Picsou
-
Posts
22 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Picsou
-
-
Hello Maniac,
I will do a last test, to ensure that at start-up, that nothing happens.
-
hello Maniac,
Good news ! I uninstalled IE 8 and reinstalled it with updates and tested the redirection. And... there was no redirection. I tested numerous pages inside and outside the bank firewall and I did not get any redirection where before I had. It seems that the uninstall and reinstall after all other corrections and validations resolved the problem.
So Thank you very much . Mnogo blagodaria!
Cordialement
Picsou
-
Bonjour Maniac,
Yes, I still have the problem. Sorry if I did not come back but I was away for 3 days. I just tested it again, few minutes ago, and I still get the redirection. The Minitoolbox did not change any thing.
Cordialement,
Picsou
PS: Should I uninstall IE 8 and reinstall it?
-
Hello Maniac,
find below the Minitoolbox Result.txt report:
MiniToolBox by Farbar Version: 25-06-2012
Ran by Gilles (administrator) on 29-06-2012 at 13:30:00
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Realtek RTL8139/810X Family PCI Fast Ethernet NIC = Local Area Connection (Connected)
# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip
# Interface IP Configuration for "Local Area Connection"
set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
popd
# End of interface IP configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : owner-akf11bv1p
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810X Family PCI Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-C0-A8-80-43-45
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Lease Obtained. . . . . . . . . . : June 28, 2012 8:30:51 PM
Lease Expires . . . . . . . . . . : July 5, 2012 8:30:51 PM
Server: UnKnown
Address: 192.168.0.1
Name: google.com
Addresses: 74.125.228.100, 74.125.228.104, 74.125.228.99, 74.125.228.96
74.125.228.103, 74.125.228.101, 74.125.228.102, 74.125.228.97, 74.125.228.98
74.125.228.110, 74.125.228.105
Pinging google.com [74.125.228.66] with 32 bytes of data:
Reply from 74.125.228.66: bytes=32 time=36ms TTL=56
Reply from 74.125.228.66: bytes=32 time=36ms TTL=56
Ping statistics for 74.125.228.66:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 36ms, Average = 36ms
Server: UnKnown
Address: 192.168.0.1
Name: yahoo.com
Addresses: 72.30.38.140, 209.191.122.70, 98.139.183.24
Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=51ms TTL=55
Reply from 209.191.122.70: bytes=32 time=56ms TTL=55
Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 56ms, Average = 53ms
Server: UnKnown
Address: 192.168.0.1
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 c0 a8 80 43 45 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.100 192.168.0.100 20
192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 20
192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 20
224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 20
255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (06/29/2012 00:35:50 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Error: (06/29/2012 00:35:49 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Error: (06/29/2012 00:35:30 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Error: (06/28/2012 02:57:01 PM) (Source: Application Error) (User: )
Description: Faulting application nmindexstoresvr.exe, version 3.3.8.0, faulting module unknown, version 0.0.0.0, fault address 0x01ec9fe2.
Processing media-specific event for [nmindexstoresvr.exe!ws!]
Error: (06/27/2012 10:36:29 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Error: (06/24/2012 05:10:45 PM) (Source: Application Error) (User: )
Description: Faulting application nmindexstoresvr.exe, version 3.3.8.0, faulting module unknown, version 0.0.0.0, fault address 0x01ea3f3c.
Processing media-specific event for [nmindexstoresvr.exe!ws!]
Error: (06/23/2012 02:37:02 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19258, fault address 0x001095b3.
Processing media-specific event for [iexplore.exe!ws!]
Error: (06/22/2012 04:36:19 PM) (Source: Application Hang) (User: )
Description: Hanging application ImageReady.exe, version 3.0.1.192, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (06/22/2012 09:23:34 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (06/21/2012 10:37:58 PM) (Source: Application Error) (User: )
Description: Faulting application nmindexstoresvr.exe, version 3.3.8.0, faulting module unknown, version 0.0.0.0, fault address 0x01de5fd2.
Processing media-specific event for [nmindexstoresvr.exe!ws!]
System errors:
=============
Error: (06/29/2012 00:35:13 AM) (Source: DCOM) (User: OWNER-AKF11BV1P)
Description: DCOM got error "%%1053" attempting to start the service gusvc with arguments ""
in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
Error: (06/29/2012 00:35:13 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
Error: (06/29/2012 00:33:31 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.
Error: (06/27/2012 07:42:59 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.
Error: (06/24/2012 07:22:14 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
Error: (06/24/2012 05:13:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.
Error: (06/21/2012 01:03:07 PM) (Source: Service Control Manager) (User: )
Description: The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
Error: (06/21/2012 01:03:02 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (06/21/2012 01:03:02 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (06/21/2012 01:03:02 PM) (Source: Service Control Manager) (User: )
Description: The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (12/30/2010 01:55:42 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16093 seconds with 120 seconds of active time. This session ended with a crash.
=========================== Installed Programs ============================
AceHTML Freeware (Version: Build 11)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Photoshop 6.0 (Version: 6.0)
Adobe Photoshop Elements 8.0 (Version: 8.0)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Anti-phishing Domain Advisor (Version: 1.0.0.5)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.1.116)
ArcSoft PhotoStudio 6 (Version: 6.0.1.148)
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Bonjour (Version: 2.0.4.0)
CameraHelperMsi (Version: 13.00.1774.0)
Canon MP Navigator EX 3.1
Canon Utilities Solution Menu
CanoScan 9000F Scanner Driver
CanoScan Toolbox 4.1
Coffret de pilotes Logitech Webcam Software (Version: 12.10.1110)
Dell ResourceCD
Driver Detective (Version: 8.0.1)
DVD Solution
erLT (Version: 1.20.138.34)
ESET Online Scanner v3
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
HP Deskjet 6500 Series
ImpôtRapide 2009 (Version: 1.00.0000)
ImpôtRapide 2010 (Version: 1.00.0000)
ImpôtRapide 2011 (Version: 1.00.0000)
InCD (Version: 4.3.18.0)
iTunes (Version: 10.1.2.17)
LightScribe 1.4.74.1 (Version: 1.4.74.1)
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.00.1777.0)
LWS Gallery (Version: 13.00.1778.0)
LWS Help_main (Version: 13.00.1783.0)
LWS Launcher (Version: 13.00.1776.0)
LWS Motion Detection (Version: 13.00.1778.0)
LWS Pictures And Video (Version: 13.00.1778.0)
LWS Video Mask Maker (Version: 13.00.1774.0)
LWS VideoEffects (Version: 13.00.1774.0)
LWS Webcam Software (Version: 13.00.1774.0)
LWS WLM Plugin (Version: 1.00.1774.0)
LWS YouTube Plugin (Version: 13.00.1777.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
McAfee AntiVirus Plus (Version: 11.0.678)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Combat Flight Simulator 3 Mission Pack (Version: 3.0.0.0921)
Microsoft Combat Flight Simulator 3.1
Microsoft Download Manager (Version: 1.2.1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Arabic) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office XP Web Components (Version: 10.0.6765.0)
Microsoft Picture It! Photo 2002 (Version: 6.0.0.0000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (French) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Multimedia Launcher
MyFonts Order M3792118 (Version: 1.0)
Nero 8 (Version: 8.3.305)
Nero MediaHome CE
Nero OEM
Nero Recode CE
Nero ShowTime CE
neroxml (Version: 1.0.0)
Nikon Message Center (Version: 0.91.000)
NVIDIA Display Driver
NVIDIA Drivers
OmniPage SE (Version: 11.00.0001)
PhotoInPress BookDesigner
PictureProject (Version: 1.0)
Presto! PageManager 6
Print@Fujicolor (Version: 2.73)
QuickTime (Version: 7.69.80.9)
RegCure (Version: 2.1.0.0)
Samsung_MonSetup (Version: 1.00.0000)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.1 (Version: 5.1.112)
SoundMAX
Spybot - Search & Destroy (Version: 1.6.2)
SpyHunter (Version: 4.9.11.3987)
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VCRedistSetup (Version: 1.0.0)
WebFldrs XP (Version: 9.50.5318)
Winamp (Version: 5.572 )
Winamp Toolbar
Windows Defender (Version: 1.1.1593.21)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
========================= Devices: ================================
Name: ACPI Uniprocessor PC
Description: ACPI Uniprocessor PC
Class Guid: {4D36E966-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: ACPI
Name: Intel® Pentium® 4 CPU 1.80GHz
Description: Processor
Class Guid: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Manufacturer: Intel
Service: Processor
Name: PCI bus
Description: PCI bus
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci
Name: Intel® 82845 Processor to I/O Controller - 1A30
Description: Intel® 82845 Processor to I/O Controller - 1A30
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service:
Name: Intel® 82845 Processor to AGP Controller - 1A31
Description: Intel® 82845 Processor to AGP Controller - 1A31
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: pci
Name: NVIDIA GeForce4 MX 420
Description: NVIDIA GeForce4 MX 420
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: nv
Name: SyncMaster B2030 (Analog)
Description: SyncMaster B2030 (Analog)
Class Guid: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Manufacturer: Samsung
Service:
Name: Intel® 82801DB/DBM USB Universal Host Controller - 24C2
Description: Intel® 82801DB/DBM USB Universal Host Controller - 24C2
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Name: USB Printing Support
Description: USB Printing Support
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Microsoft
Service: usbprint
Name: HP Deskjet 6500 Series
Description: HP Deskjet 6500 Series
Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service:
Name: Intel® 82801DB/DBM USB Universal Host Controller - 24C4
Description: Intel® 82801DB/DBM USB Universal Host Controller - 24C4
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Name: Intel® 82801DB/DBM USB Universal Host Controller - 24C7
Description: Intel® 82801DB/DBM USB Universal Host Controller - 24C7
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Name: Intel® 82801DB/DBM USB 2.0 Enhanced Host Controller - 24CD
Description: Intel® 82801DB/DBM USB 2.0 Enhanced Host Controller - 24CD
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub
Name: Logitech USB Camera (Webcam 905)
Description: Logitech USB Camera (Webcam 905)
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Logitech
Service: usbccgp
Name: Logitech Webcam 905
Description: Logitech Webcam 905
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer: Logitech
Service: LVUVC
Name: Webcam 905
Description: Webcam 905
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Logitech
Service: usbaudio
Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Name: USB Audio Device
Description: USB Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Generic USB Audio)
Service: usbaudio
Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Manufacturer: (Standard system devices)
Service: HidUsb
Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Manufacturer: Microsoft
Service:
Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Manufacturer: (Standard system devices)
Service: HidUsb
Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: mouhid
Name: Intel® 82801DB PCI Bridge - 244E
Description: Intel® 82801DB PCI Bridge - 244E
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: pci
Name: SoftV90 Data Fax Modem
Description: SoftV90 Data Fax Modem
Class Guid: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Manufacturer: CXT
Service: Modem
Name: Realtek RTL8139/810X Family PCI Fast Ethernet NIC
Description: Realtek RTL8139/810X Family PCI Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8139
Name: Intel® 82801DB LPC Interface Controller - 24C0
Description: Intel® 82801DB LPC Interface Controller - 24C0
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: isapnp
Name: ISAPNP Read Data Port
Description: ISAPNP Read Data Port
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:
Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:
Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:
Name: System timer
Description: System timer
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:
Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:
Name: System speaker
Description: System speaker
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:
Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:
Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Serial
Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Name: Floppy disk drive
Description: Floppy disk drive
Class Guid: {4D36E980-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk drives)
Service: flpydisk
Name: ECP Printer Port (LPT1)
Description: ECP Printer Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Parport
Name: Printer Port Logical Interface
Description: Printer Port Logical Interface
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:
Name: Intel® 82802 Firmware Hub Device
Description: Intel® 82802 Firmware Hub Device
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service:
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:
Name: Intel® 82801DB Ultra ATA Storage Controller - 24CB
Description: Intel® 82801DB Ultra ATA Storage Controller - 24CB
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: pciide
Name: Primary IDE Channel
Description: Primary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Name: MAXTOR 6L040J2
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk
Name: MAXTOR STM3200820A
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk
Name: Secondary IDE Channel
Description: Secondary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Name: HL-DT-ST DVD-RAM GSA-H22L
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Name: _NEC NR-7900A
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Name: Intel® 82801DB/DBM SMBus Controller - 24C3
Description: Intel® 82801DB/DBM SMBus Controller - 24C3
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service:
Name: SoundMAX Integrated Digital Audio
Description: SoundMAX Integrated Digital Audio
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Analog Devices, Inc.
Service: smwdm
Name: System board
Description: System board
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:
Name: ACPI Sleep Button
Description: ACPI Sleep Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:
Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:
Name: Volume Manager
Description: Volume Manager
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: ftdisk
Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:
Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:
Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:
Name: AFD Networking Support Environment
Description: AFD Networking Support Environment
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD
Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Name: catchme
Description: catchme
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: catchme
Name: McAfee Inc. cfwids
Description: McAfee Inc. cfwids
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: cfwids
Name: dmboot
Description: dmboot
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: dmboot
Name: dmload
Description: dmload
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: dmload
Name: esgiguard
Description: esgiguard
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: esgiguard
Name: Fallback
Description: Fallback
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Fallback
Name: Fips
Description: Fips
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Fips
Name: Fsks
Description: Fsks
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Fsks
Name: Generic Packet Classifier
Description: Generic Packet Classifier
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Gpc
Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP
Name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IpFilterDriver
Name: IP Network Address Translator
Description: IP Network Address Translator
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IpNat
Name: IPSEC driver
Description: IPSEC driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IPSec
Name: K56
Description: K56
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: K56
Name: ksecdd
Description: ksecdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ksecdd
Name: Logitech LVPr2Mon Driver
Description: Logitech LVPr2Mon Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LVPr2Mon
Name: mdmxsdk
Description: mdmxsdk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mdmxsdk
Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfeapfk
Name: McAfee Inc. mfeavfk
Description: McAfee Inc. mfeavfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfeavfk
Name: McAfee Inc.
Description: McAfee Inc.
