Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Still got a keylogger?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Still got a keylogger?

Unread postby sweettears » July 29th, 2009, 2:02 am

Hi everybody, yesterday morning I got keylogged. Both my msn and b.net accounts were compromised and I had to go through a lot to get them back. Before I did however, I attempted to get rid of it. Spyware Doctor found one and since then I've been using another computer to access internet, can you check my HJT file to see if there's still one? Thanks a lot

Logfile of HijackThis v1.99.1
Scan saved at 01:52:21, on 2009-07-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Mes Documents\Program Files\iTunes\iTunesHelper.exe
C:\Users\Default\AppData\illegalpaste.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
H:\mes documents\program files\steam\steam.exe
C:\Documents and Settings\Some WOW addict\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
H:\Mes Documents\Program Files\iTunes\iTunes.exe
C:\Program Files\aMSN\bin\wish.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\aMSN\bin\wish.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 74.86.154.2 embedded.garena.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Mes Documents\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [illegalpaste.exe] C:\Users\Default\AppData\illegalpaste.exe
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [Steam] "h:\mes documents\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Some WOW addict\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1592687859
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
sweettears
Active Member
 
Posts: 7
Joined: July 29th, 2009, 1:55 am
Advertisement
Register to Remove

Re: Still got a keylogger?

Unread postby Katana » August 1st, 2009, 9:56 am

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Failure to reply within 5 days will result in the topic being closed.
  5. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly Image

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------



Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
    ( They can also be found in the C:\RSIT folder )

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • RSIT Logs
  • GMER Log
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Still got a keylogger?

Unread postby sweettears » August 1st, 2009, 7:33 pm

Thanks for taking care of my request :)

RSIT log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Some WOW addict at 2009-08-01 18:14:21
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 15 GB (41%) free of 35 GB
Total RAM: 3582 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:44, on 2009-08-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Mes Documents\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Some WOW addict\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Some WOW addict\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Some WOW addict.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 74.86.154.2 embedded.garena.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Mes Documents\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [illegalpaste.exe] C:\Users\Default\AppData\illegalpaste.exe
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [Steam] "h:\mes documents\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Some WOW addict\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1592687859
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11854 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [2005-03-18 98304]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-09-27 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=H:\Mes Documents\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"illegalpaste.exe"=C:\Users\Default\AppData\illegalpaste.exe []
"SDTray"=C:\Program Files\Spyware Doctor\SDTrayApp.exe [2007-05-17 810576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Steam"=h:\mes documents\program files\steam\steam.exe [2009-07-20 1217784]
"Octoshape Streaming Services"=C:\Documents and Settings\Some WOW addict\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009-01-08 70936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
C:\Program Files\RivaTuner v2.08\RivaTuner.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk]
C:\PROGRA~1\ASUSWI~1\RtWLan.exe [2006-06-16 987136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Some WOW addict\Menu Démarrer\Programmes\Démarrage
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe"="C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"E:\programme file\Steam\SteamApps\common\left 4 dead\left4dead.exe"="E:\programme file\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Tencent\QQ Games\QQGamesD.exe"="C:\Program Files\Tencent\QQ Games\QQGamesD.exe:*:Enabled:QQ Games Downloader"
"C:\Program Files\Tencent\QQ Games\Update\Update.exe"="C:\Program Files\Tencent\QQ Games\Update\Update.exe:*:Enabled:QQ Games Updater"
"C:\Program Files\Tencent\QQ Games\QQGames.exe"="C:\Program Files\Tencent\QQ Games\QQGames.exe:*:Enabled:QQ Games"
"E:\programme file\iTunes\iTunes.exe"="E:\programme file\iTunes\iTunes.exe:*:Enabled:iTunes"
"H:\Mes Documents\Program Files\iTunes\iTunes.exe"="H:\Mes Documents\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"H:\Mes Documents\Program Files\Steam\steamapps\common\call of duty 4\iw3sp.exe"="H:\Mes Documents\Program Files\Steam\steamapps\common\call of duty 4\iw3sp.exe:*:Enabled:Call of Duty 4: Modern Warfare"
"H:\Mes Documents\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe"="H:\Mes Documents\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe:*:Enabled:Call of Duty 4: Modern Warfare"
"H:\Mes Documents\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="H:\Mes Documents\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64b8d082-9e44-11dd-93c2-0018f363689d}]
shell\AutoRun\command - E:\LaunchU3.exe


