 -------- d-----w- c:\users\YellowCat Services\AppData\Local\Adobe
2010-02-07 15:06 . 2010-02-07 15:06 -------- d-----w- c:\users\YellowCat Services\AppData\Roaming\ATI
2010-02-07 15:06 . 2010-02-07 15:06 -------- d-----w- c:\users\YellowCat Services\AppData\Local\ATI
2010-02-07 15:05 . 2010-02-07 16:30 -------- d-----w- c:\users\YellowCat Services\AppData\Roaming\HPQLOG
2010-02-07 15:05 . 2010-02-07 15:05 97672 ----a-w- c:\users\YellowCat Services\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-07 14:12 . 2010-02-07 14:12 -------- d-----w- c:\program files\CCleaner
2010-02-07 08:30 . 2009-12-30 20:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\Scxpx86.dll
2010-02-07 08:30 . 2009-12-30 20:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSxpx86.dll
2010-02-07 08:30 . 2009-12-30 20:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSvix86.sys
2010-02-07 08:30 . 2009-12-30 20:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSXpx86.sys
2010-02-07 08:30 . 2009-12-30 20:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 17:32 . 2008-06-25 14:09 -------- d-----w- c:\programdata\hpqLog
2010-02-21 17:29 . 2008-06-30 05:59 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-07 08:49 . 2008-10-09 17:45 -------- d-----w- c:\program files\Windows Live
2010-02-07 08:37 . 2008-06-25 16:12 -------- d-----w- c:\program files\OpenOffice.org 2.4
2010-02-06 09:00 . 2010-02-21 16:47 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100221.004\NAVENG.SYS
2010-02-06 09:00 . 2010-02-21 16:47 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100221.004\NAVEX15.SYS
2010-01-27 23:22 . 2009-03-28 00:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-27 23:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-26 23:17 . 2008-06-25 14:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 10:12 . 2009-10-03 09:25 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 20:30 . 2006-11-02 15:45 49472 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-11 20:30 . 2006-11-02 15:45 11720 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-05 11:28 . 2009-12-07 23:03 -------- d-----w- c:\programdata\QuestService
2010-01-05 11:28 . 2009-12-07 23:03 -------- d-----w- c:\program files\QuestService
2010-01-02 06:38 . 2010-01-21 22:10 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 22:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 22:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 22:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 20:09 . 2010-01-02 17:36 58744 ----a-w- c:\programdata\QuestService\questservice133.exe
2009-12-30 20:48 . 2010-02-21 16:47 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\Scxpx86.dll
2009-12-30 20:48 . 2010-02-21 16:47 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSxpx86.dll
2009-12-30 20:48 . 2010-02-21 16:47 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSvix86.sys
2009-12-30 20:48 . 2010-02-21 16:47 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys
2009-12-30 20:48 . 2010-02-21 16:47 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSviA64.sys
2009-12-30 20:48 . 2010-01-05 11:40 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-12-30 20:48 . 2010-01-05 11:40 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-12-30 20:48 . 2010-01-05 11:40 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-12-30 20:48 . 2010-01-05 11:40 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-12-30 20:48 . 2010-01-05 11:40 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-12-10 09:00 . 2010-02-21 16:47 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100221.004\CCERASER.DLL
2009-12-07 23:01 . 2009-12-07 23:01 620532 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\TPSetup.exe
2009-12-07 23:00 . 2009-12-07 23:00 999675 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\CMWSetup.exe
2009-12-07 22:59 . 2009-12-07 22:59 1381322 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\ITSetup.exe
2009-12-07 22:58 . 2009-12-07 22:58 735748 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\psksetup.exe
2009-12-07 22:57 . 2009-12-07 22:57 698804 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\aiaSetup.exe
2009-12-07 22:56 . 2009-12-07 22:56 629721 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\sessetup.exe
2009-12-07 08:13 . 2009-12-07 22:56 3035270 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\Setup.exe
2009-12-07 08:13 . 2009-12-07 22:46 581632 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\53CCABA1\B94081D6\mvbdl.exe
2009-12-07 07:34 . 2009-12-07 22:55 1208320 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\SetupArchive\FFB013D3\B94081D6\mvb0.dll
2009-12-07 07:33 . 2009-12-07 22:55 544768 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\SetupArchive\9B0CAB90\B94081D6\mvbapp.dll
2009-12-07 07:32 . 2009-12-07 22:47 204800 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\mvbsh.dll
2009-12-07 07:32 . 2009-12-07 22:47 176128 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\mFileBagIDE.dll\bag\ProductInfo.dll
2009-12-07 07:32 . 2009-12-07 22:47 176128 -c--a-w- c:\programdata\{8EC269CA-8CE6-4410-82C3-A6B422D3606D}\OFFLINE\48C8FBD2\B94081D6\ProductInfo.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\YellowCat Services\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-07 135664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-25 197904]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-11-25 14:42 292824 ----a-w- c:\program files\Registry Mechanic\RMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2009-11-25 14:42 104408 ----a-w- c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:10,cf,49,46,53,ff,c9,01

R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [30/05/2008 08:37 51376]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [30/05/2008 08:37 12928]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0308000.029\SymEFA.sys [07/02/2010 10:44 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0308000.029\BHDrvx86.sys [07/02/2010 10:44 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0308000.029\cchpx86.sys [07/02/2010 10:44 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSvix86.sys [21/02/2010 17:47 343088]
R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [30/05/2008 08:37 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [15/05/2007 15:08 182576]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [25/06/2008 21:36 21504]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [25/06/2008 21:36 21504]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [09/05/2008 15:09 1168632]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [02/06/2008 09:32 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [30/05/2008 08:36 256512]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [07/04/2008 17:13 24936]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe [07/02/2010 10:44 117640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [07/02/2010 18:17 583640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [29/11/2007 15:56 181760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/08/2009 17:11 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0308000.029\symndisv.sys [07/02/2010 10:44 48688]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [13/05/2008 07:30 475520]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/06/2008 15:18 193840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 13:12 1112560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3645261703-2824615500-2659958386-1015Core.job
- c:\users\YellowCat Services\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 17:03]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3645261703-2824615500-2659958386-1015UA.job
- c:\users\YellowCat Services\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-07 17:03]

2010-02-21 c:\windows\Tasks\User_Feed_Synchronization-{E81EC49E-6831-4221-8D98-A3310C6CFB82}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.

**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(2548)
c:\windows\System32\NLSLexicons000c.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Heure de fin: 2010-02-21 18:40:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-21 17:40

Avant-CF: 74 952 642 560 octets libres
Après-CF: 76 855 246 848 octets libres

- - End Of File - - E9BC83D9340011AAB56C14D3427FCF25


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:23 AM

Posted 23 February 2010 - 10:56 AM

Hello YellowtheCat,

Please compare the two Combofix logs I requested and you'll see they are not the same smile.gif

Are you still having the same issues as in your first post?

UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • MBAM log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users