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfeavfk01
Name: McAfee Inc. mfebopk
Description: McAfee Inc. mfebopk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfebopk
Name: McAfee Inc. mfefirek
Description: McAfee Inc. mfefirek
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfefirek
Name: McAfee Inc. mfehidk
Description: McAfee Inc. mfehidk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfehidk
Name: McAfee Inc. mferkdet
Description: McAfee Inc. mferkdet
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mferkdet
Name: McAfee Inc. mfetdi2k
Description: McAfee Inc. mfetdi2k
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfetdi2k
Name: mnmdd
Description: mnmdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mnmdd
Name: mountmgr
Description: mountmgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr
Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS
Name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NdisTapi
Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Ndisuio
Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy
Name: NetBios over Tcpip
Description: NetBios over Tcpip
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT
Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null
Name: OMCI
Description: OMCI
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: OMCI
Name: PartMgr
Description: PartMgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PartMgr
Name: ParVdm
Description: ParVdm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ParVdm
Name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RasAcd
Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD
Name: Secdrv
Description: Secdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Secdrv
Name: SoftFax
Description: SoftFax
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SoftFax
Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip
Name: Tones
Description: Tones
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tones
Name: V124
Description: V124
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: V124
Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave
Name: VolSnap
Description: VolSnap
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VolSnap
Name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarp
Name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Description: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WS2IFSL
Name: Audio Codecs
Description: Audio Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Name: Legacy Audio Drivers
Description: Legacy Audio Drivers
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Name: Media Control Devices
Description: Media Control Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Name: Legacy Video Capture Devices
Description: Legacy Video Capture Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Name: Video Codecs
Description: Video Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub
Name: WAN Miniport (IP) - McAfee Core NDIS Intermediate Filter Miniport
Description: McAfee Core NDIS Intermediate Filter Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: McAfee
Service: mfendiskmp
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC - McAfee Core NDIS Intermediate Filter Miniport
Description: McAfee Core NDIS Intermediate Filter Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: McAfee
Service: mfendiskmp
Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Rasl2tp
Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NdisWan
Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: RasPppoe
Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PptpMiniport
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched
Name: WAN Miniport (IP) - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched
Name: Direct Parallel
Description: Direct Parallel
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Raspti
Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD
Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD
Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: swenum
Name: Microsoft WINMM WDM Audio Compatibility Driver
Description: Microsoft WINMM WDM Audio Compatibility Driver
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: wdmaud
Name: Microsoft Kernel System Audio Device
Description: Microsoft Kernel System Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: sysaudio
Name: RAS Async Adapter
Description: RAS Async Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: AsyncMac
Name: Microsoft Kernel Wave Audio Mixer
Description: Microsoft Kernel Wave Audio Mixer
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: kmixer
Name: Microcode Update Device
Description: Microcode Update Device
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: update
Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: mssmbios
========================= Memory info: ===================================
Percentage of memory in use: 65%
Total physical RAM: 766.8 MB
Available physical RAM: 266.03 MB
Total Pagefile: 1876.23 MB
Available Pagefile: 1182.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.49 MB
========================= Partitions: =====================================
2 Drive c: () (Fixed) (Total:37.24 GB) (Free:5.45 GB) NTFS
3 Drive d: (DRV2_VOL1) (Fixed) (Total:186.31 GB) (Free:88.76 GB) NTFS
========================= Users: ========================================
User accounts for \\OWNER-AKF11BV1P
Administrator Gilles Guest
H‚lŠne HelpAssistant Owner
SUPPORT_388945a0
========================= Minidump Files ==================================
No minidump file found
**** End of log ****
Cordialement,
Picsou
-
hello Maniac,
Did the Microsoft FixIt as instructed. Did it 3 times, 1 for my partition, 1 for my wife and 1 for the Admin. Each time, I closed IE and restarted it.
After that, I retested the redirection. I found an advertisement on the welcome page of the bank before accessing the bank site. this advertisement has an URL similar to the one inside the bank site. So I clicked on it and was redirected to the Panda site: www.cloudantivirus.com. The URL was: https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=653267&r=9878
I also did a test: In a word file, I created an hyperlink with the url: https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=653267&r=9878 and surprise, when I clicked on it, I was not redirected to the Panda web site but to the real web page related to the advertisement.
I am not sure if this could help you
What is next?.
Regards,
Picsou
-
Bonjour Maniac,
I just tested the advertisement link within my bank web site and I am still getting a redirection. I navigated within the web site and found another advertisement that had a similar url : (ex:https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=26192) and this one also redirected me to a web page advertising a Panda AV website. When I clicked to other advertisement that had a URL not starting with " https://rbc.bridgetrack.com..." , I did not get any redirection.
I had my work Portable PC opened and i went to the bank web site. But this time there was no redirection when I clicked on the same advertisement.
The only thing I can conclude is the following:
1. I still have redirection with my PC .
2. Seems to happens when the url is starting with : https://rbc.bridgetrack.com/..."
The problem is not yet resolved.
Cordialement
Picsou
-
Bonjour Maniac,
i was waiting for the next step... but was away for the last 3 days. Not sure what progress you refer to ? I do not want to test the redirection (i-e clicking on the advertisement) until we are finished. Should I test it?
Cordialement,
Picsou
-
Bonjour Maniac,
See below, I posted the OTL Custom Scan Fixes:
All processes killed
========== OTL ==========
C:\Documents and Settings\Gilles\Application Data\Uniblue folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\widgets_cache folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\weather folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\shopping folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\games folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\coupons folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\widgets\net.vmn.www.Shopzilla folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\widgets folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\scripts folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\css folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\js folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\images folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\css folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\mystarttb folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\widgets_cache folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\weather folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\shopping folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\search folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\games folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\coupons folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\scripts folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\css folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\js folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\images folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\css folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb\chrome folder moved successfully.
C:\Documents and Settings\Owner\Application Data\mystarttb folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Gilles\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Gilles\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Elise
User: Gilles
->Temp folder emptied: 140755237 bytes
->Temporary Internet Files folder emptied: 551219270 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3271 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Hélène
->Temp folder emptied: 522615 bytes
->Temporary Internet Files folder emptied: 55784839 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 790 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 7202 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Premier ministre
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 543044 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 714.00 mb
Error creating restore point.
OTL by OldTimer - Version 3.2.50.0 log created on 06212012_130252
Files\Folders moved on Reboot...
C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\T7WT2ATW\index[2].htm moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\MWHCHZI9\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\CB61PKRI\fastbutton[2].htm moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\TMP0000000DE3230FC4610EF0B7 not found!
Registry entries deleted on Reboot...
what is next?
Cordialement,
Picsou
-
Bonjour Maniac,
I have done
1. Step 1: Deleting 22:52:20.0000 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip with TDSSKiller. Note that when TDSSKiller has completed the cure (deletion) and quarantined some files, a pop-up message by McAfee Antivirus Plus indicated it had detected a threat and repaired it, a trojan named: DNSChanger.as . (I am unable to paste an image into the post???)
The message was as follows:
- Scan Type: Real time- Threat detected:DNSCharger.as(trojan)- Status: repaired (removed)- File: C:\TDSSKiller_Quarantine\20.06.2012_18:52:07\tdlfs0000\tsk0003.dta- process description: TDSS rootkit removal toolIs this meaningful to you?
2 Step 2 with OTL: find below both reports :
OTL,txt :
OTL logfile created on: 20/06/2012 7:18:25 PM - Run 2
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Gilles\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
766.80 Mb Total Physical Memory | 319.66 Mb Available Physical Memory | 41.69% Memory free
1.83 Gb Paging File | 1.25 Gb Available in Paging File | 68.32% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 4.75 Gb Free Space | 12.75% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 88.92 Gb Free Space | 47.73% Space Free | Partition Type: NTFS
Computer Name: OWNER-AKF11BV1P | User Name: Gilles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/20 19:15:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gilles\Desktop\OTL.exe
PRC - [2012/06/02 14:58:48 | 000,763,840 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2011/01/19 11:02:44 | 000,232,104 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/12/02 15:29:52 | 002,221,352 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2008/06/24 17:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/07/08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2001/03/15 08:18:18 | 000,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
========== Modules (No Company Name) ==========
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/02/13 13:44:56 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/02/13 13:44:52 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/02/13 13:44:52 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2001/10/11 16:34:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/02 14:58:48 | 000,763,840 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/12/26 21:08:39 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2006/11/03 19:20:06 | 000,271,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/07/08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010/05/14 18:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/14 18:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 905(UVC)
DRV - [2010/05/14 18:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2005/07/08 18:17:56 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005/07/08 18:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 18:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/07/08 11:17:31 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2001/09/03 17:14:38 | 000,025,454 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2001/08/17 09:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 09:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 09:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 09:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 09:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 09:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 09:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 09:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 09:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lactualite.com/
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 2F 15 F6 72 8A CA 01 [binary data]
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enCA359
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\programs\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/06/20 19:06:33 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/23 18:30:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/06/20 19:22:22 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012/06/15 09:46:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120429230329.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..Trusted Domains: gouv.qc.ca ([www.registrefoncier] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261492779045 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268959760125 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {DB28CF23-0083-40B5-BF63-69925D672385} http://www.nero.com/doc/NeroVersionChecker.cab (CNeroSerialChecker Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://infolot.mrnf.gouv.qc.ca/ACGM/acgm.cab (ActiveCGM Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{195DA4A8-BFF1-4173-9F08-100DA3E0C850}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-ir2009 {E4616804-F2F8-4839-B728-5305004DA6A7} - C:\Program Files\ImpotRapide 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-ir2011 {DFF68B15-A8D3-420b-B32C-E9554E2F5C15} - C:\Program Files\ImpotRapide 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/21 18:46:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/05 14:52:34 | 000,000,000 | ---D | M] - D:\autoplay cd -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/20 19:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/06/20 19:14:59 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gilles\Desktop\OTL.exe
[2012/06/20 18:58:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/19 08:01:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/06/18 21:11:54 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gilles\Desktop\tdsskiller.exe
[2012/06/18 11:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2012/06/18 11:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilles\My Documents\My Downloads
[2012/06/18 11:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2012/06/18 11:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2012/06/15 15:58:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/15 11:03:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/13 22:57:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/13 22:51:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/13 22:51:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/13 22:51:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/13 22:51:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/13 22:50:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/06/13 22:47:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/12 22:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/12 17:57:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/12 12:16:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Gilles\Desktop\aswMBR.exe
[2012/06/08 19:07:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/06/08 19:07:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gilles\Start Menu\Programs\Administrative Tools
[2012/06/08 19:01:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Gilles\Desktop\dds.scr
[2012/06/08 14:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilles\Start Menu\Programs\SpyHunter
[2012/06/08 14:32:02 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/06/08 14:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/06/08 14:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/05/31 17:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/31 17:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/31 17:55:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== Files - Modified Within 30 Days ==========
[2012/06/20 19:15:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gilles\Desktop\OTL.exe
[2012/06/20 19:12:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/20 19:08:36 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/06/20 19:05:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/20 19:05:15 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2012/06/20 19:05:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/20 19:04:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/06/20 19:04:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/06/20 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2012/06/19 23:23:20 | 137,525,896 | ---- | M] () -- C:\Documents and Settings\Gilles\Desktop\setup_11.0.0.1245.x01_2012_06_19_21_12.exe
[2012/06/18 21:50:39 | 137,503,544 | ---- | M] () -- C:\Documents and Settings\Gilles\Desktop\setup_11.0.0.1245.x01_2012_06_18_19_12.exe
[2012/06/18 21:14:44 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gilles\Desktop\tdsskiller.exe
[2012/06/18 11:31:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/18 11:30:31 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/15 17:34:16 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/06/15 09:46:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/14 00:05:50 | 000,245,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 22:57:56 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/13 22:06:24 | 000,434,270 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 22:06:24 | 000,068,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 21:46:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/12 21:04:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2012/06/12 13:23:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Gilles\Desktop\MBR.dat
[2012/06/12 12:16:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Gilles\Desktop\aswMBR.exe
[2012/06/10 03:06:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2012/06/08 19:01:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Gilles\Desktop\dds.scr
[2012/06/08 14:32:20 | 000,001,975 | ---- | M] () -- C:\Documents and Settings\Gilles\Desktop\SpyHunter.lnk
[2012/06/06 09:15:46 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Gilles\Application Data\default.pls
[2012/05/31 17:56:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/28 21:31:17 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Gilles\Desktop\MyFonts Order M3792118.msi
[2012/05/24 16:55:47 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Gilles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2012/06/19 23:19:37 | 137,525,896 | ---- | C] () -- C:\Documents and Settings\Gilles\Desktop\setup_11.0.0.1245.x01_2012_06_19_21_12.exe
[2012/06/18 21:48:53 | 137,503,544 | ---- | C] () -- C:\Documents and Settings\Gilles\Desktop\setup_11.0.0.1245.x01_2012_06_18_19_12.exe
[2012/06/18 11:36:05 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/06/18 11:32:51 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/06/18 11:30:31 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/06/13 22:57:56 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/13 22:57:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/13 22:51:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/13 22:51:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/13 22:51:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/13 22:51:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/13 22:51:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/12 21:04:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2012/06/12 13:23:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Gilles\Desktop\MBR.dat
[2012/06/08 14:32:20 | 000,001,975 | ---- | C] () -- C:\Documents and Settings\Gilles\Desktop\SpyHunter.lnk
[2012/05/31 17:56:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/28 21:30:46 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\Gilles\Desktop\MyFonts Order M3792118.msi
[2012/02/15 22:50:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/18 22:33:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2011/12/18 22:33:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2011/05/29 22:29:14 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2011/05/29 21:09:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/29 21:09:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/26 00:07:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/12/26 20:17:12 | 000,786,504 | ---- | C] () -- C:\WINDOWS\System32\CNQ9602N.DAT
[2010/12/26 20:17:12 | 000,296,064 | ---- | C] () -- C:\WINDOWS\System32\CNQ9602W.DAT
[2010/07/16 22:50:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/16 22:29:25 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
========== LOP Check ==========
[2011/12/21 19:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2011/12/18 17:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/12/26 20:21:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/12/26 20:52:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2009/12/23 00:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/12/26 21:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/01/08 20:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/12/22 13:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/05/29 13:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/01/04 08:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/12/22 12:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/12/22 12:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2011/05/29 13:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/12/23 00:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/02/22 00:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/20 22:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/26 20:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Canon
[2006/05/05 23:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\HotSync
[2008/01/02 13:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\ImageMatics
[2004/10/29 19:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Inspiration Software
[2002/08/26 21:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\InterTrust
[2011/03/21 00:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\LANCITE
[2010/07/16 22:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Leadertech
[2006/12/30 22:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\muvee Technologies
[2008/02/18 01:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Netscape
[2003/01/25 01:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\NewSoft
[2006/12/30 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Nikon
[2003/01/26 02:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\NSBackup
[2011/02/05 11:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\PhotoInPress
[2003/12/14 00:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Qualcomm
[2003/01/24 23:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\ScanSoft
[2008/01/08 22:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\STOIK
[2009/03/29 12:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Uniblue
[2008/12/30 22:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\XnView
[2012/06/15 17:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\Canon
[2011/12/22 11:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\mystarttb
[2011/12/22 12:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\Nikon
[2011/02/05 10:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\PhotoInPress
[2010/01/15 23:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\Qualcomm
[2008/08/26 23:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\Vidéotron
[2009/12/23 01:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/12/24 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2009/12/22 12:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2012/06/01 13:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mystarttb
[2009/12/23 00:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NewSoft
[2009/12/31 22:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2010/01/15 22:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Qualcomm
[2009/12/22 12:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2012/06/20 19:08:36 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/06/20 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2012/06/20 19:05:15 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2012/06/10 03:06:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
========== Purity Check ==========
< End of report >
And for the EXTRAS.txt file, i did not see it. I looked where the OTL.txt file was recorded but did not see any EXTRAs.txt file other than the one of June 12.