======List of files/folders created in the last 1 months======

2009-08-01 18:14:22 ----D---- C:\Program Files\trend micro
2009-08-01 18:14:21 ----D---- C:\rsit
2009-07-29 01:51:51 ----D---- C:\Program Files\Hijackthis
2009-07-27 01:43:20 ----D---- C:\WINDOWS\ie8updates
2009-07-27 01:41:43 ----HDC---- C:\WINDOWS\ie8
2009-07-27 00:25:11 ----D---- C:\Users
2009-07-24 05:23:39 ----D---- C:\Documents and Settings\Some WOW addict\Application Data\Octoshape
2009-07-22 20:32:25 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-22 20:32:25 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-07-22 16:40:40 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-07-22 16:40:40 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2009-07-22 16:40:38 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-07-22 16:40:38 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-07-22 16:40:37 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-07-22 16:40:36 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-07-22 16:40:36 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-07-22 16:40:35 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-07-22 16:40:35 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-07-22 16:40:35 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-07-22 16:40:34 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-07-22 16:40:34 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-07-22 16:40:34 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-07-22 16:40:34 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-07-22 16:40:34 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-07-22 16:40:33 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-07-22 16:40:25 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-07-22 16:40:25 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-07-22 16:40:25 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-07-22 16:40:24 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-07-22 16:40:23 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-07-22 16:40:23 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-07-22 16:40:22 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-07-20 22:06:22 ----D---- C:\Program Files\iPod
2009-07-20 17:55:22 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-16 09:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 09:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 09:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 19:35:17 ----D---- C:\Program Files\ICCup
2009-07-12 17:11:59 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 17:10:27 ----D---- C:\Program Files\QuickTime
2009-07-12 16:30:02 ----D---- C:\Documents and Settings\Some WOW addict\Application Data\QQ Games Plugin
2009-07-12 16:26:46 ----D---- C:\Program Files\Tencent
2009-07-12 16:26:46 ----D---- C:\Documents and Settings\All Users\Application Data\Tencent
2009-07-12 16:26:08 ----A---- C:\WINDOWS\atid.ini
2009-07-12 16:23:04 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads

======List of files/folders modified in the last 1 months======

2009-08-01 18:14:33 ----D---- C:\WINDOWS\Prefetch
2009-08-01 18:14:22 ----RD---- C:\Program Files
2009-08-01 18:11:50 ----D---- C:\WINDOWS\Temp
2009-08-01 18:10:05 ----D---- C:\WINDOWS\system32\drivers
2009-08-01 18:09:39 ----D---- C:\Program Files\Mozilla Firefox
2009-08-01 18:08:50 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-01 10:11:37 ----D---- C:\Documents and Settings\Some WOW addict\Application Data\uTorrent
2009-07-31 13:07:05 ----D---- C:\Program Files\Starcraft
2009-07-31 03:00:23 ----SHD---- C:\WINDOWS\Installer
2009-07-30 21:01:11 ----D---- C:\WINDOWS
2009-07-30 20:36:37 ----D---- C:\Documents and Settings\Some WOW addict\Application Data\Hamachi
2009-07-30 20:36:24 ----D---- C:\Program Files\Warcraft III
2009-07-30 20:17:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-30 03:15:33 ----D---- C:\WINDOWS\system32
2009-07-30 03:14:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-30 03:01:04 ----HD---- C:\WINDOWS\inf
2009-07-30 03:00:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-30 03:00:56 ----D---- C:\Program Files\Internet Explorer
2009-07-30 03:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-30 03:00:21 ----D---- C:\WINDOWS\WinSxS
2009-07-30 01:36:00 ----D---- C:\WINDOWS\Debug
2009-07-30 01:35:59 ----D---- C:\WINDOWS\Minidump
2009-07-30 01:04:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-28 21:04:02 ----D---- C:\Documents and Settings\Some WOW addict\Application Data\U3
2009-07-28 16:34:15 ----D---- C:\Program Files\Spyware Doctor
2009-07-27 02:50:48 ----D---- C:\WINDOWS\system32\fr-fr
2009-07-27 02:50:47 ----D---- C:\WINDOWS\Media
2009-07-27 02:50:47 ----D---- C:\WINDOWS\Help
2009-07-24 06:24:13 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2009-07-24 05:23:40 ----D---- C:\Documents and Settings\Some WOW addict\Application Data\Mozilla
2009-07-22 16:40:41 ----D---- C:\WINDOWS\system32\DirectX
2009-07-22 16:40:33 ----RSD---- C:\WINDOWS\assembly
2009-07-20 22:06:21 ----D---- C:\Program Files\Fichiers communs\Apple
2009-07-19 18:45:00 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 09:15:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-16 09:14:01 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-13 15:53:41 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-07-12 17:12:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-12 16:28:49 ----D---- C:\Program Files\AIM6
2009-07-12 16:24:44 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-07-07 11:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-06 13:12:57 ----D---- C:\WINDOWS\system32\Restore
2009-07-03 12:57:51 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-03 12:57:51 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-03 12:57:50 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 12:57:46 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 12:57:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 12:57:46 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 12:57:46 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 12:57:44 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 12:57:41 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 07:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 IKFileFlt;File Filter Driver; C:\WINDOWS\system32\drivers\ikfileflt.sys [2007-04-19 39248]
R1 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-04-19 52304]
R1 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-04-19 59984]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-04-19 83536]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-03-22 109568]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-09-28 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2008-05-23 21035]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 CxLPT;Logitech QuickCam VC; C:\WINDOWS\system32\drivers\CxLPT.sys [1999-04-09 21840]
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-09-01 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-09-08 247296]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-30 94080]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-05-23 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-09-28 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-28 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 aa486mwl;aa486mwl; C:\WINDOWS\system32\drivers\aa486mwl.sys []
S3 Asushwio;Asushwio; \??\C:\WINDOWS\System32\drivers\Asushwio.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-08 22016]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2004-10-08 585824]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [2006-06-16 176128]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-05-23 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-03-30 143360]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-02-07 20543]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-03-30 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-03-30 65599]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-22 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-31 189104]
R2 sdAuxService;Spyware Doctor Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe [2007-05-17 708176]
R2 sdCoreService;Spyware Doctor Service; C:\Program Files\Spyware Doctor\swdsvc.exe [2007-05-17 1302608]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-11 655624]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-27 355584]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

-----------------EOF-----------------


RSIT info.txt:
info.txt logfile of random's system information tool 1.06 2009-08-01 18:14:47

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games-->C:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x040c -removeonly
aMSN 0.97.2-->C:\Program Files\aMSN\uninstall.exe
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ASUS WiFi-AP Solo-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty 4: Modern Warfare-->"H:\Mes Documents\Program Files\Steam\steam.exe" steam://uninstall/7940
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Counter-Strike: Source-->"H:\Mes Documents\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dual-Core Optimizer-->MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}
DyynoPlayer 0.8.6f.2-->C:\Program Files\Dyyno\Dyyno Player\uninstall.exe
EVEREST Ultimate Edition v4.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Free Audio Dub version 1.4-->"E:\programme file\Free Audio Dub\unins000.exe"
Free Music Zilla-->"E:\programme file\Free Music Zilla\unins000.exe"
Free Video to Flash Converter version 4.1-->"C:\Program Files\DVDVideoSoft\Free Video to Flash Converter\unins000.exe"
Free Video to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to iPod Converter\unins000.exe"
Free YouTube to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"E:\programme file\Free YouTube to Mp3 Converter\unins000.exe"
Garena-->C:\Program Files\Garena\uninst.exe
GOM Player-->"H:\Mes Documents\Program Files\GomPlayer\Uninstall.exe"
Half-Life 2: Episode One-->"H:\Mes Documents\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"H:\Mes Documents\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2-->"H:\Mes Documents\Program Files\Steam\steam.exe" steam://uninstall/220
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
ICCup Launcher-->"C:\Program Files\ICCup\Launcher\unins000.exe"
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Insurgency-->"H:\Mes Documents\Program Files\Steam\steam.exe" steam://uninstall/17700
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LaserJet 1020 series-->C:\Program Files\Zenographics\{1B47A01F-0CF0-478F-BF05-C7776B5CDD03}\setup.exe -u "HPLJInstaller.dll=Hpl_1020.inf"
Left 4 Dead-->"H:\Mes Documents\Program Files\Steam\steam.exe" steam://uninstall/500
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG2 Codec(libmpeg2/mad)-->"C:\Program Files\GNU\MPEG2\Uninstall.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036
OrderReminder HP LaserJet 1020-->"C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1020
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_1F9DE4E49C97F59EE9F75C34E0E91E568FC9EEB2\amdk8.inf
PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
Portal-->"H:\Mes Documents\Program Files\Steam\steam.exe" steam://uninstall/400
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QQ Games-->C:\Program Files\Tencent\QQ Games\Uninstall.EXE
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Rosetta Stone Version 3-->MsiExec.exe /X{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly
Spyware Doctor 5.0-->C:\Program Files\Spyware Doctor\unins000.exe
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"H:\Mes Documents\Program Files\Steam\steam.exe" steam://uninstall/440
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Uninstall 1.0.0.1-->"C:\Program Files\Fichiers communs\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

74.86.154.2 embedded.garena.com

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090801-0]
FW: ActiveArmor Firewall

======System event log======

Computer Name: MAX
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

Record Number: 6717
Source Name: Service Control Manager
Time Written: 20090603065720.000000-240
Event Type: Informations
User:

Computer Name: MAX
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 6716
Source Name: Service Control Manager
Time Written: 20090603065720.000000-240
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: MAX
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

Record Number: 6715
Source Name: Service Control Manager
Time Written: 20090603065720.000000-240
Event Type: Informations
User:

Computer Name: MAX
Event Code: 9
Message: RegisterTscDrift()

Node[ 0 ] Core[ 1 ] Cpu[ 1 ] Affinity[ 0x2 ]

Thread registered succesfully: SamplingRate(ms)[ 1000 ]

Record Number: 6714
Source Name: AmdLLD
Time Written: 20090603065643.000000-240
Event Type: Informations
User:

Computer Name: MAX
Event Code: 9
Message: RegisterTscDrift()

Node[ 0 ] Core[ 0 ] Cpu[ 0 ] Affinity[ 0x1 ]

Thread registered succesfully: SamplingRate(ms)[ 1000 ]

Record Number: 6713
Source Name: AmdLLD
Time Written: 20090603065643.000000-240
Event Type: Informations
User:

=====Application event log=====

Computer Name: MAX
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 8764
Source Name: SecurityCenter
Time Written: 20090720154548.000000-240
Event Type: Informations
User:

Computer Name: MAX
Event Code: 0
Message:
Record Number: 8763
Source Name: Viewpoint Manager Service
Time Written: 20090720154540.000000-240
Event Type: Informations
User:

Computer Name: MAX
Event Code: 1
Message:
Record Number: 8762
Source Name: Bonjour Service
Time Written: 20090720154518.000000-240
Event Type: Informations
User:

Computer Name: MAX
Event Code: 1002
Message: Application bloquée firefox.exe, version 1.9.0.3439, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Record Number: 8761
Source Name: Application Hang
Time Written: 20090718014514.000000-240
Event Type: erreur
User:

Computer Name: MAX
Event Code: 1000
Message: Application défaillante starcraft.exe, version 1.16.1.1, module défaillant , version 0.0.0.0, adresse de défaillance 0x00000000.