Is this OK?
Cordialement,
Picsou
-
Bonjour Maniac,
Find below the TDSSKiller file. Note that I am unable to send you the Virus Removal Tool (Kaspersky) file, because for some reasons it scanned all my hard drives including the Backup drive, even if it was not ticked in the Parameters screen. After 24 hours, I stopped it when will run it again tonight and send it to you tomorrow. But I was able to see that it did not detect any Threats on drive C, D and G.
The TDSSKiller file:
22:46:41.0671 2960 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
22:46:43.0671 2960 ============================================================
22:46:43.0671 2960 Current date / time: 2012/06/19 22:46:43.0671
22:46:43.0671 2960 SystemInfo:
22:46:43.0671 2960
22:46:43.0671 2960 OS Version: 5.1.2600 ServicePack: 3.0
22:46:43.0671 2960 Product type: Workstation
22:46:43.0671 2960 ComputerName: OWNER-AKF11BV1P
22:46:43.0671 2960 UserName: Gilles
22:46:43.0671 2960 Windows directory: C:\WINDOWS
22:46:43.0671 2960 System windows directory: C:\WINDOWS
22:46:43.0671 2960 Processor architecture: Intel x86
22:46:43.0671 2960 Number of processors: 1
22:46:43.0671 2960 Page size: 0x1000
22:46:43.0671 2960 Boot type: Normal boot
22:46:43.0671 2960 ============================================================
22:46:49.0375 2960 Drive \Device\Harddisk0\DR0 - Size: 0x951CC0000 (37.28 Gb), SectorSize: 0x200, Cylinders: 0x1302, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:46:49.0390 2960 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:46:49.0390 2960 ============================================================
22:46:49.0390 2960 \Device\Harddisk0\DR0:
22:46:49.0390 2960 MBR partitions:
22:46:49.0390 2960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4A796BD
22:46:49.0390 2960 \Device\Harddisk1\DR1:
22:46:49.0390 2960 MBR partitions:
22:46:49.0390 2960 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82
22:46:49.0390 2960 ============================================================
22:46:49.0468 2960 C: <-> \Device\Harddisk0\DR0\Partition0
22:46:49.0515 2960 D: <-> \Device\Harddisk1\DR1\Partition0
22:46:49.0515 2960 ============================================================
22:46:49.0515 2960 Initialize success
22:46:49.0515 2960 ============================================================
22:47:04.0171 0156 ============================================================
22:47:04.0171 0156 Scan started
22:47:04.0171 0156 Mode: Manual; SigCheck; TDLFS;
22:47:04.0171 0156 ============================================================
22:47:04.0609 0156 Abiosdsk - ok
22:47:04.0625 0156 abp480n5 - ok
22:47:04.0750 0156 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:47:05.0859 0156 ACDaemon - ok
22:47:05.0906 0156 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:47:08.0078 0156 ACPI - ok
22:47:08.0125 0156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:47:08.0718 0156 ACPIEC - ok
22:47:08.0968 0156 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) D:\Program Files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
22:47:09.0234 0156 AdobeActiveFileMonitor8.0 - ok
22:47:09.0250 0156 adpu160m - ok
22:47:09.0328 0156 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
22:47:09.0734 0156 aeaudio - ok
22:47:09.0796 0156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:47:10.0234 0156 aec - ok
22:47:10.0296 0156 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:47:10.0718 0156 AFD - ok
22:47:10.0750 0156 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:47:11.0140 0156 agp440 - ok
22:47:11.0171 0156 Aha154x - ok
22:47:11.0187 0156 aic78u2 - ok
22:47:11.0203 0156 aic78xx - ok
22:47:11.0250 0156 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:47:11.0640 0156 Alerter - ok
22:47:11.0671 0156 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:47:12.0093 0156 ALG - ok
22:47:12.0109 0156 AliIde - ok
22:47:12.0125 0156 amsint - ok
22:47:12.0250 0156 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:47:12.0500 0156 Apple Mobile Device - ok
22:47:12.0515 0156 AppMgmt - ok
22:47:12.0531 0156 asc - ok
22:47:12.0546 0156 asc3350p - ok
22:47:12.0578 0156 asc3550 - ok
22:47:12.0718 0156 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:47:13.0093 0156 aspnet_state - ok
22:47:13.0140 0156 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:47:13.0593 0156 AsyncMac - ok
22:47:13.0640 0156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:47:14.0000 0156 atapi - ok
22:47:14.0015 0156 Atdisk - ok
22:47:14.0062 0156 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:47:14.0609 0156 Atmarpc - ok
22:47:14.0656 0156 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:47:15.0093 0156 AudioSrv - ok
22:47:15.0156 0156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:47:15.0671 0156 audstub - ok
22:47:15.0703 0156 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
22:47:16.0500 0156 basic2 - ok
22:47:16.0562 0156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:47:17.0109 0156 Beep - ok
22:47:17.0203 0156 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:47:17.0656 0156 BITS - ok
22:47:17.0765 0156 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
22:47:17.0828 0156 Bonjour Service - ok
22:47:17.0890 0156 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:47:18.0312 0156 Browser - ok
22:47:18.0343 0156 catchme - ok
22:47:18.0390 0156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:47:18.0937 0156 cbidf2k - ok
22:47:19.0000 0156 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:47:19.0453 0156 CCDECODE - ok
22:47:19.0468 0156 cd20xrnt - ok
22:47:19.0531 0156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:47:20.0031 0156 Cdaudio - ok
22:47:20.0093 0156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:47:20.0515 0156 Cdfs - ok
22:47:20.0562 0156 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:47:21.0000 0156 Cdrom - ok
22:47:21.0078 0156 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\WINDOWS\system32\drivers\cfwids.sys
22:47:21.0125 0156 cfwids - ok
22:47:21.0140 0156 Changer - ok
22:47:21.0218 0156 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:47:21.0640 0156 cisvc - ok
22:47:21.0671 0156 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:47:22.0093 0156 ClipSrv - ok
22:47:22.0234 0156 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:47:22.0421 0156 clr_optimization_v2.0.50727_32 - ok
22:47:22.0437 0156 CmdIde - ok
22:47:22.0453 0156 COMSysApp - ok
22:47:22.0484 0156 Cpqarray - ok
22:47:22.0546 0156 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:47:22.0953 0156 CryptSvc - ok
22:47:22.0968 0156 dac2w2k - ok
22:47:22.0984 0156 dac960nt - ok
22:47:23.0093 0156 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:47:23.0296 0156 DcomLaunch - ok
22:47:23.0375 0156 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:47:23.0750 0156 Dhcp - ok
22:47:23.0781 0156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:47:24.0203 0156 Disk - ok
22:47:24.0218 0156 dmadmin - ok
22:47:24.0281 0156 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:47:24.0781 0156 dmboot - ok
22:47:24.0812 0156 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:47:25.0234 0156 dmio - ok
22:47:25.0281 0156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:47:25.0796 0156 dmload - ok
22:47:25.0843 0156 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:47:26.0234 0156 dmserver - ok
22:47:26.0296 0156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:47:26.0703 0156 DMusic - ok
22:47:26.0750 0156 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:47:27.0000 0156 Dnscache - ok
22:47:27.0062 0156 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:47:27.0500 0156 Dot3svc - ok
22:47:27.0500 0156 dpti2o - ok
22:47:27.0546 0156 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:47:27.0984 0156 drmkaud - ok
22:47:28.0046 0156 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:47:28.0437 0156 EapHost - ok
22:47:28.0484 0156 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:47:28.0890 0156 ERSvc - ok
22:47:29.0046 0156 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
22:47:29.0500 0156 esgiguard - ok
22:47:29.0562 0156 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:47:29.0687 0156 Eventlog - ok
22:47:29.0781 0156 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
22:47:29.0953 0156 EventSystem - ok
22:47:30.0046 0156 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
22:47:30.0609 0156 Fallback - ok
22:47:30.0671 0156 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:47:31.0093 0156 Fastfat - ok
22:47:31.0171 0156 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:47:31.0328 0156 FastUserSwitchingCompatibility - ok
22:47:31.0453 0156 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
22:47:31.0890 0156 Fax - ok
22:47:31.0906 0156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:47:32.0343 0156 Fdc - ok
22:47:32.0421 0156 FilterService (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
22:47:32.0921 0156 FilterService - ok
22:47:32.0968 0156 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:47:33.0375 0156 Fips - ok
22:47:33.0468 0156 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:47:34.0000 0156 FLEXnet Licensing Service - ok
22:47:34.0078 0156 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:47:34.0484 0156 Flpydisk - ok
22:47:34.0593 0156 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:47:35.0000 0156 FltMgr - ok
22:47:35.0187 0156 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:47:35.0265 0156 FontCache3.0.0.0 - ok
22:47:35.0343 0156 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
22:47:36.0046 0156 Fsks - ok
22:47:36.0109 0156 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:47:36.0671 0156 Fs_Rec - ok
22:47:36.0703 0156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:47:37.0250 0156 Ftdisk - ok
22:47:37.0328 0156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:47:37.0593 0156 GEARAspiWDM - ok
22:47:37.0640 0156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:47:38.0062 0156 Gpc - ok
22:47:38.0281 0156 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
22:47:38.0328 0156 gupdate - ok
22:47:38.0375 0156 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
22:47:38.0421 0156 gupdatem - ok
22:47:38.0515 0156 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:47:38.0765 0156 gusvc - ok
22:47:38.0890 0156 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:47:39.0296 0156 helpsvc - ok
22:47:39.0359 0156 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:47:39.0750 0156 HidServ - ok
22:47:39.0828 0156 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:47:40.0234 0156 HidUsb - ok
22:47:40.0296 0156 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:47:40.0703 0156 hkmsvc - ok
22:47:40.0734 0156 hpn - ok
22:47:40.0750 0156 hpt3xx - ok
22:47:40.0859 0156 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
22:47:41.0671 0156 HSFHWBS2 - ok
22:47:42.0109 0156 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
22:47:42.0671 0156 HSF_DP - ok
22:47:42.0734 0156 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
22:47:43.0500 0156 hsf_msft - ok
22:47:43.0578 0156 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:47:43.0703 0156 HTTP - ok
22:47:43.0750 0156 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:47:44.0171 0156 HTTPFilter - ok
22:47:44.0187 0156 i2omgmt - ok
22:47:44.0203 0156 i2omp - ok
22:47:44.0265 0156 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:47:44.0671 0156 i8042prt - ok
22:47:44.0781 0156 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:47:45.0031 0156 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:47:45.0031 0156 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:47:45.0296 0156 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:47:45.0828 0156 idsvc - ok
22:47:45.0875 0156 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
22:47:46.0281 0156 Imapi - ok
22:47:46.0328 0156 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:47:46.0750 0156 ImapiService - ok
22:47:46.0812 0156 InCDfs (b87fc7c71632240dac8f4d20e9ce8377) C:\WINDOWS\system32\drivers\InCDfs.sys
22:47:47.0062 0156 InCDfs ( UnsignedFile.Multi.Generic ) - warning
22:47:47.0062 0156 InCDfs - detected UnsignedFile.Multi.Generic (1)
22:47:47.0093 0156 InCDPass (2e878405128ec98886eb9c2216ac7bd6) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
22:47:47.0343 0156 InCDPass ( UnsignedFile.Multi.Generic ) - warning
22:47:47.0343 0156 InCDPass - detected UnsignedFile.Multi.Generic (1)
22:47:47.0359 0156 InCDrec (ddf078917a42f105385d7eb6debb3433) C:\WINDOWS\system32\drivers\InCDrec.sys
22:47:47.0609 0156 InCDrec ( UnsignedFile.Multi.Generic ) - warning
22:47:47.0609 0156 InCDrec - detected UnsignedFile.Multi.Generic (1)
22:47:47.0656 0156 incdrm (7f352360e947ad2cd4ba60de27b1a299) C:\WINDOWS\system32\drivers\incdrm.sys
22:47:47.0937 0156 incdrm ( UnsignedFile.Multi.Generic ) - warning
22:47:47.0937 0156 incdrm - detected UnsignedFile.Multi.Generic (1)
22:47:48.0093 0156 InCDsrv (e9372a17c22fc4e5c9fd8798a97775fc) C:\Program Files\Ahead\InCD\InCDsrv.exe
22:47:48.0515 0156 InCDsrv ( UnsignedFile.Multi.Generic ) - warning
22:47:48.0515 0156 InCDsrv - detected UnsignedFile.Multi.Generic (1)
22:47:48.0546 0156 ini910u - ok
22:47:48.0562 0156 IntelIde - ok
22:47:48.0625 0156 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:47:49.0015 0156 ip6fw - ok
22:47:49.0078 0156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:47:49.0593 0156 IpFilterDriver - ok
22:47:49.0609 0156 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:47:49.0984 0156 IpInIp - ok
22:47:50.0031 0156 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:47:50.0437 0156 IpNat - ok
22:47:50.0562 0156 iPod Service (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe
22:47:51.0015 0156 iPod Service - ok
22:47:51.0062 0156 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:47:51.0468 0156 IPSec - ok
22:47:51.0515 0156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:47:51.0921 0156 IRENUM - ok
22:47:51.0984 0156 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:47:52.0390 0156 isapnp - ok
22:47:52.0484 0156 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
22:47:53.0234 0156 K56 - ok
22:47:53.0250 0156 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:47:53.0640 0156 Kbdclass - ok
22:47:53.0687 0156 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:47:54.0093 0156 kmixer - ok
22:47:54.0171 0156 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:47:54.0328 0156 KSecDD - ok
22:47:54.0375 0156 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:47:54.0578 0156 lanmanserver - ok
22:47:54.0640 0156 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:47:54.0781 0156 lanmanworkstation - ok
22:47:54.0796 0156 lbrtfdc - ok
22:47:54.0968 0156 LightScribeService (faab52b7766409d702b99fe5553dc34f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:47:55.0187 0156 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:47:55.0187 0156 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:47:55.0250 0156 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:47:55.0656 0156 LmHosts - ok
22:47:55.0718 0156 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
22:47:56.0156 0156 LVPr2Mon - ok
22:47:56.0250 0156 LVPrcSrv (2333057542c91ae8228bdccc2e5f2632) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
22:47:56.0531 0156 LVPrcSrv - ok
22:47:56.0593 0156 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
22:47:57.0031 0156 LVRS - ok
22:47:57.0453 0156 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
22:47:58.0484 0156 LVUVC - ok
22:47:58.0687 0156 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
22:47:58.0734 0156 McAfee SiteAdvisor Service - ok
22:47:58.0859 0156 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
22:47:58.0921 0156 McComponentHostService - ok
22:47:59.0109 0156 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:47:59.0156 0156 McMPFSvc - ok
22:47:59.0171 0156 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:47:59.0218 0156 mcmscsvc - ok
22:47:59.0234 0156 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:47:59.0296 0156 McNaiAnn - ok
22:47:59.0312 0156 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:47:59.0375 0156 McNASvc - ok
22:47:59.0515 0156 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
22:47:59.0578 0156 McODS - ok
22:47:59.0609 0156 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:47:59.0656 0156 McProxy - ok
22:47:59.0812 0156 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:47:59.0859 0156 McShield - ok
22:48:00.0015 0156 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:48:00.0453 0156 mdmxsdk - ok
22:48:00.0546 0156 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:48:00.0937 0156 Messenger - ok
22:48:01.0031 0156 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\WINDOWS\system32\drivers\mfeapfk.sys
22:48:01.0078 0156 mfeapfk - ok
22:48:01.0109 0156 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\WINDOWS\system32\drivers\mfeavfk.sys
22:48:01.0187 0156 mfeavfk - ok
22:48:01.0218 0156 mfeavfk01 - ok
22:48:01.0296 0156 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\WINDOWS\system32\drivers\mfebopk.sys
22:48:01.0343 0156 mfebopk - ok
22:48:01.0390 0156 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:48:01.0468 0156 mfefire - ok
22:48:01.0578 0156 mfefirek (4ea6ff90015424517843e931448e00f1) C:\WINDOWS\system32\drivers\mfefirek.sys
22:48:01.0859 0156 mfefirek - ok
22:48:01.0937 0156 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\WINDOWS\system32\drivers\mfehidk.sys
22:48:02.0453 0156 mfehidk - ok
22:48:02.0515 0156 mfendisk (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
22:48:02.0796 0156 mfendisk - ok
22:48:02.0812 0156 mfendiskmp (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
22:48:02.0875 0156 mfendiskmp - ok
22:48:02.0937 0156 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\WINDOWS\system32\drivers\mferkdet.sys
22:48:03.0203 0156 mferkdet - ok
22:48:03.0234 0156 mfetdi2k (070d3faf2eac417c59d8674a8752f7a6) C:\WINDOWS\system32\drivers\mfetdi2k.sys
22:48:03.0484 0156 mfetdi2k - ok
22:48:03.0578 0156 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
22:48:03.0875 0156 mfevtp - ok
22:48:03.0937 0156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:48:04.0468 0156 mnmdd - ok
22:48:04.0531 0156 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
22:48:04.0953 0156 mnmsrvc - ok