Record Number: 8760
Source Name: Application Error
Time Written: 20090717124523.000000-240
Event Type: erreur
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
sweettears
Active Member
 
Posts: 7
Joined: July 29th, 2009, 1:55 am

Re: Still got a keylogger?

Unread postby sweettears » August 1st, 2009, 7:35 pm

GMER log (no rookit activity was found at the beggining, so I went on Rookit/Malware and followed the procedure you gave me):

GMER 1.0.15.15011 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-01 19:30:51
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB72C96B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB72C9574]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xB754E8A2]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xB754EE88]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xB755114C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB72C9A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB72C914C]
SSDT spou.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spou.sys ZwEnumerateValueKey [0xF74F6030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB72C964E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB72C908C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB72C90F0]
SSDT spou.sys ZwQueryKey [0xF74F6108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB72C976E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB72C972E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB72C98AE]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0xB754DDB4]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xB754D420]

INT 0x62 ? 8A492BF8
INT 0x63 ? 8A492BF8
INT 0x73 ? 8A492BF8
INT 0x73 ? 8A492BF8
INT 0x73 ? 8A492BF8
INT 0x83 ? 8A495BF8
INT 0xB4 ? 8A492BF8
INT 0xB4 ? 8A492BF8
INT 0xB4 ? 89DAAD68
INT 0xB4 ? 8A492BF8

---- Kernel code sections - GMER 1.0.15 ----

.text TUKERNEL.EXE!ZwYieldExecution + 13B 804E4FFC 8 Bytes CALL 6ED70755
? spou.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload B9A9662C 5 Bytes JMP 89DAA348
.text aa486mwl.SYS B9879384 1 Byte [20]
.text aa486mwl.SYS B9879384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text aa486mwl.SYS B98793AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text aa486mwl.SYS B98793C4 3 Bytes [00, 00, 00]
.text aa486mwl.SYS B98793C9 1 Byte [00]
.text ...
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Some WOW addict\Bureau\gmer.exe[192] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Some WOW addict\Bureau\gmer.exe[192] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Some WOW addict\Bureau\gmer.exe[192] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Some WOW addict\Bureau\gmer.exe[192] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[204] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[204] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\alg.exe[204] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[204] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe[376] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe[376] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe[376] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\LVCOMSX.EXE[392] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\LVCOMSX.EXE[392] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\LVCOMSX.EXE[392] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[400] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[400] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[400] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[456] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[456] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[456] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[464] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[464] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[464] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[476] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[476] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[476] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text H:\Mes Documents\Program Files\iTunes\iTunesHelper.exe[512] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text H:\Mes Documents\Program Files\iTunes\iTunesHelper.exe[512] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text H:\Mes Documents\Program Files\iTunes\iTunesHelper.exe[512] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[596] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[596] kernel32.dll!CreateThread + 1A 7C810661 4 Bytes CALL 00449AFD C:\Program Files\Spyware Doctor\SDTrayApp.exe (Spyware Doctor Tray/PC Tools)
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[596] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[596] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[644] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[644] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[644] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[864] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[864] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[864] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[888] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[888] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[888] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[932] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[932] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[944] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[944] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Messenger\msmsgs.exe[1100] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Messenger\msmsgs.exe[1100] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Messenger\msmsgs.exe[1100] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1260] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1260] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Some WOW addict\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Some WOW addict\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[1336] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Some WOW addict\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[1336] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1364] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1364] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1556] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1556] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1556] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1556] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1620] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1620] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1620] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1728] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1728] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1824] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1824] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2052] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2052] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2052] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2256] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2256] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2256] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[2320] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[2320] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[2320] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2396] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2396] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe[2396] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2424] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2424] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[2424] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2592] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2592] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2592] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2592] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2604] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2604] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe[2604] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2676] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2676] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2676] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\PnkBstrA.exe[2712] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\PnkBstrA.exe[2712] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\PnkBstrA.exe[2712] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\PnkBstrB.exe[2724] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\PnkBstrB.exe[2724] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\PnkBstrB.exe[2724] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\svcntaux.exe[2912] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\svcntaux.exe[2912] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\svcntaux.exe[2912] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\swdsvc.exe[3016] kernel32.dll!CreateThread + 1A 7C810661 4 Bytes CALL 0046A51D C:\Program Files\Spyware Doctor\swdsvc.exe (Spyware Doctor Service/PC Tools)
.text C:\WINDOWS\System32\svchost.exe[3164] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[3164] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[3164] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3184] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3184] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3184] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3184] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3192] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3192] kernel32.dll!FreeLibrary + 15 7C80AC03 4 Bytes CALL 7170003D
.text C:\Program Files\iPod\bin\iPodService.exe[3192] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3192] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3216] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3216] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3216] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[3280] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[3280] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe[3280] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3488] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3488] USER32.dll!SetWindowsHookExW 7E3ADDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3488] USER32.dll!SetWindowsHookExA 7E3B11D1 6 Bytes JMP 5F040F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spou.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spou.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spou.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spou.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spou.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E8048] spou.sys
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[HAL.dll!KfRaiseIrql] 1879CE14
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[HAL.dll!KfLowerIrql] 3248ED2B
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[HAL.dll!HalGetInterruptVector] 3C43E022
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[HAL.dll!READ_PORT_USHORT] F017AD88
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC
IAT \SystemRoot\System32\Drivers\aa486mwl.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5011F8

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs ikfileflt.sys (PCTools Research Pty Ltd.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip NVTcp.sys (NVIDIA Networking Protocol Driver./NVIDIA Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 89D86500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5031F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5031F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5031F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5031F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A5215246-A96A-40C2-BD13-82772D7A3AC7} 88F511F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4931F8
Device \Driver\PCI_PNP6860 \Device\00000058 spou.sys
Device \Driver\PCI_PNP6860 \Device\00000058 spou.sys
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4931F8
Device \Driver\Cdrom \Device\CdRom0 89CD3500
Device \Driver\Cdrom \Device\CdRom1 89CD3500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A4921F8
Device \Driver\atapi \Device\Ide\IdePort0 8A4921F8
Device \Driver\atapi \Device\Ide\IdePort1 8A4921F8
Device \Driver\atapi \Device\Ide\IdePort2 8A4921F8
Device \Driver\atapi \Device\Ide\IdePort3 8A4921F8
Device \Driver\atapi \Device\Ide\IdePort4 8A4921F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 8A4921F8
Device \Driver\atapi \Device\Ide\IdePort5 8A4921F8
Device \Driver\atapi \Device\Ide\IdePort6 8A4921F8
Device \Driver\atapi \Device\Ide\IdePort7 8A4921F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 8A4921F8
Device \Driver\Cdrom \Device\CdRom2 89CD3500
Device \Driver\NetBT \Device\NetBt_Wins_Export 88F511F8
Device \Driver\NetBT \Device\NetbiosSmb 88F511F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{88A05311-5934-4E4F-B512-A2BE40FA1C25} 88F511F8
Device \Driver\sptd \Device\2492074360 spou.sys