22:48:05.0000 0156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:48:05.0390 0156 Modem - ok
22:48:05.0453 0156 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:48:05.0859 0156 Mouclass - ok
22:48:05.0921 0156 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:48:06.0453 0156 mouhid - ok
22:48:06.0500 0156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:48:06.0890 0156 MountMgr - ok
22:48:06.0906 0156 mraid35x - ok
22:48:06.0953 0156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:48:07.0375 0156 MRxDAV - ok
22:48:07.0531 0156 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:48:08.0093 0156 MRxSmb - ok
22:48:08.0156 0156 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
22:48:08.0578 0156 MSDTC - ok
22:48:08.0640 0156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:48:09.0046 0156 Msfs - ok
22:48:09.0062 0156 MSIServer - ok
22:48:09.0109 0156 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:48:09.0500 0156 MSKSSRV - ok
22:48:09.0546 0156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:48:09.0953 0156 MSPCLOCK - ok
22:48:10.0031 0156 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:48:10.0437 0156 MSPQM - ok
22:48:10.0500 0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:48:10.0906 0156 mssmbios - ok
22:48:10.0968 0156 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:48:11.0359 0156 MSTEE - ok
22:48:11.0406 0156 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:48:11.0765 0156 Mup - ok
22:48:11.0828 0156 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:48:12.0218 0156 NABTSFEC - ok
22:48:12.0312 0156 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:48:12.0781 0156 napagent - ok
22:48:12.0828 0156 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:48:13.0250 0156 NDIS - ok
22:48:13.0265 0156 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:48:13.0656 0156 NdisIP - ok
22:48:13.0703 0156 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:48:14.0046 0156 NdisTapi - ok
22:48:14.0109 0156 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:48:14.0468 0156 Ndisuio - ok
22:48:14.0515 0156 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:48:14.0937 0156 NdisWan - ok
22:48:14.0968 0156 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:48:15.0312 0156 NDProxy - ok
22:48:15.0578 0156 Nero BackItUp Scheduler 3 (78073f606ae3b24f6c1f555759aa8511) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
22:48:16.0031 0156 Nero BackItUp Scheduler 3 - ok
22:48:16.0078 0156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:48:16.0468 0156 NetBIOS - ok
22:48:16.0531 0156 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:48:16.0906 0156 NetBT - ok
22:48:16.0984 0156 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:48:17.0375 0156 NetDDE - ok
22:48:17.0375 0156 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:48:17.0734 0156 NetDDEdsdm - ok
22:48:17.0781 0156 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:48:18.0125 0156 Netlogon - ok
22:48:18.0187 0156 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:48:18.0593 0156 Netman - ok
22:48:18.0750 0156 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:48:18.0812 0156 NetTcpPortSharing - ok
22:48:18.0875 0156 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:48:19.0000 0156 Nla - ok
22:48:19.0218 0156 NMIndexingService (62f68443d244024845b875b44d76a92f) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
22:48:19.0343 0156 NMIndexingService - ok
22:48:19.0453 0156 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:48:19.0859 0156 Npfs - ok
22:48:19.0921 0156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:48:20.0406 0156 Ntfs - ok
22:48:20.0453 0156 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
22:48:20.0796 0156 NtLmSsp - ok
22:48:20.0875 0156 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:48:21.0265 0156 NtmsSvc - ok
22:48:21.0296 0156 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:48:21.0750 0156 Null - ok
22:48:21.0921 0156 nv (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:48:22.0562 0156 nv - ok
22:48:22.0687 0156 NVSvc (5ed834603c36414b579979b3a9c90f54) C:\WINDOWS\system32\nvsvc32.exe
22:48:23.0093 0156 NVSvc - ok
22:48:23.0187 0156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:48:23.0718 0156 NwlnkFlt - ok
22:48:23.0765 0156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:48:24.0312 0156 NwlnkFwd - ok
22:48:24.0515 0156 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:48:24.0796 0156 odserv - ok
22:48:24.0875 0156 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
22:48:25.0125 0156 OMCI ( UnsignedFile.Multi.Generic ) - warning
22:48:25.0125 0156 OMCI - detected UnsignedFile.Multi.Generic (1)
22:48:25.0187 0156 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:48:25.0421 0156 ose - ok
22:48:25.0500 0156 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:48:25.0906 0156 Parport - ok
22:48:25.0984 0156 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:48:26.0375 0156 PartMgr - ok
22:48:26.0421 0156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:48:26.0953 0156 ParVdm - ok
22:48:27.0015 0156 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:48:27.0406 0156 PCI - ok
22:48:27.0437 0156 PCIDump - ok
22:48:27.0500 0156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:48:28.0031 0156 PCIIde - ok
22:48:28.0062 0156 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:48:28.0453 0156 Pcmcia - ok
22:48:28.0484 0156 PDCOMP - ok
22:48:28.0500 0156 PDFRAME - ok
22:48:28.0515 0156 PDRELI - ok
22:48:28.0546 0156 PDRFRAME - ok
22:48:28.0578 0156 perc2 - ok
22:48:28.0593 0156 perc2hib - ok
22:48:28.0687 0156 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
22:48:28.0968 0156 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
22:48:28.0968 0156 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
22:48:29.0031 0156 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:48:29.0093 0156 PlugPlay - ok
22:48:29.0171 0156 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:48:29.0515 0156 PolicyAgent - ok
22:48:29.0578 0156 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:48:29.0984 0156 PptpMiniport - ok
22:48:30.0015 0156 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:48:30.0406 0156 Processor - ok
22:48:30.0421 0156 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:48:30.0781 0156 ProtectedStorage - ok
22:48:30.0828 0156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:48:31.0250 0156 PSched - ok
22:48:31.0296 0156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:48:31.0828 0156 Ptilink - ok
22:48:31.0890 0156 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:48:32.0156 0156 PxHelp20 - ok
22:48:32.0187 0156 ql1080 - ok
22:48:32.0203 0156 Ql10wnt - ok
22:48:32.0218 0156 ql12160 - ok
22:48:32.0234 0156 ql1240 - ok
22:48:32.0265 0156 ql1280 - ok
22:48:32.0312 0156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:48:32.0843 0156 RasAcd - ok
22:48:32.0890 0156 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:48:33.0265 0156 RasAuto - ok
22:48:33.0296 0156 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:48:33.0640 0156 Rasl2tp - ok
22:48:33.0703 0156 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:48:34.0093 0156 RasMan - ok
22:48:34.0125 0156 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:48:34.0531 0156 RasPppoe - ok
22:48:34.0562 0156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:48:35.0093 0156 Raspti - ok
22:48:35.0140 0156 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:48:35.0515 0156 Rdbss - ok
22:48:35.0562 0156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:48:36.0046 0156 RDPCDD - ok
22:48:36.0125 0156 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
22:48:36.0593 0156 RDPWD - ok
22:48:36.0671 0156 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:48:37.0031 0156 RDSessMgr - ok
22:48:37.0109 0156 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:48:37.0515 0156 redbook - ok
22:48:37.0546 0156 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:48:37.0937 0156 RemoteAccess - ok
22:48:37.0984 0156 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
22:48:38.0703 0156 Rksample - ok
22:48:38.0750 0156 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
22:48:39.0093 0156 RpcLocator - ok
22:48:39.0203 0156 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:48:39.0281 0156 RpcSs - ok
22:48:39.0343 0156 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
22:48:39.0828 0156 RSVP - ok
22:48:39.0890 0156 rtl8139 (d6066a0596b13e486204dd365fdb2d4f) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:48:40.0390 0156 rtl8139 - ok
22:48:40.0453 0156 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:48:40.0796 0156 SamSs - ok
22:48:40.0859 0156 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:48:41.0234 0156 SCardSvr - ok
22:48:41.0281 0156 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:48:41.0687 0156 Schedule - ok
22:48:41.0734 0156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:48:42.0140 0156 Secdrv - ok
22:48:42.0203 0156 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:48:42.0593 0156 seclogon - ok
22:48:42.0625 0156 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:48:43.0031 0156 SENS - ok
22:48:43.0062 0156 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:48:43.0437 0156 serenum - ok
22:48:43.0484 0156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:48:43.0890 0156 Serial - ok
22:48:43.0984 0156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:48:44.0359 0156 Sfloppy - ok
22:48:44.0421 0156 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:48:44.0812 0156 SharedAccess - ok
22:48:44.0875 0156 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:48:44.0937 0156 ShellHWDetection - ok
22:48:44.0953 0156 Simbad - ok
22:48:45.0031 0156 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:48:45.0390 0156 SLIP - ok
22:48:45.0515 0156 smwdm (12d9287937366bf1c9ad7007b5407deb) C:\WINDOWS\system32\drivers\smwdm.sys
22:48:45.0859 0156 smwdm - ok
22:48:45.0937 0156 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
22:48:46.0640 0156 SoftFax - ok
22:48:46.0656 0156 Sparrow - ok
22:48:46.0703 0156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:48:47.0109 0156 splitter - ok
22:48:47.0171 0156 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:48:47.0265 0156 Spooler - ok
22:48:47.0500 0156 SpyHunter 4 Service (05580ac1c1cd96d04ef74ebd18dc81c3) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
22:48:47.0906 0156 SpyHunter 4 Service - ok
22:48:47.0953 0156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:48:48.0312 0156 sr - ok
22:48:48.0359 0156 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:48:48.0765 0156 srservice - ok
22:48:48.0843 0156 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:48:49.0140 0156 Srv - ok
22:48:49.0218 0156 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:48:49.0609 0156 SSDPSRV - ok
22:48:49.0687 0156 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:48:50.0093 0156 stisvc - ok
22:48:50.0171 0156 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:48:50.0531 0156 streamip - ok
22:48:50.0562 0156 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:48:50.0937 0156 swenum - ok
22:48:50.0968 0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:48:51.0328 0156 swmidi - ok
22:48:51.0343 0156 SwPrv - ok
22:48:51.0375 0156 symc810 - ok
22:48:51.0406 0156 symc8xx - ok
22:48:51.0421 0156 sym_hi - ok
22:48:51.0437 0156 sym_u3 - ok
22:48:51.0500 0156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:48:51.0906 0156 sysaudio - ok
22:48:51.0984 0156 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:48:52.0328 0156 SysmonLog - ok
22:48:52.0390 0156 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:48:52.0781 0156 TapiSrv - ok
22:48:52.0843 0156 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:48:52.0984 0156 Tcpip - ok
22:48:53.0046 0156 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:48:53.0437 0156 TDPIPE - ok
22:48:53.0468 0156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:48:53.0828 0156 TDTCP - ok
22:48:53.0859 0156 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:48:54.0265 0156 TermDD - ok
22:48:54.0343 0156 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:48:54.0734 0156 TermService - ok
22:48:54.0781 0156 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:48:54.0843 0156 Themes - ok
22:48:54.0921 0156 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
22:48:55.0671 0156 Tones - ok
22:48:55.0687 0156 TosIde - ok
22:48:55.0734 0156 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:48:56.0140 0156 TrkWks - ok
22:48:56.0218 0156 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:48:56.0609 0156 Udfs - ok
22:48:56.0625 0156 ultra - ok
22:48:56.0703 0156 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:48:57.0125 0156 Update - ok
22:48:57.0187 0156 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:48:57.0546 0156 upnphost - ok
22:48:57.0593 0156 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:48:57.0968 0156 UPS - ok
22:48:58.0015 0156 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:48:58.0531 0156 USBAAPL - ok
22:48:58.0562 0156 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:48:58.0906 0156 usbaudio - ok
22:48:58.0953 0156 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:48:59.0359 0156 usbccgp - ok
22:48:59.0437 0156 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:48:59.0812 0156 usbehci - ok
22:48:59.0843 0156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:49:00.0203 0156 usbhub - ok
22:49:00.0265 0156 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:49:00.0656 0156 usbprint - ok
22:49:00.0718 0156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:49:01.0109 0156 usbscan - ok
22:49:01.0187 0156 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:49:01.0578 0156 USBSTOR - ok
22:49:01.0640 0156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:49:02.0046 0156 usbuhci - ok
22:49:02.0078 0156 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:49:02.0437 0156 usbvideo - ok
22:49:02.0515 0156 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
22:49:03.0250 0156 V124 - ok
22:49:03.0312 0156 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:49:03.0671 0156 VgaSave - ok
22:49:03.0687 0156 ViaIde - ok
22:49:03.0750 0156 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:49:04.0093 0156 VolSnap - ok
22:49:04.0171 0156 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:49:04.0531 0156 VSS - ok
22:49:04.0609 0156 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:49:05.0000 0156 W32Time - ok
22:49:05.0078 0156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:49:05.0421 0156 Wanarp - ok
22:49:05.0453 0156 WDICA - ok
22:49:05.0500 0156 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:49:05.0906 0156 wdmaud - ok
22:49:05.0984 0156 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:49:06.0343 0156 WebClient - ok
22:49:06.0468 0156 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
22:49:06.0953 0156 winachsf - ok
22:49:07.0125 0156 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
22:49:07.0171 0156 WinDefend - ok
22:49:07.0328 0156 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:49:07.0671 0156 winmgmt - ok
22:49:07.0734 0156 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll
22:49:08.0078 0156 WmdmPmSN - ok
22:49:08.0171 0156 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:49:08.0531 0156 WmiApSrv - ok
22:49:08.0609 0156 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:49:09.0109 0156 WS2IFSL - ok
22:49:09.0187 0156 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:49:09.0531 0156 wscsvc - ok
22:49:09.0578 0156 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:49:09.0953 0156 WSTCODEC - ok
22:49:10.0000 0156 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:49:10.0343 0156 wuauserv - ok
22:49:10.0437 0156 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:49:10.0828 0156 WZCSVC - ok
22:49:10.0890 0156 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:49:11.0265 0156 xmlprov - ok
22:49:11.0312 0156 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:49:12.0000 0156 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:49:12.0000 0156 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:49:12.0031 0156 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
22:49:17.0593 0156 \Device\Harddisk1\DR1 - ok
22:49:17.0640 0156 Boot (0x1200) (a384bb46cb41360ba0b17d4e8ab1c472) \Device\Harddisk0\DR0\Partition0
22:49:17.0640 0156 \Device\Harddisk0\DR0\Partition0 - ok
22:49:17.0671 0156 Boot (0x1200) (4abee8fbd8bc1b5ee15462ab80a447c1) \Device\Harddisk1\DR1\Partition0
22:49:17.0671 0156 \Device\Harddisk1\DR1\Partition0 - ok
22:49:17.0687 0156 ============================================================
22:49:17.0687 0156 Scan finished
22:49:17.0687 0156 ============================================================
22:49:17.0812 3772 Detected object count: 10
22:49:17.0812 3772 Actual detected object count: 10
22:52:19.0968 3772 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:19.0968 3772 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:19.0968 3772 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:19.0968 3772 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:19.0984 3772 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:19.0984 3772 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:19.0984 3772 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:19.0984 3772 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:20.0000 3772 incdrm ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:20.0000 3772 incdrm ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:20.0000 3772 InCDsrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:20.0000 3772 InCDsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:20.0000 3772 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:20.0000 3772 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:20.0000 3772 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:20.0000 3772 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:20.0000 3772 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:20.0000 3772 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:20.0000 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:52:20.0000 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:53:19.0562 1216 Deinitialize success
I will send you soon the Virus Removal Tool file.
Cordialement.
Picsou
-
Bonjour Maniac,
Sorry If I did not reply rapidly to your last message. I was away for the last 3 days.
Bonjour Maniac,
As requested, i emptied the REcycle Bin.
I tested my bank access and tested the same link (for a limited time offer for a rate) that is redirected. I clicked on it, received a Security Alert message saying:
"You are about to leave a secure internet connection. It will be possible to others to view information you you send. Do you want to continue? ...."
When clicking YES I was redirected to the following link:
After that, I closed my bank access, closed IE and reopened it and navigated on the bank site without accessing my account. I found that each time the URL on a section of a page, contained "https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=26192"'>https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=26192" I was redirected to the URL above.
Accordingly, by instance, I was also redirected with the following URL: https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=30464
Note that each time there is a UrL having this format:
https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=26192
https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=30464
It is redirected to an advertisement for Panda Antivirus.
I am disappointed that all the work done did not seem to resolve the issue. I still have the redirections. But note that I have them (redirections) only when I click on URL that has the format and syntax above.
Any suggestion?
Regards,
Picsou.
-
Hello Maniac,
I manually deleted the folders
c:\documents and settings\Owner\Local Settings\Application Data\Conduit
c:\documents and settings\Hélène\Local Settings\Application Data\Conduit
and also other files that had Conduit name in the file name. All these files (138) were created on May 23 (when I think I was infected first) and on June 1, 2012.
See image: in the word file attached (sorry, unable to attach it and it is images from the Recycle Bin). Most of the files relate to WiseConvert.
2 examples:
http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png
http___storage_conduit_com_bankimages_CommandComps_RegistryEditor_gif
I did not empty the Recycle BIN . Should I empty it?
And what is the next step?
Cordialment,
Picsou.
-
Bonjour Maniac,
Find attached the ComboFix.txt file after running ComboFix with the CFScript.txt file incorporated. Note that I had to run it twice at it seems it did not work properly the first time. Before, just a quick question for you:
When I started IE to post this message, I had a pop-up asking if I wanted to make IE as my web browser by default , leaving to understand that it could not be. is this normal?
the comboFix File:
ComboFix 12-06-15.02 - Gilles 15/06/2012 10:26:34.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.422 [GMT -4:00]
Running from: c:\documents and settings\Gilles\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gilles\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-13 22:06 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-13 02:33 . 2012-06-13 02:33 -------- d-----w- c:\program files\ESET
2012-06-12 21:57 . 2012-06-12 21:57 -------- d-----w- C:\_OTL
2012-06-11 17:36 . 2012-06-11 17:36 -------- d-----w- c:\documents and settings\Hélène\Application Data\Malwarebytes
2012-06-08 18:32 . 2012-06-08 18:32 110080 ----a-r- c:\documents and settings\Gilles\Application Data\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconF7A21AF7.exe
2012-06-08 18:32 . 2012-06-08 18:32 110080 ----a-r- c:\documents and settings\Gilles\Application Data\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconD7F16134.exe
2012-06-08 18:32 . 2012-06-08 18:32 110080 ----a-r- c:\documents and settings\Gilles\Application Data\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconCF33A0CE.exe
2012-06-08 18:32 . 2012-06-08 18:33 -------- d-----w- C:\sh4ldr
2012-06-08 18:32 . 2012-06-08 18:32 -------- d-----w- c:\program files\Enigma Software Group
2012-06-08 18:31 . 2012-06-08 18:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-06-05 03:55 . 2012-06-05 03:55 -------- d-sh--w- c:\documents and settings\Hélène\IECompatCache
2012-06-01 17:35 . 2012-06-01 17:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit
2012-06-01 17:31 . 2012-06-01 17:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WiseConvert
2012-05-31 21:56 . 2012-05-31 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-31 21:55 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-23 19:40 . 2012-06-01 18:16 -------- d-----w- c:\documents and settings\Hélène\Local Settings\Application Data\WiseConvert
2012-05-23 19:40 . 2012-06-01 21:38 -------- d-----w- c:\documents and settings\Hélène\Local Settings\Application Data\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2001-08-18 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 13:20 . 2001-08-18 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2001-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2001-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2001-08-18 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2001-08-18 12:00 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-12-21 22:42 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2004-10-01 20:00 . 2008-01-04 02:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-14_03.35.16 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-06-12 23:00 . 2012-06-14 00:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-12 23:00 . 2012-06-15 12:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-21 22:49 . 2012-06-15 12:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-12-21 22:49 . 2012-06-14 00:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-06-15 03:06 . 2012-06-15 03:06 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll
- 2009-12-21 17:31 . 2012-05-31 20:00 245512 c:\windows\system32\FNTCACHE.DAT
+ 2009-12-21 17:31 . 2012-06-14 04:05 245512 c:\windows\system32\FNTCACHE.DAT
+ 2012-06-15 03:04 . 2012-06-15 03:04 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\b412e064a383e0ca090e2c0111f816dd\XPBurnComponent.ni.dll
+ 2012-06-15 03:06 . 2012-06-15 03:06 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll
+ 2012-06-15 03:06 . 2012-06-15 03:06 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll
+ 2012-06-15 03:06 . 2012-06-15 03:06 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll
+ 2012-06-15 03:06 . 2012-06-15 03:06 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll
+ 2012-06-15 03:06 . 2012-06-15 03:06 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll
+ 2012-06-15 03:06 . 2012-06-15 03:06 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll
+ 2012-06-15 03:03 . 2012-06-15 03:03 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
+ 2012-06-15 03:03 . 2012-06-15 03:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
+ 2012-06-15 03:04 . 2012-06-15 03:04 230912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\6f3ec9b5a3e2a712e6b70edd6585bb2d\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2012-06-15 03:03 . 2012-06-15 03:03 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\487d532a59d9d2e8fa9288be13c686ea\DriversHQ.DriverDetective.Common.ni.dll
+ 2012-06-15 03:07 . 2012-06-15 03:07 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll
+ 2012-06-15 03:07 . 2012-06-15 03:07 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll
+ 2012-06-15 03:07 . 2012-06-15 03:07 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll
+ 2012-06-15 03:07 . 2012-06-15 03:07 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll
+ 2012-06-15 03:03 . 2012-06-15 03:03 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
+ 2012-06-15 03:06 . 2012-06-15 03:06 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll
+ 2012-06-15 03:06 . 2012-06-15 03:06 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll
+ 2012-06-15 03:03 . 2012-06-15 03:03 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll
+ 2012-06-15 03:05 . 2012-06-15 03:05 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
+ 2012-06-15 03:04 . 2012-06-15 03:04 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll
+ 2012-06-15 03:05 . 2012-06-15 03:05 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-15 03:03 . 2012-06-15 03:03 4675584 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\5e4b2849a69b40ceb6ff2fb0ff566ce7\DriversHQ.DriverDetective.Client.ni.exe
+ 2012-06-15 03:04 . 2012-06-15 03:04 1132032 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.Common\83087a68cbdcc4d85b34ba10de764267\DriversHQ.Common.ni.dll
+ 2012-06-15 03:03 . 2012-06-15 03:03 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-06 185896]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-01-19 232104]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Gilles\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Hélène\Start Menu\Programs\Startup\
AOM.lnk - c:\program files\Common Files\Adobe\Web\AOM.exe [2002-8-1 696320]
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2002-8-26 49254]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2002-10-23 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2005-07-08 15:25 1397760 ------w- c:\program files\Ahead\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 ----a-w- d:\programs\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-06-03 16:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- d:\programs\winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\programs\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [13/04/2010 8:08 PM 89792]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\program files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09/10/2009 6:45 AM 169312]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23/12/2009 1:13 AM 95200]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [13/04/2010 8:07 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [13/04/2010 8:07 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [13/04/2010 8:08 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [13/04/2010 8:08 PM 151880]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [13/04/2010 8:08 PM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [13/04/2010 8:08 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [13/04/2010 8:08 PM 83856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/04/2009 9:22 PM 133104]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [02/06/2012 2:58 PM 763840]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [06/05/2011 4:57 PM 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/04/2009 9:22 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 8:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [13/04/2010 8:08 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [13/04/2010 8:08 PM 87656]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [18/08/2001 8:00 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 01:22]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 01:22]
.
2012-06-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
.
2012-06-15 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
.
2012-06-10 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lactualite.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: gouv.qc.ca\www.registrefoncier
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-15 10:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2076)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-06-15 11:03:26
ComboFix-quarantined-files.txt 2012-06-15 15:03
ComboFix2.txt 2012-06-15 13:59
ComboFix3.txt 2012-06-14 03:41
.
Pre-Run: 6,412,869,632 bytes free
Post-Run: 6,393,147,392 bytes free
.
- - End Of File - - 197E5411ED745C7FD4CEBD3699799886
What the next step?
Picsou
-
Hello Maniac,
Last message should have been signed as Picsou and not Maniac. ;-))
Regards,
Picsou
-
Bonjour Maniac,
I ran ComboFix and I am providing the ComboFix.txt file below. But before, I would like to inform you that during the scan, a window was popping up very often (by instance, after each Stage) . The header indicated: NIRKMD and the text inside the window was:
"Windows cannot find "Nirkmd". Make sure you typed the name correctly and then try again. To search for a file, click the Start Button and then click Search"
Note that in the first time that ComboFix was running, there was a message with respect NIRKMD. but i did not take note of it.
Each time there was a stage completed, the window above popped up. I had to click OK to have it disappeared and continue the SCAN process. I am not sure if this could be related to the following: just before I started the comboFix process, I had a Microsoft Security update (with 7 installation) that took place... but i did not restart my computer right away to complete the installation. Can this be related to the pop-up window?
Here it the ComboFix.txt file:
ComboFix 12-06-13.05 - Gilles 13/06/2012 23:09:29.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.435 [GMT -4:00]
Running from: c:\documents and settings\Gilles\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
c:\documents and settings\Gilles\GoToAssistDownloadHelper.exe
c:\documents and settings\Gilles\My Documents\~WRL0675.tmp
c:\documents and settings\Gilles\My Documents\~WRL0728.tmp
c:\documents and settings\Gilles\My Documents\~WRL1481.tmp
c:\documents and settings\Gilles\My Documents\~WRL3865.tmp
c:\documents and settings\Gilles\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\program files\Internet Explorer\SET24DA.tmp
c:\program files\Internet Explorer\SET24DC.tmp
c:\program files\Messenger\type.wav.bak
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\SET24C9.tmp
c:\windows\system32\SET24CA.tmp
c:\windows\system32\SET24CB.tmp
c:\windows\system32\SET24CF.tmp
c:\windows\system32\SET24D0.tmp
c:\windows\system32\SET24D1.tmp
c:\windows\system32\SET24D5.tmp
c:\windows\system32\SET24D6.tmp
c:\windows\system32\SET24D7.tmp
c:\windows\XSxS
G:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))
.
.
2012-06-13 22:06 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-13 22:06 . 2012-06-13 22:06 -------- d-----w- c:\windows\LastGood
2012-06-13 02:33 . 2012-06-13 02:33 -------- d-----w- c:\program files\ESET
2012-06-12 21:57 . 2012-06-12 21:57 -------- d-----w- C:\_OTL
2012-06-11 17:36 . 2012-06-11 17:36 -------- d-----w- c:\documents and settings\Hélène\Application Data\Malwarebytes
2012-06-08 18:32 . 2012-06-08 18:32 110080 ----a-r- c:\documents and settings\Gilles\Application Data\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconF7A21AF7.exe
2012-06-08 18:32 . 2012-06-08 18:32 110080 ----a-r- c:\documents and settings\Gilles\Application Data\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconD7F16134.exe
2012-06-08 18:32 . 2012-06-08 18:32 110080 ----a-r- c:\documents and settings\Gilles\Application Data\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconCF33A0CE.exe
2012-06-08 18:32 . 2012-06-08 18:33 -------- d-----w- C:\sh4ldr
2012-06-08 18:32 . 2012-06-08 18:32 -------- d-----w- c:\program files\Enigma Software Group
2012-06-08 18:31 . 2012-06-08 18:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-06-05 03:55 . 2012-06-05 03:55 -------- d-sh--w- c:\documents and settings\Hélène\IECompatCache
2012-06-01 17:35 . 2012-06-01 17:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit
2012-06-01 17:31 . 2012-06-01 17:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WiseConvert
2012-05-31 21:56 . 2012-05-31 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-31 21:55 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-23 19:40 . 2012-06-01 18:16 -------- d-----w- c:\documents and settings\Hélène\Local Settings\Application Data\WiseConvert
2012-05-23 19:40 . 2012-06-01 21:38 -------- d-----w- c:\documents and settings\Hélène\Local Settings\Application Data\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2001-08-18 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 13:20 . 2001-08-18 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2001-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2001-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2001-08-18 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2001-08-18 12:00 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-12-21 22:42 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2004-10-01 20:00 . 2008-01-04 02:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-06 185896]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-01-19 232104]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Gilles\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Hélène\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2002-8-26 49254]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2002-10-23 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2005-07-08 15:25 1397760 ------w- c:\program files\Ahead\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 ----a-w- d:\programs\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-06-03 16:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- d:\programs\winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\programs\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [13/04/2010 8:08 PM 89792]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\program files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09/10/2009 6:45 AM 169312]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23/12/2009 1:13 AM 95200]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [13/04/2010 8:07 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [13/04/2010 8:07 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [13/04/2010 8:08 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [13/04/2010 8:08 PM 151880]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [13/04/2010 8:08 PM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [13/04/2010 8:08 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [13/04/2010 8:08 PM 83856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/04/2009 9:22 PM 133104]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [02/06/2012 2:58 PM 763840]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [06/05/2011 4:57 PM 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/04/2009 9:22 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 8:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [13/04/2010 8:08 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [13/04/2010 8:08 PM 87656]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 01:22]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 01:22]
.
2012-06-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
.
2012-06-12 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
.
2012-06-10 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lactualite.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: gouv.qc.ca\www.registrefoncier
TCP: DhcpNameServer = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-RemoteControl - c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Gilles\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-13 23:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\COMRes.dll
.
Completion time: 2012-06-13 23:41:36
ComboFix-quarantined-files.txt 2012-06-14 03:41
.
Pre-Run: 6,007,185,408 bytes free
Post-Run: 6,361,702,400 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 24E64E114E296CC45091A8D716EDA00D
I will restart the PC hoping that everything will work.
Regards,
Maniac
-
Bonjour Maniac,
Find below the ESET Log file:
as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=ed5d1078ed2b71409c89bfe48625e88f# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-06-13 05:53:20# local_time=2012-06-13 01:53:20 (-0500, Eastern Daylight Time)# country="Canada"# lang=1033# osver=5.1.2600 NT Service Pack 3# compatibility_mode=5121 16777173 100 75 3644929 39938490 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=165803# found=0# cleaned=0# scan_time=11773Is it finished?
Picsou
-
Bonjour Maniac,
Find below the OTL Fix Log to get rid of AskTBar:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ not found.
C:\Documents and Settings\Gilles\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Gilles\Application Data\PriceGong folder moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Application Data\Conduit\Toolbar\Facebook folder moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Application Data\Conduit\Toolbar folder moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Application Data\Conduit folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT moved successfully.
C:\Documents and Settings\Gilles\Application Data\LimeWire\xml\data folder moved successfully.
C:\Documents and Settings\Gilles\Application Data\LimeWire\xml folder moved successfully.
C:\Documents and Settings\Gilles\Application Data\LimeWire\themes\windows_theme folder moved successfully.
C:\Documents and Settings\Gilles\Application Data\LimeWire\themes folder moved successfully.
C:\Documents and Settings\Gilles\Application Data\LimeWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\Gilles\Application Data\LimeWire folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Hélène\Application Data\PriceGong folder moved successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\AskTBar Uninstall not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 5334525 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: All Users
User: Default User
->Temp folder emptied: 5334525 bytes
->Temporary Internet Files folder emptied: 33438 bytes
->Flash cache emptied: 56509 bytes
User: Elise
User: Gilles
->Temp folder emptied: 610345671 bytes
->Temporary Internet Files folder emptied: 336876484 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 391389 bytes
User: Guest
->Temp folder emptied: 5334525 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Hélène
->Temp folder emptied: 26592509 bytes
->Temporary Internet Files folder emptied: 45935678 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 630 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67976 bytes
->Flash cache emptied: 5620 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Owner
->Temp folder emptied: 56251525 bytes
->Temporary Internet Files folder emptied: 446681079 bytes
->Flash cache emptied: 9890 bytes
User: Premier ministre
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1449068 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 188431589 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 286587529 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 178025 bytes
RecycleBin emptied: 34662007 bytes
Total Files Cleaned = 1,956.00 mb
Error creating restore point.
OTL by OldTimer - Version 3.2.48.0 log created on 06122012_175753
Files\Folders moved on Reboot...
C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\ZTK4B8EK\fastbutton[2].htm moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\ZTK4B8EK\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\ZC1QIPAN\index[4].htm moved successfully.
File\Folder C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\6A3DTRPZ\search[1]. not found!
C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
What's next?
Picsou
-
Bonjour Maniac, Hello, Thank you for your help. Find below files requested. Note that I was unable to uninstall ASK Toobar. (see error message)
a) Uninstall Ask Toolbar :
Was unable to uninstall it: Got the following error message : In a separate window: RUNDLL : Error Loading C:\PROGRA~1\ASKTBAR\bar\1.bin\ASKTBAR.DLL. The specified module could not be found.
b) Uninstall My Start Toolbar:
Reply: Uninstall was completed.
c) Run aswMBR.exe and OTL: Done : see attached files
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-12 12:17:11
-----------------------------
12:17:11.671 OS Version: Windows 5.1.2600 Service Pack 3
12:17:11.671 Number of processors: 1 586 0x102
12:17:11.671 ComputerName: OWNER-AKF11BV1P UserName: Gilles
12:17:12.671 Initialize success
12:19:02.500 AVAST engine defs: 12061200
12:19:23.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
12:19:23.140 Disk 0 Vendor: MAXTOR_6L040J2 A93.0500 Size: 38172MB BusType: 3
12:19:23.156 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
12:19:23.156 Disk 1 Vendor: MAXTOR_STM3200820A 3.AAE Size: 190782MB BusType: 3
12:19:23.171 Disk 0 MBR read successfully
12:19:23.171 Disk 0 MBR scan
12:19:23.218 Disk 0 Windows XP default MBR code
12:19:23.234 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
12:19:23.250 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 38130 MB offset 64260
12:19:23.265 Disk 0 scanning sectors +78156225
12:19:23.375 Disk 0 scanning C:\WINDOWS\system32\drivers
12:20:02.562 Service scanning
12:20:54.828 Modules scanning
12:21:21.328 Disk 0 trace - called modules:
12:21:21.359 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:21:21.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83795ab8]
12:21:21.359 3 CLASSPNP.SYS[f75e3fd7] -> nt!IofCallDriver -> \Device\00000064[0x837894c8]
12:21:21.359 5 ACPI.sys[f755a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83787d98]
12:21:21.750 AVAST engine scan C:\WINDOWS
12:21:50.578 AVAST engine scan C:\WINDOWS\system32
12:29:12.984 AVAST engine scan C:\WINDOWS\system32\drivers
12:30:00.218 AVAST engine scan C:\Documents and Settings\Gilles
13:01:05.359 AVAST engine scan C:\Documents and Settings\All Users
13:21:29.375 Scan finished successfully
13:23:54.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gilles\Desktop\MBR.dat"
13:23:54.593 The log file has been saved successfully to "C:\Documents and Settings\Gilles\Desktop\aswMBR.txt"
OTL
OTL logfile created on: 12/06/2012 1:30:02 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Gilles\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
766.80 Mb Total Physical Memory | 370.41 Mb Available Physical Memory | 48.31% Memory free
1.83 Gb Paging File | 1.13 Gb Available in Paging File | 61.62% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 2.49 Gb Free Space | 6.68% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 88.87 Gb Free Space | 47.70% Space Free | Partition Type: NTFS
Drive G: | 596.17 Gb Total Space | 154.97 Gb Free Space | 25.99% Space Free | Partition Type: NTFS
Drive H: | 30.83 Mb Total Space | 2.60 Mb Free Space | 8.44% Space Free | Partition Type: FAT
Computer Name: OWNER-AKF11BV1P | User Name: Gilles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/12 13:26:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gilles\Desktop\OTL.exe
PRC - [2012/06/02 14:59:00 | 005,076,416 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2012/06/02 14:58:48 | 000,763,840 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2011/01/19 11:02:44 | 000,232,104 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/12/02 15:29:52 | 002,221,352 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2001/03/15 08:18:18 | 000,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
PRC - [1998/12/04 21:02:50 | 000,589,824 | ---- | M] (Fred's Software Company) -- C:\Program Files\printkey\Printkey.exe
========== Modules (No Company Name) ==========
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/02/13 13:44:56 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/02/13 13:44:52 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/02/13 13:44:52 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2001/10/11 16:34:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/02 14:58:48 | 000,763,840 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2012/03/22 19:29:08 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/12/26 21:08:39 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2005/07/08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Gilles\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Gilles\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2010/05/14 18:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/14 18:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 905(UVC)
DRV - [2010/05/14 18:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2005/07/08 18:17:56 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005/07/08 18:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 18:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/07/08 11:17:31 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2001/09/03 17:14:38 | 000,025,454 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2001/08/17 09:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 09:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 09:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 09:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 09:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 09:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 09:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 09:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 09:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lactualite.com/
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 2F 15 F6 72 8A CA 01 [binary data]
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enCA359
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\programs\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/23 18:30:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/06/08 17:37:39 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2001/08/18 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120429230329.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..Trusted Domains: gouv.qc.ca ([www.registrefoncier] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261492779045 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268959760125 (MUWebControl Class)
O16 - DPF: {DB28CF23-0083-40B5-BF63-69925D672385} http://www.nero.com/doc/NeroVersionChecker.cab (CNeroSerialChecker Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://infolot.mrnf.gouv.qc.ca/ACGM/acgm.cab (ActiveCGM Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{195DA4A8-BFF1-4173-9F08-100DA3E0C850}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-ir2009 {E4616804-F2F8-4839-B728-5305004DA6A7} - C:\Program Files\ImpotRapide 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-ir2011 {DFF68B15-A8D3-420b-B32C-E9554E2F5C15} - C:\Program Files\ImpotRapide 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/21 18:46:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/05 14:52:34 | 000,000,000 | ---D | M] - D:\autoplay cd -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/12 13:26:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gilles\Desktop\OTL.exe
[2012/06/12 12:16:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Gilles\Desktop\aswMBR.exe
[2012/06/12 08:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/06/08 19:07:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/06/08 19:07:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gilles\Start Menu\Programs\Administrative Tools
[2012/06/08 19:01:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Gilles\Desktop\dds.scr
[2012/06/08 14:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilles\Start Menu\Programs\SpyHunter
[2012/06/08 14:32:02 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/06/08 14:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/06/08 14:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/05/31 17:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/31 17:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/31 17:55:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/24 14:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilles\Application Data\PriceGong
[2012/05/24 14:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilles\Local Settings\Application Data\Conduit
[2012/05/23 15:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\Gilles\My Documents\*.tmp files -> C:\Documents and Settings\Gilles\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/12 14:12:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/12 13:26:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gilles\Desktop\OTL.exe
[2012/06/12 13:23:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Gilles\Desktop\MBR.dat
[2012/06/12 12:16:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Gilles\Desktop\aswMBR.exe
[2012/06/11 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2012/06/11 15:12:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/11 13:01:14 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/06/10 03:06:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2012/06/08 19:01:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Gilles\Desktop\dds.scr
[2012/06/08 17:33:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2012/06/08 17:32:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/08 17:32:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/06/08 17:32:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/06/08 14:32:20 | 000,001,975 | ---- | M] () -- C:\Documents and Settings\Gilles\Desktop\SpyHunter.lnk
[2012/06/06 09:15:46 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Gilles\Application Data\default.pls
[2012/06/04 21:14:37 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2012/06/03 16:29:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/31 17:56:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/31 16:00:04 | 000,245,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/28 21:31:17 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Gilles\Desktop\MyFonts Order M3792118.msi
[2012/05/24 16:55:47 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Gilles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\Gilles\My Documents\*.tmp files -> C:\Documents and Settings\Gilles\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/12 13:23:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Gilles\Desktop\MBR.dat
[2012/06/08 14:32:20 | 000,001,975 | ---- | C] () -- C:\Documents and Settings\Gilles\Desktop\SpyHunter.lnk
[2012/05/31 17:56:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/28 21:30:46 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\Gilles\Desktop\MyFonts Order M3792118.msi
[2012/02/15 22:50:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/18 22:33:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2011/12/18 22:33:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2011/05/29 22:29:14 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2011/05/29 21:09:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/29 21:09:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/02/26 00:07:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/12/26 20:17:12 | 000,786,504 | ---- | C] () -- C:\WINDOWS\System32\CNQ9602N.DAT
[2010/12/26 20:17:12 | 000,296,064 | ---- | C] () -- C:\WINDOWS\System32\CNQ9602W.DAT
[2010/07/16 22:50:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/16 22:29:25 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
========== LOP Check ==========
[2011/12/21 19:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2011/12/18 17:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/12/26 20:21:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/12/26 20:52:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2009/12/23 00:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/12/26 21:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/01/08 20:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/12/22 13:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/05/29 13:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/01/04 08:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2009/12/22 12:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/12/22 12:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2011/05/29 13:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/12/23 00:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/02/22 00:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/20 22:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/26 20:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Canon
[2006/05/05 23:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\HotSync
[2008/01/02 13:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\ImageMatics
[2004/10/29 19:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Inspiration Software
[2002/08/26 21:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\InterTrust
[2011/03/21 00:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\LANCITE
[2010/07/16 22:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Leadertech
[2008/01/13 23:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\LimeWire
[2006/12/30 22:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\muvee Technologies
[2008/02/18 01:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Netscape
[2003/01/25 01:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\NewSoft
[2006/12/30 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Nikon
[2003/01/26 02:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\NSBackup
[2011/02/05 11:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\PhotoInPress
[2012/05/26 11:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\PriceGong
[2003/12/14 00:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Qualcomm
[2003/01/24 23:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\ScanSoft
[2008/01/08 22:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\STOIK
[2009/03/29 12:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Uniblue
[2008/12/30 22:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\XnView
[2011/12/22 11:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\mystarttb
[2011/12/22 12:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\Nikon
[2011/02/05 10:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\PhotoInPress
[2012/06/01 14:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\PriceGong
[2010/01/15 23:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\Qualcomm
[2008/08/26 23:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\Vidéotron
[2009/12/23 01:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/12/24 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2009/12/22 12:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2012/06/01 13:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mystarttb
[2009/12/23 00:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NewSoft
[2009/12/31 22:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2012/06/01 13:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2010/01/15 22:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Qualcomm
[2009/12/22 12:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2012/06/11 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2012/06/08 17:33:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2012/06/10 03:06:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
========== Purity Check ==========
< End of report >
OTL extras:
OTL Extras logfile created on: 12/06/2012 1:30:02 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Gilles\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
766.80 Mb Total Physical Memory | 370.41 Mb Available Physical Memory | 48.31% Memory free
1.83 Gb Paging File | 1.13 Gb Available in Paging File | 61.62% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 2.49 Gb Free Space | 6.68% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 88.87 Gb Free Space | 47.70% Space Free | Partition Type: NTFS
Drive G: | 596.17 Gb Total Space | 154.97 Gb Free Space | 25.99% Space Free | Partition Type: NTFS
Drive H: | 30.83 Mb Total Space | 2.60 Mb Free Space | 8.44% Space Free | Partition Type: FAT
Computer Name: OWNER-AKF11BV1P | User Name: Gilles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\programs\winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\programs\winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\programs\winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"D:\programs\iTunes.exe" = D:\programs\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0F8C8B5A-B076-4400-8262-41D6131099ED}" = ImpôtRapide 2009
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9602" = CanoScan 9000F Scanner Driver
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2543F30B-538A-11D5-A80C-00E098871F9D}" = Print@Fujicolor
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4D6B46F2-A261-44CA-A7F5-1FEA4EFBEB59}" = ImpôtRapide 2010
"{4FEE3953-CE3D-4D46-8835-2FF0D5F64098}" = ImpôtRapide 2011
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{580183A6-FF92-11D5-9294-0050BA073EEC}" = Presto! PageManager 6
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{891D0B03-05DF-4CD1-B267-268FDA1C1033}" = Nero 8
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E816F70-50E9-4BF0-B3CD-BB140EAC3171}" = Microsoft Combat Flight Simulator 3 Mission Pack
"{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}" = SpyHunter
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{C7A64AE6-591B-EB08-C327-EEC4B6EBFD05}" = MyFonts Order M3792118
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AceHTML Freeware" = AceHTML Freeware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AskTBar Uninstall" = Ask Toolbar
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Combat Flight Simulator 3.0" = Microsoft Combat Flight Simulator 3.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Deskjet 6500 Series_Driver" = HP Deskjet 6500 Series
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"lvdrivers_12.10" = Coffret de pilotes Logitech Webcam Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MSC" = McAfee AntiVirus Plus
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroMediaHome!UninstallKey" = Nero MediaHome CE
"NeroRecode!UninstallKey" = Nero Recode CE
"NeroShowTime!UninstallKey" = Nero ShowTime CE
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoInPressBookDesigner" = PhotoInPress BookDesigner
"RegCure" = RegCure
"SystemRequirementsLab" = System Requirements Lab
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27/05/2012 10:56:51 PM | Computer Name = OWNER-AKF11BV1P | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 28/05/2012 7:34:19 PM | Computer Name = OWNER-AKF11BV1P | Source = Application Error | ID = 1000
Description = Faulting application nmindexstoresvr.exe, version 3.3.8.0, faulting
module unknown, version 0.0.0.0, fault address 0x02109542.
Error - 29/05/2012 1:45:15 AM | Computer Name = OWNER-AKF11BV1P | Source = Application Error | ID = 1000
Description = Faulting application NMIndexingService.exe, version 3.3.9.0, faulting
module unknown, version 0.0.0.0, fault address 0x007db9c1.
Error - 29/05/2012 9:20:17 AM | Computer Name = OWNER-AKF11BV1P | Source = Application Error | ID = 1000
Description = Faulting application nmindexstoresvr.exe, version 3.3.8.0, faulting
module unknown, version 0.0.0.0, fault address 0x00650528.
Error - 29/05/2012 3:26:20 PM | Computer Name = OWNER-AKF11BV1P | Source = Application Error | ID = 1000
Description = Faulting application nmindexstoresvr.exe, version 3.3.8.0, faulting
module unknown, version 0.0.0.0, fault address 0x01e1cb04.
Error - 30/05/2012 2:36:13 PM | Computer Name = OWNER-AKF11BV1P | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash11f.ocx, version 11.1.102.62, fault address 0x00406230.
Error - 01/06/2012 11:05:40 AM | Computer Name = OWNER-AKF11BV1P | Source = Application Error | ID = 1000
Description = Faulting application nmindexstoresvr.exe, version 3.3.8.0, faulting
module unknown, version 0.0.0.0, fault address 0x006ba378.
Error - 01/06/2012 1:37:59 PM | Computer Name = OWNER-AKF11BV1P | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2648 (0xa58) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.387
/ 5400.1158 5008(0)(0) 5006(0)(0) 5004(0)(0) 5000(0)(0) 15001(0)(0) 5008(0)(0)
0(0)(0) 5008(1578)(0)
Error - 01/06/2012 2:29:48 PM | Computer Name = OWNER-AKF11BV1P | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 11/06/2012 12:54:52 PM | Computer Name = OWNER-AKF11BV1P | Source = Application Error | ID = 1000
Description = Faulting application nmindexstoresvr.exe, version 3.3.8.0, faulting
module unknown, version 0.0.0.0, fault address 0x00651a34.
[ OSession Events ]
Error - 30/12/2010 1:55:42 AM | Computer Name = OWNER-AKF11BV1P | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16093
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 01/06/2012 1:38:07 PM | Computer Name = OWNER-AKF11BV1P | Source = Service Control Manager | ID = 7031
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.
Error - 01/06/2012 2:11:23 PM | Computer Name = OWNER-AKF11BV1P | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.
Error - 04/06/2012 10:35:30 PM | Computer Name = OWNER-AKF11BV1P | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.
Error - 05/06/2012 3:16:05 AM | Computer Name = OWNER-AKF11BV1P | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.
Error - 05/06/2012 1:00:11 PM | Computer Name = OWNER-AKF11BV1P | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.
Error - 08/06/2012 12:11:35 PM | Computer Name = OWNER-AKF11BV1P | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.
Error - 08/06/2012 4:08:40 PM | Computer Name = OWNER-AKF11BV1P | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.
Error - 11/06/2012 12:53:29 PM | Computer Name = OWNER-AKF11BV1P | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.
Error - 12/06/2012 8:40:02 AM | Computer Name = OWNER-AKF11BV1P | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.
Error - 12/06/2012 8:42:47 AM | Computer Name = OWNER-AKF11BV1P | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.
< End of report >
I hope this help you.
Picsou
-
Hello Five alive,
I realized few minutes ago, that my topic was not posted in the right forum. I re-posted it in the Malware removal forum. Sorry for the inconvenience.
Picsou
-
Note: This was posted to the wrong forum.
Hello,
2 weeks ago, when I was doing a transaction in my bank web site, I clicked on an advertisement in the bank web site. But instead of going to the Web page, I was redirected to a site advertising Panda Software Antivirus that looks not proper. I closed everything and called my bank technical support. The technician told me that when he was clicking on the advertisement, he was going to the proper page and that probably my Internet Explorer was infected.
1.The problem:
UrL in bank web page: when mouse scroll over advetisement:Final UrL after redirection:I ran my McAfee Antivirus Plus and and 1 trojans was detected and 3 Potentialy Unwanted programs:
I tested again the link and the problem was stil there.
2. MAM scan reports:
I scanned my computer with Malwarebytes Anti-malware and got the following reports:
Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.31.07Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Gilles :: OWNER-AKF11BV1P [administrator]31/05/2012 6:01:25 PMmbam-log-2012-05-31 (18-01-25).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 331701Time elapsed: 1 hour(s), 17 minute(s), 1 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 2HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\Software\Visicom Media (Adware.KeenValue) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 2HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)I tested again the advertisement and the redirection was still there.
3.SpyHunter scaN:
- Downloaded SpyHunter and scanned my computer:- see attached file: was unable to copy it.- It identified 4 threats and I fixed thembut the redirection was still there. Scan again with MAM but reports were empty. Nothing found.
4, After some additional research, found your forum and decided to ask for help.
I followed your instructions in topic "I'm infected- what do I do now" and I am sending to you the DDS.txt file and Attach.txt file.
DDS file
.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702Run by Gilles at 19:06:52 on 2012-06-08Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.383 [GMT -4:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled*.============== Running Processes ===============.C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXEC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Ahead\InCD\InCDsrv.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exeC:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEsvchost.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeD:\Program Files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\WINDOWS\system32\rundll32.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.lactualite.com/uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunchuInternet Settings,ProxyOverride = *.localuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120429230329.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - c:\program files\mystarttb\mystartDx.dllTB: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No FileTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dllTB: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - c:\program files\mystarttb\mystartDx.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exeuRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgroundmRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hidemRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEStartupFolder: c:\docume~1\gilles\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exeIE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dllTrusted Zone: gouv.qc.ca\www.registrefoncierDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261492779045DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268959760125DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://infolot.mrnf.gouv.qc.ca/ACGM/acgm.cabTCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{195DA4A8-BFF1-4173-9F08-100DA3E0C850} : DhcpNameServer = 192.168.0.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - c:\program files\impotrapide 2009\ic2009pp.dllHandler: intu-ir2011 - {DFF68B15-A8D3-420b-B32C-E9554E2F5C15} - c:\program files\impotrapide 2011\ic2011pp.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-13 464304]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-13 89792]R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-23 95200]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-13 214904]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-13 214904]R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-13 214904]R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-13 166288]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-13 161632]R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-13 151880]R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-6-2 763840]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-13 57600]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-13 180848]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-13 59456]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-13 340920]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-13 83856]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-4-6 133104]S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-6 133104]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-13 83856]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-13 87656].=============== Created Last 30 ================.2012-06-08 18:32:22 110080 ----a-r- c:\documents and settings\gilles\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconF7A21AF7.exe2012-06-08 18:32:22 110080 ----a-r- c:\documents and settings\gilles\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconD7F16134.exe2012-06-08 18:32:22 110080 ----a-r- c:\documents and settings\gilles\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconCF33A0CE.exe2012-06-08 18:32:02 -------- d-----w- C:\sh4ldr2012-06-08 18:32:02 -------- d-----w- c:\program files\Enigma Software Group2012-06-08 18:31:18 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP2012-06-08 18:31:06 -------- d-----w- c:\program files\common files\Wise Installation Wizard2012-05-31 21:56:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2012-05-31 21:55:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-05-24 18:54:53 -------- d-----w- c:\documents and settings\gilles\application data\PriceGong2012-05-24 18:38:17 -------- d-----w- c:\documents and settings\gilles\local settings\application data\Conduit2012-05-23 19:40:56 -------- d-----w- c:\program files\Conduit.==================== Find3M ====================.2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe2004-10-01 20:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe.============= FINISH: 19:09:06.56 ===============Attach.txt file:
.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume2Install Date: 21/12/2009 5:49:14 PMSystem Uptime: 08/06/2012 5:32:09 PM (2 hours ago).Motherboard: Intel Corporation | | D845EPT2Processor: Intel® Pentium® 4 CPU 1.80GHz | X1 | 1794/100mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 37 GiB total, 2.32 GiB free.D: is FIXED (NTFS) - 186 GiB total, 88.87 GiB free.E: is CDROM ()F: is CDROM ()G: is FIXED (NTFS) - 596 GiB total, 154.969 GiB free.H: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP679: 09/04/2012 9:30:06 PM - System CheckpointRP680: 10/04/2012 9:40:27 PM - System CheckpointRP681: 11/04/2012 3:01:11 AM - Software Distribution Service 3.0RP682: 12/04/2012 4:02:58 AM - System CheckpointRP683: 13/04/2012 4:06:16 AM - System CheckpointRP684: 14/04/2012 10:33:10 AM - System CheckpointRP685: 15/04/2012 11:23:06 AM - System CheckpointRP686: 16/04/2012 10:46:57 PM - System CheckpointRP687: 17/04/2012 11:21:06 PM - System CheckpointRP688: 19/04/2012 9:44:09 PM - System CheckpointRP689: 20/04/2012 10:43:33 PM - System CheckpointRP690: 22/04/2012 2:51:12 AM - System CheckpointRP691: 23/04/2012 3:24:12 AM - System CheckpointRP692: 24/04/2012 4:23:54 AM - System CheckpointRP693: 25/04/2012 5:23:50 AM - System CheckpointRP694: 26/04/2012 6:23:33 AM - System CheckpointRP695: 27/04/2012 7:23:32 AM - System CheckpointRP696: 29/04/2012 11:15:07 PM - System CheckpointRP697: 01/05/2012 9:41:40 PM - System CheckpointRP698: 02/05/2012 10:15:55 PM - System CheckpointRP699: 03/05/2012 10:36:25 PM - System CheckpointRP700: 07/05/2012 8:19:48 PM - System CheckpointRP701: 08/05/2012 8:29:17 PM - System CheckpointRP702: 09/05/2012 9:29:18 PM - System CheckpointRP703: 10/05/2012 3:01:38 AM - Software Distribution Service 3.0RP704: 11/05/2012 3:11:05 AM - System CheckpointRP705: 12/05/2012 3:20:04 AM - System CheckpointRP706: 13/05/2012 4:20:04 AM - System CheckpointRP707: 14/05/2012 9:07:05 AM - System CheckpointRP708: 15/05/2012 9:20:11 AM - System CheckpointRP709: 16/05/2012 10:20:04 AM - System CheckpointRP710: 17/05/2012 11:20:12 AM - System CheckpointRP711: 18/05/2012 12:19:37 PM - System CheckpointRP712: 19/05/2012 1:19:32 PM - System CheckpointRP713: 20/05/2012 2:19:30 PM - System CheckpointRP714: 21/05/2012 3:17:24 PM - System CheckpointRP715: 22/05/2012 3:00:40 AM - Software Distribution Service 3.0RP716: 22/05/2012 9:45:51 PM - Software Distribution Service 3.0RP717: 23/05/2012 3:00:27 AM - Software Distribution Service 3.0RP718: 24/05/2012 3:19:45 AM - System CheckpointRP719: 25/05/2012 4:19:25 AM - System CheckpointRP720: 26/05/2012 5:19:14 AM - System CheckpointRP721: 27/05/2012 6:19:16 AM - System CheckpointRP722: 28/05/2012 7:19:30 AM - System CheckpointRP723: 28/05/2012 9:32:01 PM - Installed MyFonts Order M3792118RP724: 29/05/2012 10:09:37 PM - System CheckpointRP725: 30/05/2012 10:19:15 PM - System CheckpointRP726: 31/05/2012 10:19:43 PM - System CheckpointRP727: 03/06/2012 5:16:32 PM - System CheckpointRP728: 04/06/2012 5:38:50 PM - System CheckpointRP729: 04/06/2012 11:36:54 PM - Software Distribution Service 3.0RP730: 06/06/2012 12:09:25 AM - System CheckpointRP731: 07/06/2012 12:10:11 AM - System CheckpointRP732: 08/06/2012 1:09:51 AM - System CheckpointRP733: 08/06/2012 2:32:00 PM - Installed SpyHunter.==== Installed Programs ======================.AceHTML FreewareAdobe Acrobat 5.0Adobe AIRAdobe Flash Player 11 ActiveXAdobe Photoshop 6.0Adobe Photoshop Elements 8.0Adobe Reader X (10.1.3)Anti-phishing Domain AdvisorApple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft PhotoStudio 6Ask ToolbarAVS Update Manager 1.0AVS4YOU Software Navigator 1.4BonjourCameraHelperMsiCanon MP Navigator EX 3.1Canon Utilities Solution MenuCanoScan 9000F Scanner DriverCanoScan Toolbox 4.1Coffret de pilotes Logitech Webcam SoftwareDell ResourceCDDriver DetectiveDVD SolutionerLTGoogle Toolbar for Internet ExplorerGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HP Deskjet 6500 SeriesImpôtRapide 2009ImpôtRapide 2010ImpôtRapide 2011InCDiTunesLightScribe 1.4.74.1Logitech Webcam SoftwareLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS Video Mask MakerLWS VideoEffectsLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.61.0.1400McAfee AntiVirus PlusMcAfee Security Scan PlusMicrosoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Combat Flight Simulator 3 Mission PackMicrosoft Combat Flight Simulator 3.1Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (French) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office OneNote MUI (French) 2007Microsoft Office PowerPoint MUI (French) 2007Microsoft Office Proof (Arabic) 2007Microsoft Office Proof (Dutch) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (German) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (French) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (French) 2007Microsoft Office Word MUI (French) 2007Microsoft Office XP Web ComponentsMicrosoft Picture It! Photo 2002Microsoft SilverlightMicrosoft Software Update for Web Folders (French) 12Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMultimedia LauncherMyFonts Order M3792118MyStart ToolbarNero 8Nero MediaHome CENero OEMNero Recode CENero ShowTime CEneroxmlNikon Message CenterNVIDIA Display DriverNVIDIA DriversOctoshape add-in for Adobe Flash PlayerOmniPage SEPhotoInPress BookDesignerPictureProjectPresto! PageManager 6QuickTimeRegCureSamsung_MonSetupSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596880) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2598041) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2596917) 32-Bit EditionSecurity Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player (KB979402)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371-v2)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB976325)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Skype ToolbarsSkype™ 5.1SoundMAXSpybot - Search & DestroySpyHunterSystem Requirements LabToolbar Cleaner 1.0Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB980182)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2718704)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VCRedistSetupWebFldrs XPWinampWinamp ToolbarWindows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 8Windows Media Format 11 runtimeWindows XP Service Pack 3.==== Event Viewer Messages From Past Week ========.08/06/2012 4:08:40 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.01/06/2012 1:38:07 PM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service..==== End Of File =========================== -
Hello,
2 weeks ago, when I was doing a transaction in my bank web site, I clicked on an advertisement in the bank web site. But instead of going to the Web page, I was redirected to a site advertising Panda Software Antivirus that looks not proper. I closed everything and called my bank technical support. The technician told me that when he was clicking on the advertisement, he was going to the proper page and that probably my Internet Explorer was infected.
1.The problem:
UrL in bank web page: when mouse scroll over advetisement:Final UrL after redirection:I ran my McAfee Antivirus Plus and and 1 trojans was detected and 3 Potentialy Unwanted programs:
I tested again the link and the problem was stil there.
2. MAM scan reports:
I scanned my computer with Malwarebytes Anti-malware and got the following reports:
Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.31.07Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Gilles :: OWNER-AKF11BV1P [administrator]31/05/2012 6:01:25 PMmbam-log-2012-05-31 (18-01-25).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 331701Time elapsed: 1 hour(s), 17 minute(s), 1 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 2HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.HKCU\Software\Visicom Media (Adware.KeenValue) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 2HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)I tested again the advertisement and the redirection was still there.
3.SpyHunter scaN:
- Downloaded SpyHunter and scanned my computer:- see attached file: was unable to copy it.- It identified 4 threats and I fixed thembut the redirection was still there. Scan again with MAM but reports were empty. Nothing found.
4, After some additional research, found your forum and decided to ask for help.
I followed your instructions in topic "I'm infected- what do I do now" and I am sending to you the DDS.txt file and Attach.txt file.
DDS file
.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 8.0.6001.18702Run by Gilles at 19:06:52 on 2012-06-08Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.383 [GMT -4:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled*.============== Running Processes ===============.C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXEC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Ahead\InCD\InCDsrv.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exeC:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exeC:\Program Files\Nikon\PictureProject\NkbMonitor.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEsvchost.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeD:\Program Files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\WINDOWS\system32\rundll32.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.lactualite.com/uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunchuInternet Settings,ProxyOverride = *.localuURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120429230329.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - c:\program files\mystarttb\mystartDx.dllTB: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No FileTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dllTB: MyStart Toolbar: {ccb24e92-62c4-4c53-95d2-65f9eed476bc} - c:\program files\mystarttb\mystartDx.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exeuRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgroundmRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exemRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hidemRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEStartupFolder: c:\docume~1\gilles\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exeIE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dllTrusted Zone: gouv.qc.ca\www.registrefoncierDPF: Microsoft XML Parser for Java -DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261492779045DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268959760125DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://infolot.mrnf.gouv.qc.ca/ACGM/acgm.cabTCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{195DA4A8-BFF1-4173-9F08-100DA3E0C850} : DhcpNameServer = 192.168.0.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: intu-ir2009 - {E4616804-F2F8-4839-B728-5305004DA6A7} - c:\program files\impotrapide 2009\ic2009pp.dllHandler: intu-ir2011 - {DFF68B15-A8D3-420b-B32C-E9554E2F5C15} - c:\program files\impotrapide 2011\ic2011pp.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-13 464304]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-13 89792]R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-23 95200]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-13 214904]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-13 214904]R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-4-13 214904]R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-13 166288]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-13 161632]R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-13 151880]R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-6-2 763840]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-13 57600]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-13 180848]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-13 59456]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-13 340920]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-13 83856]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-4-6 133104]S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-6 133104]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-13 83856]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-13 87656].=============== Created Last 30 ================.2012-06-08 18:32:22 110080 ----a-r- c:\documents and settings\gilles\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconF7A21AF7.exe2012-06-08 18:32:22 110080 ----a-r- c:\documents and settings\gilles\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconD7F16134.exe2012-06-08 18:32:22 110080 ----a-r- c:\documents and settings\gilles\application data\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconCF33A0CE.exe2012-06-08 18:32:02 -------- d-----w- C:\sh4ldr2012-06-08 18:32:02 -------- d-----w- c:\program files\Enigma Software Group2012-06-08 18:31:18 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP2012-06-08 18:31:06 -------- d-----w- c:\program files\common files\Wise Installation Wizard2012-05-31 21:56:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2012-05-31 21:55:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-05-24 18:54:53 -------- d-----w- c:\documents and settings\gilles\application data\PriceGong2012-05-24 18:38:17 -------- d-----w- c:\documents and settings\gilles\local settings\application data\Conduit2012-05-23 19:40:56 -------- d-----w- c:\program files\Conduit.==================== Find3M ====================.2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe2004-10-01 20:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe.============= FINISH: 19:09:06.56 ===============Attach.txt file:
.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume2Install Date: 21/12/2009 5:49:14 PMSystem Uptime: 08/06/2012 5:32:09 PM (2 hours ago).Motherboard: Intel Corporation | | D845EPT2Processor: Intel® Pentium® 4 CPU 1.80GHz | X1 | 1794/100mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 37 GiB total, 2.32 GiB free.D: is FIXED (NTFS) - 186 GiB total, 88.87 GiB free.E: is CDROM ()F: is CDROM ()G: is FIXED (NTFS) - 596 GiB total, 154.969 GiB free.H: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP679: 09/04/2012 9:30:06 PM - System CheckpointRP680: 10/04/2012 9:40:27 PM - System CheckpointRP681: 11/04/2012 3:01:11 AM - Software Distribution Service 3.0RP682: 12/04/2012 4:02:58 AM - System CheckpointRP683: 13/04/2012 4:06:16 AM - System CheckpointRP684: 14/04/2012 10:33:10 AM - System CheckpointRP685: 15/04/2012 11:23:06 AM - System CheckpointRP686: 16/04/2012 10:46:57 PM - System CheckpointRP687: 17/04/2012 11:21:06 PM - System CheckpointRP688: 19/04/2012 9:44:09 PM - System CheckpointRP689: 20/04/2012 10:43:33 PM - System CheckpointRP690: 22/04/2012 2:51:12 AM - System CheckpointRP691: 23/04/2012 3:24:12 AM - System CheckpointRP692: 24/04/2012 4:23:54 AM - System CheckpointRP693: 25/04/2012 5:23:50 AM - System CheckpointRP694: 26/04/2012 6:23:33 AM - System CheckpointRP695: 27/04/2012 7:23:32 AM - System CheckpointRP696: 29/04/2012 11:15:07 PM - System CheckpointRP697: 01/05/2012 9:41:40 PM - System CheckpointRP698: 02/05/2012 10:15:55 PM - System CheckpointRP699: 03/05/2012 10:36:25 PM - System CheckpointRP700: 07/05/2012 8:19:48 PM - System CheckpointRP701: 08/05/2012 8:29:17 PM - System CheckpointRP702: 09/05/2012 9:29:18 PM - System CheckpointRP703: 10/05/2012 3:01:38 AM - Software Distribution Service 3.0RP704: 11/05/2012 3:11:05 AM - System CheckpointRP705: 12/05/2012 3:20:04 AM - System CheckpointRP706: 13/05/2012 4:20:04 AM - System CheckpointRP707: 14/05/2012 9:07:05 AM - System CheckpointRP708: 15/05/2012 9:20:11 AM - System CheckpointRP709: 16/05/2012 10:20:04 AM - System CheckpointRP710: 17/05/2012 11:20:12 AM - System CheckpointRP711: 18/05/2012 12:19:37 PM - System CheckpointRP712: 19/05/2012 1:19:32 PM - System CheckpointRP713: 20/05/2012 2:19:30 PM - System CheckpointRP714: 21/05/2012 3:17:24 PM - System CheckpointRP715: 22/05/2012 3:00:40 AM - Software Distribution Service 3.0RP716: 22/05/2012 9:45:51 PM - Software Distribution Service 3.0RP717: 23/05/2012 3:00:27 AM - Software Distribution Service 3.0RP718: 24/05/2012 3:19:45 AM - System CheckpointRP719: 25/05/2012 4:19:25 AM - System CheckpointRP720: 26/05/2012 5:19:14 AM - System CheckpointRP721: 27/05/2012 6:19:16 AM - System CheckpointRP722: 28/05/2012 7:19:30 AM - System CheckpointRP723: 28/05/2012 9:32:01 PM - Installed MyFonts Order M3792118RP724: 29/05/2012 10:09:37 PM - System CheckpointRP725: 30/05/2012 10:19:15 PM - System CheckpointRP726: 31/05/2012 10:19:43 PM - System CheckpointRP727: 03/06/2012 5:16:32 PM - System CheckpointRP728: 04/06/2012 5:38:50 PM - System CheckpointRP729: 04/06/2012 11:36:54 PM - Software Distribution Service 3.0RP730: 06/06/2012 12:09:25 AM - System CheckpointRP731: 07/06/2012 12:10:11 AM - System CheckpointRP732: 08/06/2012 1:09:51 AM - System CheckpointRP733: 08/06/2012 2:32:00 PM - Installed SpyHunter.==== Installed Programs ======================.AceHTML FreewareAdobe Acrobat 5.0Adobe AIRAdobe Flash Player 11 ActiveXAdobe Photoshop 6.0Adobe Photoshop Elements 8.0Adobe Reader X (10.1.3)Anti-phishing Domain AdvisorApple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft PhotoStudio 6Ask ToolbarAVS Update Manager 1.0AVS4YOU Software Navigator 1.4BonjourCameraHelperMsiCanon MP Navigator EX 3.1Canon Utilities Solution MenuCanoScan 9000F Scanner DriverCanoScan Toolbox 4.1Coffret de pilotes Logitech Webcam SoftwareDell ResourceCDDriver DetectiveDVD SolutionerLTGoogle Toolbar for Internet ExplorerGoogle Update HelperHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HP Deskjet 6500 SeriesImpôtRapide 2009ImpôtRapide 2010ImpôtRapide 2011InCDiTunesLightScribe 1.4.74.1Logitech Webcam SoftwareLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS Video Mask MakerLWS VideoEffectsLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.61.0.1400McAfee AntiVirus PlusMcAfee Security Scan PlusMicrosoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Combat Flight Simulator 3 Mission PackMicrosoft Combat Flight Simulator 3.1Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (French) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office OneNote MUI (French) 2007Microsoft Office PowerPoint MUI (French) 2007Microsoft Office Proof (Arabic) 2007Microsoft Office Proof (Dutch) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (German) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (French) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (French) 2007Microsoft Office Word MUI (French) 2007Microsoft Office XP Web ComponentsMicrosoft Picture It! Photo 2002Microsoft SilverlightMicrosoft Software Update for Web Folders (French) 12Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMultimedia LauncherMyFonts Order M3792118MyStart ToolbarNero 8Nero MediaHome CENero OEMNero Recode CENero ShowTime CEneroxmlNikon Message CenterNVIDIA Display DriverNVIDIA DriversOctoshape add-in for Adobe Flash PlayerOmniPage SEPhotoInPress BookDesignerPictureProjectPresto! PageManager 6QuickTimeRegCureSamsung_MonSetupSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596880) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2598041) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2596917) 32-Bit EditionSecurity Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player (KB979402)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371-v2)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB976325)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Skype ToolbarsSkype™ 5.1SoundMAXSpybot - Search & DestroySpyHunterSystem Requirements LabToolbar Cleaner 1.0Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB980182)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2718704)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VCRedistSetupWebFldrs XPWinampWinamp ToolbarWindows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 8Windows Media Format 11 runtimeWindows XP Service Pack 3.==== Event Viewer Messages From Past Week ========.08/06/2012 4:08:40 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.01/06/2012 1:38:07 PM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service..==== End Of File ===========================
Redirection - Internet explorer ...
in Resolved Malware Removal Logs
Posted
Hello Maniac,
I did the test again and no redirection. Seems OK . Last question: How to uninstall the following tools or shoul I uninstall them:
- DDS
-aswMBR
- OTL
- TDSkiller
- Kaspersky
- MinitoolBox ?
Regards,
Picsou