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 89D86500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88F131F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88F131F8
Device \Driver\Ftdisk \Device\FtControl 8A4931F8
Device \Driver\aa486mwl \Device\Scsi\aa486mwl1Port9Path0Target1Lun0 89E5D500
Device \Driver\aa486mwl \Device\Scsi\aa486mwl1Port9Path0Target0Lun0 89E5D500
Device \Driver\SI3132 \Device\Scsi\SI31321 8A5021F8
Device \Driver\aa486mwl \Device\Scsi\aa486mwl1 89E5D500
Device \FileSystem\Cdfs \Cdfs 89E65500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x95 0x54 0x6B 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x62 0xF5 0x03 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD3 0xCA 0xF7 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x90 0xB3 0xFC 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x46 0xC1 0x83 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x33 0xA9 0x6B 0xDC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x95 0x54 0x6B 0xE3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x62 0xF5 0x03 0x1F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD3 0xCA 0xF7 0xFC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x90 0xB3 0xFC 0xEB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x46 0xC1 0x83 0x89 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x33 0xA9 0x6B 0xDC ...

---- EOF - GMER 1.0.15 ----
sweettears
Active Member
 
Posts: 7
Joined: July 29th, 2009, 1:55 am

Re: Still got a keylogger?

Unread postby Katana » August 2nd, 2009, 5:03 am

Information

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

uTorrent

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

I will be removing all related files during the cleaning of your machine


----------------------------------------------------------------------------------------
Step 1


OTMoveIt
Please download OTM by OldTimer and save it to your desktop
  • Double-click OTM.exe to run it.
  • Copy the lines in the codebox below. ( Make sure you include :Processes )
Code: Select all
:Processes
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"illegalpaste.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"=-
:Files
C:\Program Files\uTorrent
C:\Users\Default\AppData\illegalpaste.exe
:Commands
[EmptyTemp]

  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • - Close ALL open windows (especially Internet Explorer!)-
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

----------------------------------------------------------------------------------------
Step 2

Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O1 - Hosts: 74.86.154.2 embedded.garena.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [illegalpaste.exe] C:\Users\Default\AppData\illegalpaste.exe

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

----------------------------------------------------------------------------------------
Step 3

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If requested, please reboot
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------------------------------------
Step 4

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • OTMoveIt log
  • MalwareBytes Log
  • Kaspersky Log
  • How are things running now ?



---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) . ( don't install it yet )
  • Scroll down to where it says "Java SE Runtime Environment (JRE)".
  • Click the "Download" button to the right.
    • Platform = Windows
    • Language = Multi Language
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

Remove Programs

Older versions of some programs have vulnerabilities that malware can use to infect your system.

Now click Start---Control Panel. Double click Add or Remove Programs.
If any of the following programs are still listed there, click on the program to highlight it, and click on remove.
  • Adobe Reader 7.1.0 - Français

    Java(TM) 6 Update 2
    Java(TM) 6 Update 5
Now close the Control Panel.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Still got a keylogger?

Unread postby sweettears » August 2nd, 2009, 6:50 pm

ok, removed adobe/the 2 java and installed JRE. I'll get foxit later I need to go somewhere very soon :P

HJT fix: 2/4 files weren't removed and I think I know what they are (01 - Hosts: etc. was an indirected host I used to bypass the ads on Garena however I barely use it anymore so I deleted it as asked and 04 - HKLM...OrderReminder.exe was an application that came on the install CD of my printer, never thought I could remove it without removing the entire process for the printer heh)


Edit: How are things running now?
Well they never really changed, I mean it never got slow or bad at some point, only my passwords were compromised. Ever since I took some actions (before coming here, running AVG/Spyware Dr, manually checking HJT and stuff like that nothing changed. Ever since I didn't have any issue with my passwords).

However (completly unrelated I suppose) sometimes when I go through my hard drive to find some stuff there are some times where it slows down (as in it's not instant, takes like 1-2 seconds). It's not that annoying but is there something I can do to at least limit the effect or amount of times it'll do it?


OTM Log:
All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\illegalpaste.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe not found.
========== FILES ==========
File/Folder C:\Program Files\uTorrent not found.
File/Folder C:\Users\Default\AppData\illegalpaste.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 115616 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 523886 bytes

User: Some WOW addict
File delete failed. C:\Documents and Settings\Some WOW addict\Local Settings\Temp\Perflib_Perfdata_628.dat scheduled to be deleted on reboot.
->Temp folder emptied: 623588 bytes
->Temporary Internet Files folder emptied: 3934554 bytes
->Java cache emptied: 129904 bytes
->FireFox cache emptied: 61133739 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\NV19201924.TMP folder deleted successfully.
%systemroot% .tmp files removed: 109568 bytes
%systemroot%\System32 .tmp files removed: 2833408 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_760.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 1395266 bytes
RecycleBin emptied: 982915083 bytes

Total Files Cleaned = 1004,96 mb


OTM by OldTimer - Version 3.0.0.5 log created on 08022009_063827

Files moved on Reboot...
File C:\Documents and Settings\Some WOW addict\Local Settings\Temp\Perflib_Perfdata_628.dat not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_760.dat not found!

Registry entries deleted on Reboot...
Last edited by sweettears on August 2nd, 2009, 7:26 pm, edited 1 time in total.
sweettears
Active Member
 
Posts: 7
Joined: July 29th, 2009, 1:55 am

Re: Still got a keylogger?

Unread postby sweettears » August 2nd, 2009, 6:51 pm

MBAM Log:

Malwarebytes' Anti-Malware 1.39
Database version: 2546
Windows 5.1.2600 Service Pack 2

2009-08-02 07:23:09
mbam-log-2009-08-02 (07-23-09).txt

Scan type: Full Scan (C:\|H:\|)
Objects scanned: 227757
Time elapsed: 35 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{051fce9f-406b-458e-ba02-da91102bdb04}\RP50\A0007142.exe (Malware.Tool) -> Quarantined and deleted successfully.

Kapersky Log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, August 2, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, August 02, 2009 13:47:52
Records in database: 2575063
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 129330
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:04:21

No malware has been detected. The scan area is clean.

The selected area was scanned.
sweettears
Active Member
 
Posts: 7
Joined: July 29th, 2009, 1:55 am

Re: Still got a keylogger?

Unread postby Katana » August 3rd, 2009, 5:37 am

You can restore the hosts entry if you like.

However (completly unrelated I suppose) sometimes when I go through my hard drive to find some stuff there are some times where it slows down (as in it's not instant, takes like 1-2 seconds). It's not that annoying but is there something I can do to at least limit the effect or amount of times it'll do it?

The only thing I can suggest for that is do a disc cleanup and then DeFragment the drive.


  1. Click on Start > All Programs > Accessories > System Tools > Disk Cleanup.
  2. Select C drive and click OK.
  3. Put a "Tick" in all the available boxes
  4. Select the More Options tab.
  5. Under System Restore, click on Clean up....
  6. You will be prompted. Click Yes.
  7. When done, click OK.
  8. You will be prompted again. Press Yes to confirm.
  9. When done, Disk Cleanup will close automatically.


----------------------------------------------------------------------------------------
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up

OTCleanup
Please download OTCleanup from HERE
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt


You can also delete any logs we have produced, and empty your Recycle bin.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partne ... bscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Still got a keylogger?

Unread postby sweettears » August 3rd, 2009, 12:12 pm

In terms of Anti-Spyware I currently have Ad-Aware and Spyware Doctor, should I remove one (or both) and install the ones you recommended?

Thank you so much for helping me :) I'll definitly be more wary of which sites I visit and lay low on the downloading :bom:
sweettears
Active Member
 
Posts: 7
Joined: July 29th, 2009, 1:55 am

Re: Still got a keylogger?

Unread postby Katana » August 3rd, 2009, 2:37 pm

sweettears wrote:In terms of Anti-Spyware I currently have Ad-Aware and Spyware Doctor, should I remove one (or both) and install the ones you recommended?


In my opinion, MalwareBytes is far superior to either of those.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Still got a keylogger?

Unread postby Gary R » August 4th, 2009, 2:53 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware