Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

SPAM

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

SPAM

Unread postby sarah33500 » March 18th, 2010, 3:32 pm

Hi there,

I use Outlook to manage my two email accounts (orange.fr and hotmail.com). Since setting this up a couple of months ago, I have noticed two things:
1. An increase in spam not being caught by my junk mail filters and which all appear to come from my own address: (address removed - Admin)
2. Hotmail accounts refuse my emails for the following reason:

<dreenexmachina@hotmail.com>: host mx2.hotmail.com[65.54.188.126] said: 550
SC-004 Mail rejected by Windows Live Hotmail for policy reasons. A block
has been placed against your IP address because we have received complaints
concerning mail coming from that IP address. If you are not an
email/network admin please contact your E-mail/Internet Service Provider
for help. Email/network admins, we recommend enrolling in our Junk E-Mail
Reporting Program (JMRP), a free program intended to help senders remove
unwanted recipients from their e-mail list: http://postmaster.live.com (in
reply to MAIL FROM command)

I have run Malwarebytes Anti-Malware and Spybot in Safe Mode and they have come up clean, so I am not sure if there is a problem or if I am just unlucky. In any event, I would be grateful if someone could give me advice. My Uninstall List and Hijack This log are below.

Many thanks guys,
Sarah

Uninstall List

ABBYY FineReader 5.0 Sprint
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Apple Mobile Device Support
Apple Software Update
Archiveur WinRAR
Ask Toolbar
ASUS ATK0100 ACPI UTILITY
ASUS InstantFun
Atheros Client Installation Program
ATI - Utilitaire de désinstallation du logiciel
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
ATK Hotkey
ATK Media
ATKOSD2
AudibleManager
avast! Free Antivirus
Bluetooth Stack for Windows by Toshiba
CA Yahoo! Anti-Spy (remove only)
CCleaner
CDBurnerXP
Combined Community Codec Pack 2008-09-21 16:18
Compatibility Pack for the 2007 Office system
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB952287)
Correctif pour Windows XP (KB961118)
Correctif pour Windows XP (KB970653-v3)
Correctif pour Windows XP (KB976098-v2)
Correctif pour Windows XP (KB979306)
Dell AIO Printer A920
DiMAGE Viewer
FaxTools
ffdshow (remove only)
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
HP Photosmart Essential
Jasc Paint Shop Pro 9
Java(TM) 6 Update 13
Lecteur Windows Media 11
Logitech QuickCam
Loki Browser Plugin
Ma-Config.com
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)
Mise à jour de sécurité pour Windows XP (KB923561)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952004)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB954211)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB954600)
Mise à jour de sécurité pour Windows XP (KB955069)
Mise à jour de sécurité pour Windows XP (KB956391)
Mise à jour de sécurité pour Windows XP (KB956572)
Mise à jour de sécurité pour Windows XP (KB956744)
Mise à jour de sécurité pour Windows XP (KB956802)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956841)
Mise à jour de sécurité pour Windows XP (KB956844)
Mise à jour de sécurité pour Windows XP (KB957095)
Mise à jour de sécurité pour Windows XP (KB957097)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour de sécurité pour Windows XP (KB958687)
Mise à jour de sécurité pour Windows XP (KB958690)
Mise à jour de sécurité pour Windows XP (KB958869)
Mise à jour de sécurité pour Windows XP (KB959426)
Mise à jour de sécurité pour Windows XP (KB960225)
Mise à jour de sécurité pour Windows XP (KB960715)
Mise à jour de sécurité pour Windows XP (KB960803)
Mise à jour de sécurité pour Windows XP (KB960859)
Mise à jour de sécurité pour Windows XP (KB961371)
Mise à jour de sécurité pour Windows XP (KB961373)
Mise à jour de sécurité pour Windows XP (KB961501)
Mise à jour de sécurité pour Windows XP (KB968537)
Mise à jour de sécurité pour Windows XP (KB969059)
Mise à jour de sécurité pour Windows XP (KB969898)
Mise à jour de sécurité pour Windows XP (KB969947)
Mise à jour de sécurité pour Windows XP (KB970238)
Mise à jour de sécurité pour Windows XP (KB970430)
Mise à jour de sécurité pour Windows XP (KB971468)
Mise à jour de sécurité pour Windows XP (KB971486)
Mise à jour de sécurité pour Windows XP (KB971557)
Mise à jour de sécurité pour Windows XP (KB971633)
Mise à jour de sécurité pour Windows XP (KB971657)
Mise à jour de sécurité pour Windows XP (KB972270)
Mise à jour de sécurité pour Windows XP (KB973346)
Mise à jour de sécurité pour Windows XP (KB973354)
Mise à jour de sécurité pour Windows XP (KB973507)
Mise à jour de sécurité pour Windows XP (KB973525)
Mise à jour de sécurité pour Windows XP (KB973869)
Mise à jour de sécurité pour Windows XP (KB973904)
Mise à jour de sécurité pour Windows XP (KB974112)
Mise à jour de sécurité pour Windows XP (KB974318)
Mise à jour de sécurité pour Windows XP (KB974392)
Mise à jour de sécurité pour Windows XP (KB974571)
Mise à jour de sécurité pour Windows XP (KB975025)
Mise à jour de sécurité pour Windows XP (KB975467)
Mise à jour de sécurité pour Windows XP (KB975560)
Mise à jour de sécurité pour Windows XP (KB975561)
Mise à jour de sécurité pour Windows XP (KB975713)
Mise à jour de sécurité pour Windows XP (KB977165)
Mise à jour de sécurité pour Windows XP (KB977914)
Mise à jour de sécurité pour Windows XP (KB978037)
Mise à jour de sécurité pour Windows XP (KB978251)
Mise à jour de sécurité pour Windows XP (KB978262)
Mise à jour de sécurité pour Windows XP (KB978706)
Mise à jour pour Windows Internet Explorer 8 (KB975364)
Mise à jour pour Windows Internet Explorer 8 (KB976662)
Mise à jour pour Windows XP (KB951978)
Mise à jour pour Windows XP (KB955759)
Mise à jour pour Windows XP (KB955839)
Mise à jour pour Windows XP (KB961503)
Mise à jour pour Windows XP (KB967715)
Mise à jour pour Windows XP (KB968389)
Mise à jour pour Windows XP (KB971737)
Mise à jour pour Windows XP (KB973687)
Mise à jour pour Windows XP (KB973815)
Module de compatibilité pour Microsoft Office System 2007
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.6)
MSVCRT
MVision
Notification Mail
OGA Notifier 2.0.0048.0
Online Armor 3.0
Orange Plug-in messagerie vocale 888
OrangeInstaller version 1.0.0.0
Outil de mise à jour Google
Programme de gestion Camera de Logitech®
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Secunia PSI
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Search 4 - KB963093
Segoe UI
Skype web features
Skype™ 4.1
Spybot - Search & Destroy
SpywareBlaster 4.2
Synaptics Pointing Device Driver
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
USB2.0 Card Reader Software
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
Windows 7 Upgrade Advisor
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Wireless Console 2
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
ZEN Media Explorer
ZENcast Organizer


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:25, on 13/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Documents and Settings\Wright\Bureau\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search/?q=%s
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Dictionary.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://logicielsgratuits.orange.fr
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pe ... stscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fich ... _1_0_2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\System32\acs.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13565 bytes
sarah33500
Regular Member
 
Posts: 21
Joined: March 24th, 2009, 10:30 am
Advertisement
Register to Remove

Re: SPAM

Unread postby askey127 » March 22nd, 2010, 12:42 pm

Hi sarah3500,
First, we are going to remove some programs.
You can re-install Spybot S&D after we are done. Please don't re-install the others.
During removal, if Spybot asks whether you want to remove all settings, answer YES.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Ask Toolbar
CA Yahoo! Anti-Spy (remove only)
Java(TM) 6 Update 13
Spybot - Search & Destroy
Uniblue RegistryBooster 2009
Uniblue RegistryBooster 2009

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
------------------------------------------------------------
Download the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
It is currently the 1st item on the page (the page changes often), called JDK 6 Update 18
The Item has two download buttons.
Click on the button labeled "Download JRE". Do NOT choose the button labeled "Download JDK"
.
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
-----------------------------------------------------
Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.

So we are looking for the kaspersky report.
Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: SPAM

Unread postby sarah33500 » March 22nd, 2010, 5:23 pm

Hi there,

Followed all instructions, up until Kapersky. Unfortunately, the Online Scan is currently unavailable. However, they offer free trial of new Anti-virus package, so I downloaded it and ran a full scan. Not sure of the layout and which report you need to look at (if any). I have saved everything in text form, but it doesn't read very easily. If you want to have a look at it let me know, or if there is an alternative, let me know.

Thanks for you help so far,
Sarah
sarah33500
Regular Member
 
Posts: 21
Joined: March 24th, 2009, 10:30 am

Re: SPAM

Unread postby askey127 » March 22nd, 2010, 5:45 pm

If you have run that scan, please copy the entire report and post it as a reply here.
The system does not like two antivirus apps installed at once, however.
We will take care of that soon.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: SPAM

Unread postby sarah33500 » March 23rd, 2010, 2:49 am

Morning,

Here is the entire log. Am aware that system not enamoured of 2 anti virus at the one time, but didn't know what else to do..planned on uninstalling Kapersky again once you gave me the go ahead. Hope you can make sense of below!
Many thanks,
Sarah

Date: Today (events: 818)
My Protection (events: 193)
22/03/2010 22:11:42 Detected: http://www.viruslist.com/en/advisories/36627 Kaspersky Anti-Virus C:\Program Files\QuickTime\QuickTimePlayer.exe
22/03/2010 22:11:41 Detected: http://www.viruslist.com/en/advisories/38547 Kaspersky Anti-Virus C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR.dll
22/03/2010 22:11:41 Detected: http://www.viruslist.com/en/advisories/38551 Kaspersky Anti-Virus C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
22/03/2010 22:10:32 Detected: http://www.viruslist.com/en/advisories/36627 Kaspersky Anti-Virus C:\Program Files\QuickTime\QuickTimePlayer.exe
22/03/2010 22:10:32 Detected: http://www.viruslist.com/en/advisories/38547 Kaspersky Anti-Virus C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR.dll
22/03/2010 22:10:32 Detected: http://www.viruslist.com/en/advisories/38551 Kaspersky Anti-Virus C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
22/03/2010 22:09:24 Detected: http://www.viruslist.com/en/advisories/36627 Kaspersky Anti-Virus C:\Program Files\QuickTime\QuickTimePlayer.exe
22/03/2010 22:09:23 Detected: http://www.viruslist.com/en/advisories/38547 Kaspersky Anti-Virus C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR.dll
22/03/2010 22:09:21 Detected: http://www.viruslist.com/en/advisories/38551 Kaspersky Anti-Virus C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
22/03/2010 21:58:47 Absent Microsoft Internet Explorer: allow signed ActiveX elements download
22/03/2010 21:58:47 Absent Microsoft Internet Explorer: allow signed ActiveX elements download
22/03/2010 21:58:47 Absent Microsoft Internet Explorer - address bar disabled
22/03/2010 21:58:47 Absent Microsoft Internet Explorer - address bar disabled
22/03/2010 21:58:47 Absent Microsoft Internet Explorer - reset start page
22/03/2010 21:58:47 Absent Microsoft Internet Explorer - reset start page
22/03/2010 21:58:47 Absent Microsoft Internet Explorer - "View HTML code" option is blocked
22/03/2010 21:58:47 Absent Microsoft Internet Explorer - "View HTML code" option is blocked
22/03/2010 21:58:47 Absent Microsoft Internet Explorer - "Save as..." dialog is blocked
22/03/2010 21:58:47 Absent Microsoft Internet Explorer - "Save as..." dialog is blocked
22/03/2010 21:58:47 Absent Windows Explorer - show extensions of known file types
22/03/2010 21:58:47 Absent Windows Explorer - show extensions of known file types
22/03/2010 21:58:47 Absent Microsoft Internet Explorer: enable cache autocleanup on browser closing
22/03/2010 21:58:46 Absent Microsoft Internet Explorer: enable cache autocleanup on browser closing
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - clear list of pop-up blocker exceptions
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - clear list of pop-up blocker exceptions
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - clear list of trusted sites
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - clear list of trusted sites
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - settings blocked
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - settings blocked
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - remove all Cookies
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - remove all Cookies
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - homepage setup blocked
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - homepage setup blocked
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - disable sending error reports
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - disable sending error reports
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - disable caching data received via protected channel
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - disable caching data received via protected channel
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - browser settings access is blocked
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - browser settings access is blocked
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - context menu is blocked
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - context menu is blocked
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - navigation buttons are blocked
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - navigation buttons are blocked
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - closing window is blocked
22/03/2010 21:58:46 Absent Microsoft Internet Explorer - closing window is blocked
22/03/2010 21:58:46 Absent Microsoft Internet Explorer: delete non-standard header
22/03/2010 21:58:46 Absent Microsoft Internet Explorer: delete non-standard header
22/03/2010 21:58:46 Absent Microsoft Internet Explorer: clear history of typed URLs
22/03/2010 21:58:46 Absent Microsoft Internet Explorer: clear history of typed URLs
22/03/2010 21:58:46 Absent Protocol prefixes are modified
22/03/2010 21:58:45 Absent Protocol prefixes are modified
22/03/2010 21:58:45 Absent Microsoft Internet Explorer - running programs and files in IFRAME window is allowed
22/03/2010 21:58:45 Absent Microsoft Internet Explorer - running programs and files in IFRAME window is allowed
22/03/2010 21:58:45 Absent Microsoft Internet Explorer - automatic queries of ActiveX operating elements are allowed
22/03/2010 21:58:45 Absent Microsoft Internet Explorer - automatic queries of ActiveX operating elements are allowed
22/03/2010 21:58:45 Absent Microsoft Internet Explorer -unsigned ActiveX elements are allowed
22/03/2010 21:58:45 Absent Microsoft Internet Explorer -unsigned ActiveX elements are allowed
22/03/2010 21:58:45 Absent Microsoft Internet Explorer - allow signed ActiveX elements download without prompting user
22/03/2010 21:58:45 Absent Microsoft Internet Explorer - allow signed ActiveX elements download without prompting user
22/03/2010 21:58:45 Absent Microsoft Internet Explorer - ActiveX, not marked as safe, are allowed
22/03/2010 21:58:45 Absent Microsoft Internet Explorer - ActiveX, not marked as safe, are allowed
22/03/2010 21:58:45 Absent [?? - AVZ1636]
22/03/2010 21:58:45 Absent [?? - AVZ1636]
22/03/2010 21:58:45 Absent [?? - AVZ1636]
22/03/2010 21:58:45 Absent [?? - AVZ1636]
22/03/2010 21:58:45 Absent Windows Update is disabled
22/03/2010 21:58:45 Absent Windows Update is disabled
22/03/2010 21:58:45 Absent Disable removable media autorun
22/03/2010 21:58:45 Absent Disable removable media autorun
22/03/2010 21:58:45 Absent Disable CD/DVD autorun
22/03/2010 21:58:45 Absent Disable CD/DVD autorun
22/03/2010 21:58:45 Absent Disable autorun from network drives
22/03/2010 21:58:45 Absent Disable autorun from network drives
22/03/2010 21:58:45 Absent Disable HDD autorun
22/03/2010 21:58:45 Absent Disable HDD autorun
22/03/2010 21:58:45 Absent Help and Support menu item blocked
22/03/2010 21:58:44 Absent Help and Support menu item blocked
22/03/2010 21:58:44 Absent Access to Task Bar and Start menu properties blocked
22/03/2010 21:58:44 Absent Access to Task Bar and Start menu properties blocked
22/03/2010 21:58:44 Absent Timeout of "Not Responding" verdict for processes is out of admissible values
22/03/2010 21:58:44 Absent Timeout of "Not Responding" verdict for processes is out of admissible values
22/03/2010 21:58:44 Absent Explorer - folder properties access blocked
22/03/2010 21:58:44 Absent Explorer - folder properties access blocked
22/03/2010 21:58:44 Absent Desktop: "My computer" icon blocked
22/03/2010 21:58:44 Absent Desktop: "My computer" icon blocked
22/03/2010 21:58:44 Absent Command line interface (cmd.exe) is blocked
22/03/2010 21:58:44 Absent Command line interface (cmd.exe) is blocked
22/03/2010 21:58:44 Absent Service termination timeout is out of admissible values
22/03/2010 21:58:44 Absent Service termination timeout is out of admissible values
22/03/2010 21:58:44 Absent Process termination timeout is out of admissible values
22/03/2010 21:58:44 Absent Process termination timeout is out of admissible values
22/03/2010 21:58:44 Absent Disable limited applications startup mode
22/03/2010 21:58:44 Absent Disable limited applications startup mode
22/03/2010 21:58:44 Absent Displaying printers blocked
22/03/2010 21:58:44 Absent Displaying printers blocked
22/03/2010 21:58:44 Absent Elements of Start menu blocked
22/03/2010 21:58:44 Absent Elements of Start menu blocked
22/03/2010 21:58:44 Absent Automatic update settings blocked
22/03/2010 21:58:44 Absent Automatic update settings blocked
22/03/2010 21:58:44 Absent Access to network settings blocked
22/03/2010 21:58:44 Absent Access to network settings blocked
22/03/2010 21:58:44 Absent Access to printer settings blocked
22/03/2010 21:58:44 Absent Access to printer settings blocked
22/03/2010 21:58:44 Absent Displaying subfolders in Start menu disabled
22/03/2010 21:58:44 Absent Displaying subfolders in Start menu disabled
22/03/2010 21:58:44 Absent Microsoft Internet Explorer - settings blocked
22/03/2010 21:58:44 Absent Microsoft Internet Explorer - settings blocked
22/03/2010 21:58:44 Absent Connecting and disconnecting network drives blocked
22/03/2010 21:58:44 Absent Connecting and disconnecting network drives blocked
22/03/2010 21:58:44 Absent System Restore settings blocked
22/03/2010 21:58:44 Absent System Restore settings blocked
22/03/2010 21:58:44 Absent Windows Update settings blocked
22/03/2010 21:58:43 Absent Windows Update settings blocked
22/03/2010 21:58:43 Absent Microsoft Internet Explorer - homepage setup blocked
22/03/2010 21:58:43 Absent Microsoft Internet Explorer - homepage setup blocked
22/03/2010 21:58:43 Absent Considerable delay before opening menu (more than 1 second)
22/03/2010 21:58:43 Absent Considerable delay before opening menu (more than 1 second)
22/03/2010 21:58:43 Absent Appearance tab blocked in screen properties
22/03/2010 21:58:43 Absent Appearance tab blocked in screen properties
22/03/2010 21:58:43 Absent Parameters tab blocked in screen properties
22/03/2010 21:58:43 Absent Parameters tab blocked in screen properties
22/03/2010 21:58:43 Absent Screensaver tab blocked in screen properties
22/03/2010 21:58:43 Absent Screensaver tab blocked in screen properties
22/03/2010 21:58:43 Absent Desktop tab blocked in screen properties
22/03/2010 21:58:43 Absent Desktop tab blocked in screen properties
22/03/2010 21:58:43 Absent System process debugger detected
22/03/2010 21:58:43 Absent System process debugger detected
22/03/2010 21:58:43 Absent Displaying tray icons is blocked
22/03/2010 21:58:43 Absent Displaying tray icons is blocked
22/03/2010 21:58:43 Absent Changing screen properties is blocked
22/03/2010 21:58:43 Absent Changing screen properties is blocked
22/03/2010 21:58:43 Absent Start -> Run menu is blocked
22/03/2010 21:58:43 Absent Start -> Run menu is blocked
22/03/2010 21:58:43 Absent Start -> Search menu is blocked
22/03/2010 21:58:43 Absent Start -> Search menu is blocked
22/03/2010 21:58:43 Absent Start button context menu is disabled
22/03/2010 21:58:43 Absent Start button context menu is disabled
22/03/2010 21:58:43 Absent Task Panel context menu is disabled
22/03/2010 21:58:43 Absent Task Panel context menu is disabled
22/03/2010 21:58:43 Absent Boot-up message is enabled and defined
22/03/2010 21:58:43 Absent Boot-up message is enabled and defined
22/03/2010 21:58:43 Absent My Computer - Administration menu item is blocked
22/03/2010 21:58:43 Absent My Computer - Administration menu item is blocked
22/03/2010 21:58:43 Absent Possibility to end session is blocked
22/03/2010 21:58:43 Absent Possibility to end session is blocked
22/03/2010 21:58:43 Absent Windows Explorer - network neighborhood access is blocked
22/03/2010 21:58:43 Absent Windows Explorer - network neighborhood access is blocked
22/03/2010 21:58:43 Absent Windows Explorer - closing windows is blocked
22/03/2010 21:58:43 Absent Windows Explorer - closing windows is blocked
22/03/2010 21:58:43 Absent Microsoft Internet Explorer - running programs and files in IFRAME window is allowed
22/03/2010 21:58:43 Absent Microsoft Internet Explorer - running programs and files in IFRAME window is allowed
22/03/2010 21:58:43 Absent Microsoft Internet Explorer - automatic queries of ActiveX operating elements are allowed
22/03/2010 21:58:43 Absent Microsoft Internet Explorer - automatic queries of ActiveX operating elements are allowed
22/03/2010 21:58:43 Absent Microsoft Internet Explorer -unsigned ActiveX elements are allowed
22/03/2010 21:58:42 Absent Microsoft Internet Explorer -unsigned ActiveX elements are allowed
22/03/2010 21:58:42 Absent Microsoft Internet Explorer - allow signed ActiveX elements download without prompting user
22/03/2010 21:58:42 Absent Microsoft Internet Explorer - allow signed ActiveX elements download without prompting user
22/03/2010 21:58:42 Absent Microsoft Internet Explorer - ActiveX, not marked as safe, are allowed
22/03/2010 21:58:42 Absent Microsoft Internet Explorer - ActiveX, not marked as safe, are allowed
22/03/2010 21:58:42 Absent Protocol prefixes are modified
22/03/2010 21:58:42 Absent Protocol prefixes are modified
22/03/2010 21:58:42 Absent Windows Explorer startup key is modified
22/03/2010 21:58:42 Absent Windows Explorer startup key is modified
22/03/2010 21:58:42 Absent Hiding all desktop elements is enabled
22/03/2010 21:58:42 Absent Hiding all desktop elements is enabled
22/03/2010 21:58:42 Absent Limited displaying drives in My Computer
22/03/2010 21:58:42 Absent Limited displaying drives in My Computer
22/03/2010 21:58:42 Absent Block: Control Panel
22/03/2010 21:58:42 Absent Block: Control Panel
22/03/2010 21:58:42 Absent Task Manager substitution
22/03/2010 21:58:42 Absent Task Manager substitution
22/03/2010 21:58:42 Absent Block: Task Manager
22/03/2010 21:58:42 Absent Block: Task Manager
22/03/2010 21:58:42 Absent Block: Registry Editor
22/03/2010 21:58:42 Absent Block: Registry Editor
22/03/2010 21:58:42 Absent Abnormal REG files association
22/03/2010 21:58:42 Absent Abnormal REG files association
22/03/2010 21:58:42 Absent Abnormal SCR files association
22/03/2010 21:58:42 Absent Abnormal SCR files association
22/03/2010 21:58:42 Absent Abnormal LNK files association
22/03/2010 21:58:42 Absent Abnormal LNK files association
22/03/2010 21:58:42 Absent Abnormal BAT files association
22/03/2010 21:58:41 Absent Abnormal BAT files association
22/03/2010 21:58:41 Absent Abnormal PIF files association
22/03/2010 21:58:41 Absent Abnormal PIF files association
22/03/2010 21:58:41 Absent Abnormal COM files association
22/03/2010 21:58:41 Absent Abnormal COM files association
22/03/2010 21:58:41 Absent Abnormal EXE files association
22/03/2010 21:58:41 Absent Abnormal EXE files association
22/03/2010 20:47:15 Detected: http://www.viruslist.com/en/advisories/38547 Kaspersky Anti-Virus C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR.dll
22/03/2010 20:47:09 Detected: http://www.viruslist.com/en/advisories/38551 Kaspersky Anti-Virus C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
22/03/2010 20:19:30 Databases are obsolete Kaspersky Anti-Virus
22/03/2010 20:19:22 Your computer is protected Kaspersky Anti-Virus
File Anti-Virus (events: 125)
22/03/2010 20:19:18 Task started Kaspersky Anti-Virus File Anti-Virus
22/03/2010 20:32:52 Packed: PE_Patch System C:\WINDOWS\system32\DRIVERS\kmixer.sys
22/03/2010 20:38:22 Packed: Swf2Swc Firefox C:\Documents and Settings\Wright\Local Settings\Application Data\Mozilla\Firefox\Profiles\ctn8nqqz.default\Cache\DA7847E8d01
22/03/2010 20:38:26 Packed: Swf2Swc Firefox C:\Documents and Settings\Wright\Local Settings\Application Data\Mozilla\Firefox\Profiles\ctn8nqqz.default\Cache\971F945Cd01
22/03/2010 20:38:28 Packed: Swf2Swc Firefox C:\Documents and Settings\Wright\Local Settings\Application Data\Mozilla\Firefox\Profiles\ctn8nqqz.default\Cache\2B70A7EFd01
22/03/2010 20:39:26 Packed: Swf2Swc Firefox C:\Documents and Settings\Wright\Local Settings\Application Data\Mozilla\Firefox\Profiles\ctn8nqqz.default\Cache\6893D98Ad01
22/03/2010 20:44:54 Packed: PE_Patch.PECompact CCleaner C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GoogleDesktopSetup.exe
22/03/2010 20:44:54 Packed: PecBundle CCleaner C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GoogleDesktopSetup.exe/PE_Patch.PECompact
22/03/2010 20:44:55 Packed: PECompact CCleaner C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GoogleDesktopSetup.exe/PE_Patch.PECompact/PecBundle
22/03/2010 20:44:57 Packed: PE_Patch.UPX CCleaner C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
22/03/2010 20:44:57 Packed: UPX CCleaner C:\Program Files\Trend Micro\HijackThis\HijackThis.exe/PE_Patch.UPX
22/03/2010 21:58:41 OK Client Server Runtime Process C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.5512.Policy The object was not changed
22/03/2010 21:58:41 OK Client Server Runtime Process C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83.Manifest The object was not changed
22/03/2010 21:58:41 OK Verify Class ID C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf The object was not changed
22/03/2010 21:58:41 OK Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE The object was not changed
22/03/2010 21:58:41 OK Verify Class ID C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll The object was not changed
22/03/2010 21:58:41 OK Verify Class ID C:\WINDOWS\Registration\R00000000000b.clb The object was not changed
22/03/2010 21:58:41 OK Verify Class ID C:\WINDOWS\WindowsShell.Manifest The object was not changed
22/03/2010 21:58:44 OK Generic Host Process for Win32 Services C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf The object was not changed
22/03/2010 21:59:01 OK avast! Service C:\WINDOWS\Installer\72cd4e.msi The object was not changed
22/03/2010 21:59:23 OK LSA Shell (Export Version) C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred The object was not changed
22/03/2010 21:59:28 OK Google Desktop C:\Documents and Settings\Wright\Local Settings\Temporary Internet Files\Content.IE5\EW59W1B9\query[6].xml
22/03/2010 22:00:00 OK avast! Service C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\avast5.ini The object was not changed
22/03/2010 22:00:01 OK avast! Service C:\Program Files\ALWIL SOFTWARE\AVAST5\Setup\setup.ini The object was not changed
22/03/2010 22:00:31 OK avast! Service C:\WINDOWS\Installer\251e44.msi The object was not changed
22/03/2010 22:00:57 OK System C:\WINDOWS\system32\DRIVERS\kmixer.sys The object was not changed
22/03/2010 22:00:58 OK System C:\WINDOWS\AppPatch\drvmain.sdb The object was not changed
22/03/2010 22:00:58 OK Skype C:\WINDOWS\system32\DRIVERS\RtkHDAud.Sys The object was not changed
22/03/2010 22:01:00 OK Generic Host Process for Win32 Services C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job The object was not changed
22/03/2010 22:01:00 OK Generic Host Process for Win32 Services C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_8fa5102b-e76e-489d-bf09-023bdb32e1b4 The object was not changed
22/03/2010 22:01:00 OK Generic Host Process for Win32 Services C:\Program Files\Ask.com\UpdateTask.exe The object was not changed
22/03/2010 22:01:00 OK UpdateTask.exe C:\WINDOWS\Prefetch\UPDATETASK.EXE-2A136EDB.pf The object was not changed
22/03/2010 22:01:00 OK UpdateTask.exe C:\Documents and Settings\Wright\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 The object was not changed
22/03/2010 22:01:00 OK UpdateTask.exe C:\Documents and Settings\Wright\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 The object was not changed
22/03/2010 22:01:00 OK UpdateTask.exe C:\Documents and Settings\Wright\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 The object was not changed
22/03/2010 22:01:00 OK UpdateTask.exe C:\Documents and Settings\Wright\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 The object was not changed
22/03/2010 22:01:01 OK UpdateTask.exe C:\Program Files\Ask.com\SaUpdate.exe The object was not changed
22/03/2010 22:01:02 OK SaUpdate.exe C:\WINDOWS\Prefetch\SAUPDATE.EXE-2FAD0BC2.pf The object was not changed
22/03/2010 22:01:04 Not processed Generic Host Process for Win32 Services C:\WINDOWS\Prefetch\UPDATETASK.EXE-2A136EDB.pf By type
22/03/2010 22:01:05 OK Generic Host Process for Win32 Services C:\WINDOWS\Prefetch\SAUPDATE.EXE-2FAD0BC2.pf The object was not changed
22/03/2010 22:01:08 Not processed Generic Host Process for Win32 Services C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job By type
22/03/2010 22:02:28 OK Google Desktop C:\Documents and Settings\Wright\Local Settings\Temporary Internet Files\Content.IE5\PKSH9UHG\query[7].xml
22/03/2010 22:03:01 OK avast! Service C:\WINDOWS\Installer\233e4d.msi The object was not changed
22/03/2010 22:03:47 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\deploy.jar Object was not changed (iSwift 3)
22/03/2010 22:03:49 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\ext\dnsns.jar Object was not changed (iSwift 3)
22/03/2010 22:03:49 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\ext\localedata.jar Object was not changed (iSwift 3)
22/03/2010 22:03:49 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\fontconfig.bfc Object was not changed (iSwift 3)
22/03/2010 22:03:49 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\fonts\LucidaBrightDemiBold.ttf Object was not changed (iSwift 3)
22/03/2010 22:03:50 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\fonts\LucidaBrightDemiItalic.ttf Object was not changed (iSwift 3)
22/03/2010 22:03:50 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\fonts\LucidaBrightItalic.ttf Object was not changed (iSwift 3)
22/03/2010 22:03:51 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\fonts\LucidaBrightRegular.ttf Object was not changed (iSwift 3)
22/03/2010 22:03:51 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\fonts\LucidaSansDemiBold.ttf Object was not changed (iSwift 3)
22/03/2010 22:03:51 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\fonts\LucidaSansRegular.ttf Object was not changed (iSwift 3)
22/03/2010 22:03:51 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\fonts\LucidaTypewriterBold.ttf Object was not changed (iSwift 3)
22/03/2010 22:03:51 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\fonts\LucidaTypewriterRegular.ttf Object was not changed (iSwift 3)
22/03/2010 22:03:52 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\javaws.jar Object was not changed (iSwift 3)
22/03/2010 22:03:52 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\jsse.jar Object was not changed (iSwift 3)
22/03/2010 22:03:52 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\logging.properties The object was not changed
22/03/2010 22:03:52 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\meta-index The object was not changed
22/03/2010 22:03:52 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\net.properties The object was not changed
22/03/2010 22:03:52 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\plugin.jar Object was not changed (iSwift 3)
22/03/2010 22:03:53 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\resources.jar Object was not changed (iSwift 3)
22/03/2010 22:03:54 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\rt.jar Object was not changed (iSwift 3)
22/03/2010 22:04:01 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\security\blacklist The object was not changed
22/03/2010 22:04:01 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\security\java.policy The object was not changed
22/03/2010 22:04:01 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\security\java.security Object was not changed (iSwift 3)
22/03/2010 22:04:01 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\security\javaws.policy The object was not changed
22/03/2010 22:04:01 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\tzmappings The object was not changed
22/03/2010 22:04:01 OK Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\lib\zi\GMT The object was not changed
22/03/2010 22:05:01 OK avast! Service C:\WINDOWS\Installer\19bf42.msi Object was not changed (iSwift 3)
22/03/2010 22:05:28 OK Google Desktop C:\Documents and Settings\Wright\Local Settings\Temporary Internet Files\Content.IE5\4P16WRIP\query[7].xml
22/03/2010 22:06:39 Not processed avast! Service C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\log\usntr.log By type
22/03/2010 22:07:31 OK avast! Service C:\WINDOWS\Installer\169fde.msi The object was not changed
22/03/2010 22:08:27 OK Google Desktop C:\Documents and Settings\Wright\Local Settings\Temporary Internet Files\Content.IE5\8ZT1F863\query[8].xml
22/03/2010 22:08:39 Not processed Verify Class ID C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf By type
22/03/2010 22:08:39 OK Verify Class ID C:\WINDOWS\system32\mstask.dll The object was not changed
22/03/2010 22:08:41 Not processed Generic Host Process for Win32 Services C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf By type
22/03/2010 22:09:10 OK avast! Service C:\Documents and Settings\Wright\Application Data\Skype\shared.tmp
22/03/2010 22:09:10 OK avast! Service C:\Documents and Settings\Wright\Application Data\Skype\shared.xml The object was not changed
22/03/2010 22:09:23 OK LSA Shell (Export Version) C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred The object was not changed
22/03/2010 22:09:31 OK avast! Service C:\WINDOWS\Installer\1051d7f9.msi The object was not changed
22/03/2010 22:10:01 OK avast! Service C:\Program Files\MSECache\OLC\OLC.msi The object was not changed
22/03/2010 22:11:27 OK Google Desktop C:\Documents and Settings\Wright\Local Settings\Temporary Internet Files\Content.IE5\EW59W1B9\query[7].xml
22/03/2010 22:12:18 OK Client Server Runtime Process C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.3053.policy The object was not changed
22/03/2010 22:12:18 OK Client Server Runtime Process C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.4053.policy The object was not changed
22/03/2010 22:12:18 OK Client Server Runtime Process C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca.manifest The object was not changed
22/03/2010 22:12:18 OK Client Server Runtime Process C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd.manifest The object was not changed
22/03/2010 22:12:22 OK Generic Host Process for Win32 Services C:\WINDOWS\system32\sti.dll The object was not changed
22/03/2010 22:12:25 OK Explorateur Windows C:\Documents and Settings\All Users\Application Data\desktop.ini The object was not changed
22/03/2010 22:12:25 OK Explorateur Windows C:\Documents and Settings\All Users\Documents\desktop.ini The object was not changed
22/03/2010 22:12:25 OK Explorateur Windows C:\Documents and Settings\All Users\Documents\Mes images\Desktop.ini The object was not changed
22/03/2010 22:12:25 OK Explorateur Windows C:\Documents and Settings\All Users\Documents\Ma musique\Desktop.ini The object was not changed
22/03/2010 22:12:25 OK Explorateur Windows C:\Documents and Settings\All Users\Documents\Mes vidéos\Desktop.ini The object was not changed
22/03/2010 22:12:25 OK Explorateur Windows C:\Documents and Settings\Wright\Recent\Kapersky.lnk
22/03/2010 22:12:25 OK GrooveMonitor Utility C:\Documents and Settings\Wright\Recent\Kapersky.lnk
22/03/2010 22:12:25 OK GrooveMonitor Utility C:\WINDOWS\system32\LINKINFO.dll The object was not changed
22/03/2010 22:12:25 OK Explorateur Windows C:\Documents and Settings\Wright\Local Settings\Historique\History.IE5\MSHist012010032220100323\index.dat Object was not changed (iSwift 3)
22/03/2010 22:12:25 OK GrooveMonitor Utility C:\WINDOWS\system32\ntshrui.dll The object was not changed
22/03/2010 22:12:26 OK Microsoft Windows Search Indexer C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE The object was not changed
22/03/2010 22:12:26 OK Microsoft Windows Search Protocol Host C:\WINDOWS\Prefetch\SEARCHPROTOCOLHOST.EXE-1460F5CC.pf The object was not changed
22/03/2010 22:12:26 OK Microsoft Windows Search Protocol Host C:\WINDOWS\system32\msshooks.dll The object was not changed
22/03/2010 22:12:26 OK Microsoft Windows Search Protocol Host C:\WINDOWS\WindowsShell.Manifest The object was not changed
22/03/2010 22:12:26 OK Microsoft Windows Search Protocol Host C:\WINDOWS\system32\UncPH.dll The object was not changed
22/03/2010 22:12:26 OK Microsoft Windows Search Protocol Host C:\WINDOWS\system32\fr-fr\ieframe.dll.mui The object was not changed
22/03/2010 22:12:26 OK Microsoft Windows Search Protocol Host C:\WINDOWS\system32\msfeeds.dll The object was not changed
22/03/2010 22:12:27 OK Microsoft Windows Search Protocol Host C:\Program Files\MICROSOFT OFFICE\OFFICE12\ONFILTER.DLL The object was not changed
22/03/2010 22:12:27 OK Microsoft Windows Search Indexer C:\WINDOWS\system32\SEARCHFILTERHOST.EXE The object was not changed
22/03/2010 22:12:27 OK Microsoft Windows Search Filter Host C:\WINDOWS\Prefetch\SEARCHFILTERHOST.EXE-1FEC9DD2.pf The object was not changed
22/03/2010 22:12:27 Not processed Microsoft Windows Search Protocol Host C:\Documents and Settings\Wright\Mes documents\Kapersky.txt By type
22/03/2010 22:12:27 OK Microsoft Windows Search Filter Host C:\WINDOWS\system32\mssitlb.dll The object was not changed
22/03/2010 22:12:31 OK Microsoft Windows Search Indexer C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001 The object was not changed
22/03/2010 22:12:31 OK Microsoft Windows Search Indexer C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002 The object was not changed
22/03/2010 22:12:32 Not processed Microsoft Windows Search Indexer C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir By type
22/03/2010 22:12:32 Not processed Microsoft Windows Search Indexer C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci By type
22/03/2010 22:12:32 Not processed Microsoft Windows Search Indexer C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.dir By type
22/03/2010 22:12:32 Not processed Microsoft Windows Search Indexer C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci By type
22/03/2010 22:12:38 OK Generic Host Process for Win32 Services C:\WINDOWS\Prefetch\SEARCHPROTOCOLHOST.EXE-1460F5CC.pf The object was not changed
22/03/2010 22:12:38 OK Generic Host Process for Win32 Services C:\WINDOWS\Prefetch\SEARCHFILTERHOST.EXE-1FEC9DD2.pf The object was not changed
22/03/2010 22:12:40 OK GrooveMonitor Utility C:\Documents and Settings\Wright\Recent\Kapersky1.lnk
22/03/2010 22:12:40 OK Explorateur Windows C:\Documents and Settings\Wright\Recent\Kapersky1.lnk Object was not changed (iChecker)
22/03/2010 22:12:41 Not processed Microsoft Windows Search Protocol Host C:\Documents and Settings\Wright\Mes documents\Kapersky1.txt By type
22/03/2010 22:12:43 Not processed Microsoft Windows Search Indexer C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.dir By type
22/03/2010 22:12:43 Not processed Microsoft Windows Search Indexer C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci By type
22/03/2010 22:12:49 OK Application d'ouverture de session Windows NT C:\WINDOWS\Media\Windows XP Exclamation.wav The object was not changed
22/03/2010 22:12:49 OK System C:\WINDOWS\system32\DRIVERS\kmixer.sys The object was not changed
Mail Anti-Virus (events: 1)
22/03/2010 20:19:18 Task started Kaspersky Anti-Virus Mail Anti-Virus
Web Anti-Virus (events: 21)
22/03/2010 20:19:18 Task started Kaspersky Anti-Virus Web Anti-Virus
22/03/2010 20:38:20 Packed: Swf2Swc Firefox http://aka-cdn-ns.adtech.de/apps/250/Ad ... express.fr
22/03/2010 20:38:25 Packed: Swf2Swc Firefox http://s0.2mdn.net/1009773/Internationa ... nsbusiness
22/03/2010 20:38:26 Packed: Swf2Swc Firefox http://aka-cdn-ns.adtech.de/apps/250/Ad ... express.fr
22/03/2010 20:39:25 Packed: Swf2Swc Firefox http://swf.docstoc.com/swf/DSViewer.2.1.78.swf
22/03/2010 20:39:29 Packed: Swf2Swc Firefox http://i.docstoc.com/swf/mwt.swf
22/03/2010 21:59:26 Allowed (analysis according to the base of suspicious web addresses) Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 6561833505
22/03/2010 21:59:26 Allowed (analysis according to the base of phishing web addresses) Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 6561833505
22/03/2010 21:59:26 OK Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 6561833505
22/03/2010 22:02:26 Allowed (analysis according to the base of suspicious web addresses) Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 5521314927
22/03/2010 22:02:26 Allowed (analysis according to the base of phishing web addresses) Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 5521314927
22/03/2010 22:02:26 OK Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 5521314927
22/03/2010 22:05:26 Allowed (analysis according to the base of suspicious web addresses) Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 0491948292
22/03/2010 22:05:26 Allowed (analysis according to the base of phishing web addresses) Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 0491948292
22/03/2010 22:05:26 OK Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 0491948292
22/03/2010 22:08:26 Allowed (analysis according to the base of suspicious web addresses) Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 4875425183
22/03/2010 22:08:26 Allowed (analysis according to the base of phishing web addresses) Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 4875425183
22/03/2010 22:08:26 OK Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 4875425183
22/03/2010 22:11:26 Allowed (analysis according to the base of suspicious web addresses) Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 2500905996
22/03/2010 22:11:26 Allowed (analysis according to the base of phishing web addresses) Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 2500905996
22/03/2010 22:11:26 OK Google Desktop http://www0.rdthdo.bbc.co.uk/cgi-perl/a ... 2500905996
System Watch (events: 459)
22/03/2010 22:12:29 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:12:28 Microsoft Windows Search Filter Host HKEY_USERS\REGISTRY\USER\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:28 Microsoft Windows Search Filter Host HKEY_USERS\REGISTRY\USER\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:27 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SESSIONINFO\0000000000013B66
22/03/2010 22:12:27 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SESSIONINFO\0000000000013B66
22/03/2010 22:12:27 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 22:12:27 Microsoft Windows Search Protocol Host HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELL FOLDERS
22/03/2010 22:12:27 Microsoft Windows Search Protocol Host HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:26 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 22:12:25 GrooveMonitor Utility HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:25 GrooveMonitor Utility HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:25 GrooveMonitor Utility HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:25 GrooveMonitor Utility HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:25 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SESSIONINFO\0000000000013B66
22/03/2010 22:12:25 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SESSIONINFO\0000000000013B66
22/03/2010 22:12:25 Explorateur Windows HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELL FOLDERS
22/03/2010 22:12:25 Explorateur Windows HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:25 Explorateur Windows HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELL FOLDERS
22/03/2010 22:12:25 Explorateur Windows HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:25 Explorateur Windows HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELL FOLDERS
22/03/2010 22:12:25 Explorateur Windows HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:25 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELL FOLDERS
22/03/2010 22:12:25 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:25 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:25 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:25 Explorateur Windows HKEY_USERS\S-1-5-21-1409082233-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList/MRUList
22/03/2010 22:12:25 Explorateur Windows HKEY_USERS\S-1-5-21-1409082233-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList/e
22/03/2010 22:12:25 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.TXT\OPENWITHLIST
22/03/2010 22:12:23 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:12:22 Generic Host Process for Win32 Services HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\STILLIMAGE\LOGGING
22/03/2010 22:12:17 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:12:12 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:12:06 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:12:00 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:11:55 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:11:49 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:11:43 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:11:38 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:11:32 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:11:26 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:11:20 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:11:15 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:11:09 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:11:03 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:11:01 Microsoft Windows Search Indexer HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
22/03/2010 22:10:57 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:10:52 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:10:46 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:10:40 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:10:35 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:10:29 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:10:23 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:10:18 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:10:12 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:10:06 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:10:01 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:09:55 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:09:49 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:09:43 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:09:38 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:09:32 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:09:26 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:09:21 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:09:15 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:09:09 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:09:04 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:08:58 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:08:52 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:08:46 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:08:41 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:08:40 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 22:08:40 Verify Class ID HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS
22/03/2010 22:08:39 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 22:08:35 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:08:29 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:08:24 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:08:18 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:08:12 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:08:06 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:08:01 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:08:01 Microsoft Windows Search Indexer HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
22/03/2010 22:07:55 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:07:49 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:07:44 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:07:38 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:07:32 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:07:27 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:07:21 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:07:15 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:07:10 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:07:04 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:06:58 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:06:52 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:06:47 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:06:41 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:06:35 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:06:28 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:06:23 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:06:17 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:06:11 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:06:05 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:06:00 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:05:54 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:05:48 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:05:43 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:05:37 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:05:31 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:05:26 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:05:20 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:05:14 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:05:09 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:05:03 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:05:01 Microsoft Windows Search Indexer HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
22/03/2010 22:04:57 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:04:52 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:04:46 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:04:40 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:04:34 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:04:29 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:04:23 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:04:17 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:04:12 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:04:06 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:03:53 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:03:48 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:03:42 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:03:36 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:03:30 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:03:25 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:03:19 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:03:13 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:03:08 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:03:02 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:02:56 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:02:51 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:02:43 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:02:36 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:02:25 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:02:19 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:02:14 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:02:08 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:02:02 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:02:01 Microsoft Windows Search Indexer HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
22/03/2010 22:01:56 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:01:51 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:01:45 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:01:39 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:01:33 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:01:27 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:01:21 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:01:16 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:01:10 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:01:04 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:01:04 SaUpdate.exe C:\Program Files\Ask.com\SaUpdate.exe
22/03/2010 22:01:02 UpdateTask.exe C:\Program Files\Ask.com\UpdateTask.exe
22/03/2010 22:01:02 SaUpdate.exe C:\Program Files\Ask.com\SaUpdate.exe
22/03/2010 22:01:01 UpdateTask.exe HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
22/03/2010 22:01:01 UpdateTask.exe HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
22/03/2010 22:01:01 UpdateTask.exe HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
22/03/2010 22:01:01 UpdateTask.exe HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING
22/03/2010 22:01:00 UpdateTask.exe C:\Program Files\Ask.com\UpdateTask.exe
22/03/2010 22:01:00 Generic Host Process for Win32 Services HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
22/03/2010 22:00:59 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:00:58 Skype HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\DEVICECLASSES
22/03/2010 22:00:58 Skype HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\DEVICECLASSES
22/03/2010 22:00:58 Skype HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\DEVICECLASSES
22/03/2010 22:00:58 Skype HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\DEVICECLASSES
22/03/2010 22:00:57 Skype HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\DEVICECLASSES
22/03/2010 22:00:57 Skype HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\DEVICECLASSES
22/03/2010 22:00:57 Skype HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\DEVICECLASSES
22/03/2010 22:00:57 Skype HKEY_LOCAL_MACHINE\REGISTRY\MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\DEVICECLASSES
22/03/2010 22:00:53 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:00:47 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:00:42 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:00:36 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:00:30 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:00:24 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:00:19 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:00:13 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:00:07 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:00:02 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:59:56 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:59:50 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:59:45 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:59:39 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:59:33 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:59:27 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:59:21 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:59:16 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:59:10 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:59:04 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:59:01 Microsoft Windows Search Indexer HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
22/03/2010 21:58:59 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:58:53 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:58:47 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:58:42 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 21:58:42 Verify Class ID HKEY_USERS\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS
22/03/2010 21:58:41 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:58:41 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 21:58:36 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:58:30 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:58:24 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:58:19 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:58:13 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:58:07 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 21:27:40 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 21:27:40 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 21:25:31 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 21:25:31 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 21:25:30 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 21:25:30 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 21:23:26 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 21:23:26 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 21:23:24 Microsoft Office Outlook C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
22/03/2010 21:21:26 Microsoft Office Outlook C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
22/03/2010 21:21:16 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 21:21:12 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 21:17:51 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 21:17:51 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 21:16:51 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 21:16:41 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 21:16:40 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 21:16:38 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 21:13:36 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 21:13:18 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 21:12:45 Windows Error Reporting Dump Reporting Tool C:\WINDOWS\system32\DUMPREP.EXE
22/03/2010 21:12:45 Microsoft Application Error Reporting C:\WINDOWS\system32\DWWIN.EXE
22/03/2010 21:12:44 Windows Error Reporting Dump Reporting Tool C:\WINDOWS\system32\DUMPREP.EXE
22/03/2010 21:12:44 Microsoft Application Error Reporting C:\WINDOWS\system32\DWWIN.EXE
22/03/2010 21:12:32 Microsoft Application Error Reporting C:\WINDOWS\system32\DWWIN.EXE
22/03/2010 21:12:32 Microsoft Application Error Reporting C:\WINDOWS\system32\DWWIN.EXE
22/03/2010 21:11:25 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 21:11:25 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 21:11:21 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 21:11:20 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 21:09:28 Microsoft Office Word C:\Program Files\MICROSOFT OFFICE\OFFICE12\WINWORD.EXE
22/03/2010 21:09:16 Windows Error Reporting Dump Reporting Tool C:\WINDOWS\system32\DUMPREP.EXE
22/03/2010 21:09:15 Windows Error Reporting Dump Reporting Tool C:\WINDOWS\system32\DUMPREP.EXE
22/03/2010 21:09:15 Microsoft Office Word C:\Program Files\MICROSOFT OFFICE\OFFICE12\WINWORD.EXE
22/03/2010 21:09:12 Windows Error Reporting Dump Reporting Tool C:\WINDOWS\system32\DUMPREP.EXE
22/03/2010 21:09:06 Gestionnaire des tâches de Windows C:\WINDOWS\system32\taskmgr.exe
22/03/2010 21:08:58 Windows Error Reporting Dump Reporting Tool C:\WINDOWS\system32\DUMPREP.EXE
22/03/2010 21:08:50 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 21:08:50 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 21:08:45 Windows Error Reporting Dump Reporting Tool C:\WINDOWS\system32\DUMPREP.EXE
22/03/2010 21:08:41 Gestionnaire des tâches de Windows C:\WINDOWS\system32\taskmgr.exe
22/03/2010 21:08:39 Gestionnaire des tâches de Windows C:\WINDOWS\system32\taskmgr.exe
22/03/2010 21:08:39 Gestionnaire des tâches de Windows C:\WINDOWS\system32\taskmgr.exe
22/03/2010 21:08:29 Windows Error Reporting Dump Reporting Tool C:\WINDOWS\system32\DUMPREP.EXE
22/03/2010 21:08:17 WebToolBar component C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\KLWTBLFS.EXE
22/03/2010 21:08:13 Firefox C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE
22/03/2010 21:07:43 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 21:07:43 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 21:07:40 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 21:07:40 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 21:06:33 Microsoft Office Word C:\Program Files\MICROSOFT OFFICE\OFFICE12\WINWORD.EXE
22/03/2010 21:06:25 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 21:06:24 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 21:06:21 Microsoft Office Word C:\Program Files\MICROSOFT OFFICE\OFFICE12\WINWORD.EXE
22/03/2010 21:04:49 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 21:04:37 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 21:01:31 Java(TM) Quick Starter binary C:\Program Files\JAVA\JRE6\BIN\jqsnotify.exe
22/03/2010 21:01:31 Java(TM) Quick Starter binary C:\Program Files\JAVA\JRE6\BIN\jqsnotify.exe
22/03/2010 21:01:28 WebToolBar component C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\KLWTBLFS.EXE
22/03/2010 21:01:22 Firefox C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE
22/03/2010 21:01:04 SaUpdate.exe C:\Program Files\Ask.com\SaUpdate.exe
22/03/2010 21:01:02 UpdateTask.exe C:\Program Files\Ask.com\UpdateTask.exe
22/03/2010 21:01:02 SaUpdate.exe C:\Program Files\Ask.com\SaUpdate.exe
22/03/2010 21:01:00 UpdateTask.exe C:\Program Files\Ask.com\UpdateTask.exe
22/03/2010 21:00:50 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 21:00:37 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:59:29 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:59:14 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:58:54 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:58:37 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:57:09 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:56:46 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:55:26 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:55:09 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:54:50 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:54:37 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:53:05 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:52:37 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:50:55 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:50:37 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:49:50 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 20:49:50 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 20:48:54 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:48:38 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 20:48:38 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 20:48:37 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:48:06 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 20:48:06 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 20:48:01 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:47:23 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:46:25 CCleaner C:\Program Files\CCleaner\CCLEANER.EXE
22/03/2010 20:45:04 CCleaner C:\Program Files\CCleaner\CCLEANER.EXE
22/03/2010 20:45:00 CCleaner C:\Program Files\CCleaner\CCLEANER.EXE
22/03/2010 20:44:23 CCleaner C:\Program Files\CCleaner\CCLEANER.EXE
22/03/2010 20:44:23 WebToolBar component C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\KLWTBLFS.EXE
22/03/2010 20:44:18 Firefox C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE
22/03/2010 20:42:49 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:42:37 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:42:16 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:42:02 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:38:29 Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
22/03/2010 20:37:49 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:37:35 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:36:53 Java(TM) Quick Starter binary C:\Program Files\JAVA\JRE6\BIN\jqsnotify.exe
22/03/2010 20:36:52 Java(TM) Quick Starter binary C:\Program Files\JAVA\JRE6\BIN\jqsnotify.exe
22/03/2010 20:36:52 Java(TM) Quick Starter binary C:\Program Files\JAVA\JRE6\BIN\jqsnotify.exe
22/03/2010 20:36:52 Java(TM) Quick Starter binary C:\Program Files\JAVA\JRE6\BIN\jqsnotify.exe
22/03/2010 20:36:44 WebToolBar component C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\KLWTBLFS.EXE
22/03/2010 20:36:37 Firefox C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE
22/03/2010 20:36:29 Firefox C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE
22/03/2010 20:36:27 Firefox C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE
22/03/2010 20:36:27 Firefox C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE
22/03/2010 20:36:06 Firefox C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE
22/03/2010 20:35:36 Firefox C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE
22/03/2010 20:35:22 Firefox C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE
22/03/2010 20:35:13 Firefox C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE
22/03/2010 20:34:53 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:34:38 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:34:26 Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
22/03/2010 20:32:35 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:32:18 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:31:38 Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
22/03/2010 20:31:31 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 20:31:31 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 20:31:29 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 20:31:25 Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
22/03/2010 20:31:24 Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
22/03/2010 20:31:21 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 20:31:13 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 20:31:13 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 20:31:13 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 20:31:11 Verify Class ID C:\WINDOWS\system32\VERCLSID.EXE
22/03/2010 20:31:10 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:30:27 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:30:23 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:30:14 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:30:14 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:30:13 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:30:13 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:30:12 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:30:12 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:30:11 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:30:11 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:30:11 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:30:11 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:30:11 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:30:11 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:30:11 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:30:10 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 20:30:10 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 20:26:35 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:26:31 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:26:20 Windows® installer C:\WINDOWS\system32\MSIEXEC.EXE
22/03/2010 20:26:19 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:26:05 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:25:56 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 20:25:55 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 20:25:53 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:25:44 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:25:09 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:23:59 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 20:23:59 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 20:23:06 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:22:56 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 20:22:55 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 20:22:53 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:22:53 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:22:37 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:21:08 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:20:54 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:20:50 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:20:37 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLESERVICES.DLL
22/03/2010 20:19:57 Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
22/03/2010 20:19:36 Kaspersky Anti-Virus GUI Windows part C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\BASEGUI.PPL
22/03/2010 20:19:32 Kaspersky Anti-Virus GUI Windows part C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\BASEGUI.PPL
22/03/2010 20:19:29 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:19:28 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:19:23 Microsoft(C) Register Server C:\WINDOWS\system32\REGSVR32.EXE
22/03/2010 20:19:21 Microsoft(C) Register Server C:\WINDOWS\system32\REGSVR32.EXE
22/03/2010 20:19:18 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:19:18 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:19:18 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:19:18 SF.BIN C:\Program Files\ALWIL SOFTWARE\AVAST5\DEFS\10032200\SF.BIN
22/03/2010 20:19:18 Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
22/03/2010 20:19:18 Kaspersky Anti-Virus C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
22/03/2010 20:19:18 Microsoft Windows Search Filter Host C:\WINDOWS\system32\SEARCHFILTERHOST.EXE
22/03/2010 20:19:18 Microsoft Windows Search Protocol Host C:\WINDOWS\system32\SEARCHPROTOCOLHOST.EXE
22/03/2010 20:19:18 Windows® installer C:\WINDOWS\system32\MSIEXEC.EXE
22/03/2010 20:19:18 Java(TM) Quick Starter Service C:\Program Files\JAVA\JRE6\BIN\JQS.EXE
22/03/2010 20:19:18 Firefox C:\Program Files\MOZILLA FIREFOX\FIREFOX.EXE
22/03/2010 20:19:18 Camera Control Interface C:\Program Files\FICHIERS COMMUNS\LOGISHRD\LQCVFX\COCIMANAGER.EXE
22/03/2010 20:19:18 Application Layer Gateway Service C:\WINDOWS\system32\ALG.EXE
22/03/2010 20:19:18 AutoUpater Service Module C:\Program Files\YAHOO!\SOFTWAREUPDATE\YAHOOAUSERVICE.EXE
22/03/2010 20:19:18 Logitech Video COM Service C:\Program Files\FICHIERS COMMUNS\LOGISHRD\LVCOMSER\LVCOMSER.EXE
22/03/2010 20:19:18 Microsoft Windows Search Indexer C:\WINDOWS\system32\SEARCHINDEXER.EXE
22/03/2010 20:19:18 TOSHIBA Bluetooth Service C:\Program Files\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTSRV.EXE
22/03/2010 20:19:18 Generic Host Process for Win32 Services C:\WINDOWS\system32\SVCHOST.EXE
22/03/2010 20:19:18 Online Armor Component C:\Program Files\TALL EMU\ONLINE ARMOR\OACAT.EXE
22/03/2010 20:19:18 NMSACCESSU.EXE C:\Program Files\CDBURNERXP\NMSACCESSU.EXE
22/03/2010 20:19:18 Machine Debug Manager C:\Program Files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
22/03/2010 20:19:18 Logitech Video COM Service C:\Program Files\FICHIERS COMMUNS\LOGISHRD\LVCOMSER\LVCOMSER.EXE
22/03/2010 20:19:18 Creative Service for CDROM Access C:\WINDOWS\system32\CTSVCCDA.EXE
22/03/2010 20:19:18 Microsoft Office Groove C:\Program Files\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE
22/03/2010 20:19:18 Windows Search System Tray C:\Program Files\WINDOWS DESKTOP SEARCH\WINDOWSSEARCH.EXE
22/03/2010 20:19:18 Skype C:\Program Files\SKYPE\PHONE\SKYPE.EXE
22/03/2010 20:19:18 CTF Loader C:\WINDOWS\system32\CTFMON.EXE
22/03/2010 20:19:18 Creative Sync Manager C:\Program Files\CREATIVE\SYNC MANAGER UNICODE\CTSYNCU.EXE
22/03/2010 20:19:18 GoogleToolbarNotifier C:\Program Files\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
22/03/2010 20:19:18 avast! Antivirus C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
22/03/2010 20:19:18 GrooveMonitor Utility C:\Program Files\MICROSOFT OFFICE\OFFICE12\GROOVEMONITOR.EXE
22/03/2010 20:19:18 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOP.EXE
22/03/2010 20:19:18 Camera Software C:\Program Files\LOGITECH\QUICKCAM\QUICKCAM.EXE
22/03/2010 20:19:18 Communications Manager C:\Program Files\FICHIERS COMMUNS\LOGISHRD\LCOMMGR\COMMUNICATIONS_HELPER.EXE
22/03/2010 20:19:18 Point32.exe C:\Program Files\MICROSOFT INTELLIPOINT\POINT32.EXE
22/03/2010 20:19:18 Creative Media Explorer Detector C:\Program Files\CREATIVE\CREATIVE ZEN\ZEN MEDIA EXPLORER\CTCHECK.EXE
22/03/2010 20:19:18 RealNetworks Scheduler C:\Program Files\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
22/03/2010 20:19:18 Google Desktop C:\Program Files\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOP.EXE
22/03/2010 20:19:18 Explorateur Windows C:\WINDOWS\EXPLORER.EXE
22/03/2010 20:19:18 Generic Host Process for Win32 Services C:\WINDOWS\system32\SVCHOST.EXE
22/03/2010 20:19:18 ACS C:\WINDOWS\system32\ACS.EXE
22/03/2010 20:19:18 Logitech LVPrcSrv Module. C:\Program Files\FICHIERS COMMUNS\LOGISHRD\LVMVFM\LVPRCSRV.EXE
22/03/2010 20:19:18 Spooler SubSystem App C:\WINDOWS\system32\SPOOLSV.EXE
22/03/2010 20:19:18 LEXPPS.EXE C:\WINDOWS\system32\LEXPPS.EXE
22/03/2010 20:19:18 LexBce Service C:\WINDOWS\system32\LEXBCES.EXE
22/03/2010 20:19:18 avast! Service C:\Program Files\ALWIL SOFTWARE\AVAST5\AVASTSVC.EXE
22/03/2010 20:19:18 Generic Host Process for Win32 Services C:\WINDOWS\system32\SVCHOST.EXE
22/03/2010 20:19:18 Generic Host Process for Win32 Services C:\WINDOWS\system32\SVCHOST.EXE
22/03/2010 20:19:18 Generic Host Process for Win32 Services C:\WINDOWS\system32\SVCHOST.EXE
22/03/2010 20:19:18 Generic Host Process for Win32 Services C:\WINDOWS\system32\SVCHOST.EXE
22/03/2010 20:19:18 Generic Host Process for Win32 Services C:\WINDOWS\system32\SVCHOST.EXE
22/03/2010 20:19:18 Generic Host Process for Win32 Services C:\WINDOWS\system32\SVCHOST.EXE
22/03/2010 20:19:18 ATI External Event Utility EXE Module C:\WINDOWS\system32\ATI2EVXX.EXE
22/03/2010 20:19:18 LSA Shell (Export Version) C:\WINDOWS\system32\LSASS.EXE
22/03/2010 20:19:18 Applications Services et Contrôleur C:\WINDOWS\system32\SERVICES.EXE
22/03/2010 20:19:18 Application d'ouverture de session Windows NT C:\WINDOWS\system32\WINLOGON.EXE
22/03/2010 20:19:18 Client Server Runtime Process C:\WINDOWS\system32\CSRSS.EXE
22/03/2010 20:19:18 Gestionnaire de session Windows NT C:\WINDOWS\system32\SMSS.EXE
22/03/2010 20:19:18  
22/03/2010 22:12:34 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:12:40 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:40 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:40 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.TXT\OPENWITHLIST
22/03/2010 22:12:40 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SESSIONINFO\0000000000013B66
22/03/2010 22:12:40 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:12:40 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SESSIONINFO\0000000000013B66
22/03/2010 22:12:40 GrooveMonitor Utility HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:40 GrooveMonitor Utility HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:40 GrooveMonitor Utility HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:40 GrooveMonitor Utility HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:44 Microsoft Windows Search Filter Host HKEY_USERS\REGISTRY\USER\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:44 Microsoft Windows Search Filter Host HKEY_USERS\REGISTRY\USER\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USER SHELL FOLDERS
22/03/2010 22:12:46 Google Desktop HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TIME ZONES
22/03/2010 22:12:51 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SESSIONINFO\0000000000013B66
22/03/2010 22:12:51 Explorateur Windows HKEY_USERS\REGISTRY\USER\S-1-5-21-1409082233-602609370-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SESSIONINFO\0000000000013B66
sarah33500
Regular Member
 
Posts: 21
Joined: March 24th, 2009, 10:30 am

Re: SPAM

Unread postby askey127 » March 23rd, 2010, 6:21 am

sarah33500,
Thanks. Please Uninstall Kaspersky now, then reboot.
-----------------------------------------------------------
Gmer

Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. UNCHECK the following ...
    • Sections
    • IAT/EAT
    • Drives/Partitions other than C:\
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.
-----------------------------------------------
Run the RSIT Scanner
Please download the scanner from here and save it to your desktop. The icon will be named RSIT.exe
Doubleclick the RSIT icon.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Both files will be saved here -> C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.

Please post back here the log file from GMER and the two text reports from the RSIT scanner.
Use separate replies for each one, if you wish.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: SPAM

Unread postby sarah33500 » March 23rd, 2010, 12:08 pm

askey127,

will post two replies, one with GMER log and the second with the RSIT logs.

thanks,
Sarah

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-23 16:53:37
Windows 5.1.2600 Service Pack 3
Running: xyh2w78j.exe; Driver: C:\DOCUME~1\Wright\LOCALS~1\Temp\uwwyqkob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAllocateVirtualMemory [0xAF3E1430]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAssignProcessToJobObject [0xAF3E1A50]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAF338C56]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwConnectPort [0xAF3DFF40]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateFile [0xAF3EE530]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAF338B12]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreatePort [0xAF3DFBF0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcess [0xAF3DCEC0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcessEx [0xAF3DD290]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateSection [0xAF3DC9E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateThread [0xAF3DE370]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDebugActiveProcess [0xAF3DEED0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDeleteFile [0xAF3EEFC0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAF3390C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAF338FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAF3386E8]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwEnumerateKey [0xAF3EE4D0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwEnumerateValueKey [0xAF3EE500]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadDriver [0xAF3E0F00]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadKey [0xAF3EDBA0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenFile [0xAF3EEBD0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAF338BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAF338628]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenSection [0xAF3DCC50]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAF33868C]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwProtectVirtualMemory [0xAF3E16E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryKey [0xAF3EE470]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAF338D0C]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueueApcThread [0xAF3E1BD0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAF339194]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwReplaceKey [0xAF3EDF40]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestWaitReplyPort [0xAF3E0AB0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAF338CCC]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xAF3DF5C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSaveKey [0xAF3EE450]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSecureConnectPort [0xAF3E0300]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetContextThread [0xAF3DECF0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetSystemInformation [0xAF3DF050]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAF338E4C]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwShutdownSystem [0xAF3E0E00]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendProcess [0xAF3DF770]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendThread [0xAF3DF3F0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSystemDebugControl [0xAF3DF230]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateProcess [0xAF3DE130]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateThread [0xAF3DEAD0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwUnloadDriver [0xAF3E1120]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwWriteVirtualMemory [0xAF3E1890]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)
Device \FileSystem\Fastfat \Fat AB211D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----
sarah33500
Regular Member
 
Posts: 21
Joined: March 24th, 2009, 10:30 am

Re: SPAM

Unread postby sarah33500 » March 23rd, 2010, 12:10 pm

hi again,

here are the two RSIT files:

info.txt logfile of random's system information tool 1.06 2010-03-23 17:04:42

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
ASUS ATK0100 ACPI UTILITY-->XPunin.exe
ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}
Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x040c -removeonly
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x040c -removeonly
ATK Media-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\setup.exe" -l0x9
ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\setup.exe -runfromtemp -l0x0009 -removeonly
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins001.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Dell AIO Printer A920-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
DiMAGE Viewer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{976EA7B1-7562-483D-88DA-4323D263B7CD}\Setup.exe" -l0x40c
FaxTools-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x40c ControlPanel
ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logitech QuickCam-->MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Loki Browser Plugin-->C:\Program Files\Skyhook Wireless\Loki Browser Plugin\uninst.exe
Ma-Config.com-->MsiExec.exe /X{F9C3C475-5723-41F5-939A-436B6159F489}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Notification Mail-->"C:\Program Files\Orange\MailNotifier\uninstallMailNotifier.exe"
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Online Armor 3.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
Orange Plug-in messagerie vocale 888-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}\Setup.exe" -l0x40c --AddRemove
OrangeInstaller version 1.0.0.0-->RunDll32 C:\WINDOWS\system32\advpack.dll,LaunchINFSection C:\WINDOWS\INF\OrangeInstaller_1.0.0.0.inf,DefaultUninstall
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x40c -removeonly
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb979895)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D45674C6-9127-4C84-8826-93FBC552DF53}
USB2.0 Card Reader Software-->"C:\Program Files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x040c -removeonly
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows 7 Upgrade Advisor-->MsiExec.exe /I{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.EXE -runfromtemp -l0x040c -removeonly
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
ZEN Media Explorer-->"C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x0009
ZENcast Organizer-->"C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /nolog/l0x0009

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! Antivirus
FW: Online Armor Firewall (disabled)

======System event log======

Computer Name: ASUS-1IXXHVBQE2
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Hôte de périphérique universel Plug-and-Play.

Record Number: 33892
Source Name: Service Control Manager
Time Written: 20100310204927.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: ASUS-1IXXHVBQE2
Event Code: 256
Message: Un délai a expiré lors de l'envoi de la notification de modification d'interface de périphérique à la fenêtre de "C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe"

Record Number: 33891
Source Name: PlugPlayManager
Time Written: 20100310200809.000000+060
Event Type: Avertissement
User:

Computer Name: ASUS-1IXXHVBQE2
Event Code: 256
Message: Un délai a expiré lors de l'envoi de la notification de modification d'interface de périphérique à la fenêtre de "C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe"

Record Number: 33890
Source Name: PlugPlayManager
Time Written: 20100310200805.000000+060
Event Type: Avertissement
User:

Computer Name: ASUS-1IXXHVBQE2
Event Code: 256
Message: Un délai a expiré lors de l'envoi de la notification de modification d'interface de périphérique à la fenêtre de "C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe"

Record Number: 33889
Source Name: PlugPlayManager
Time Written: 20100310200759.000000+060
Event Type: Avertissement
User:

Computer Name: ASUS-1IXXHVBQE2
Event Code: 256
Message: Un délai a expiré lors de l'envoi de la notification de modification d'interface de périphérique à la fenêtre de "C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe"

Record Number: 33888
Source Name: PlugPlayManager
Time Written: 20100310200759.000000+060
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: ASUS-1IXXHVBQE2
Event Code: 0
Message:
Record Number: 8671
Source Name: gupdate
Time Written: 20100213162716.000000+060
Event Type: Informations
User:

Computer Name: ASUS-1IXXHVBQE2
Event Code: 102
Message: Windows (3768) Windows: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 8670
Source Name: ESENT
Time Written: 20100213162709.000000+060
Event Type: Informations
User:

Computer Name: ASUS-1IXXHVBQE2
Event Code: 100
Message: SearchIndexer (3768) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 8669
Source Name: ESENT
Time Written: 20100213162709.000000+060
Event Type: Informations
User:

Computer Name: ASUS-1IXXHVBQE2
Event Code: 0
Message:
Record Number: 8668
Source Name: YahooAUService
Time Written: 20100213162704.000000+060
Event Type: Informations
User:

Computer Name: ASUS-1IXXHVBQE2
Event Code: 0
Message:
Record Number: 8667
Source Name: TOSHIBA Bluetooth Service
Time Written: 20100213162701.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by Wright at 2010-03-23 17:04:23
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 84 GB (70%) free of 119 GB
Total RAM: 1919 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:38, on 23/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Wright\Mes documents\Downloads\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Wright\Bureau\Wright.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search/?q=%s
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Dictionary.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://logicielsgratuits.orange.fr
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pe ... stscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fich ... _1_0_2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\System32\acs.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13478 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-07-31 909040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-22 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-17 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Dictionary.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-22 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2009-07-31 159472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-07-31 909040]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Dictionary.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-15 30192]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-04-27 198160]
"CTCheck"=C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [2007-11-06 397312]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-03-24 217088]
"LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]
"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 248040]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-20 39408]
"CTSyncU.exe"=C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2007-07-17 868352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
C:\Program Files\Atheros\ACU.exe [2008-04-09 450648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY]
C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-07-12 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-10-17 7737344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [2007-11-06 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe [2003-06-02 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcontrol]
C:\WINDOWS\Hcontrol.exe [2002-01-08 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-20 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-04-27 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]
C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2007-05-22 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Startup v7.lnk]
C:\PROGRA~1\OFFICE~1\OFFICE~3\OOSTAR~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Wright^Menu Démarrer^Programmes^Démarrage^BBC iPlayer Desktop.lnk]
C:\PROGRA~1\BBCIPL~1\BBCIPL~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Wright^Menu Démarrer^Programmes^Démarrage^CCC.lnk]
C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Wright\Menu Démarrer\Programmes\Démarrage
Microsoft Office Groove.lnk - C:\Program Files\Microsoft Office\Office12\GROOVE.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\GOOGLE\GOOGLE~4\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-04-18 335048]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe:*:Enabled:Google Desktop"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\WDGold Lite\WDGold Lite.exe"="C:\Program Files\WDGold Lite\WDGold Lite.exe:*:Enabled:Gestion des contacts"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 3 months======

2010-03-23 17:04:23 ----D---- C:\rsit
2010-03-23 16:20:09 ----SHD---- C:\Config.Msi
2010-03-22 20:14:32 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-03-22 20:00:55 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-22 20:00:54 ----D---- C:\Program Files\Fichiers communs\Java
2010-03-22 20:00:02 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-22 20:00:02 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-22 20:00:02 ----A---- C:\WINDOWS\system32\java.exe
2010-03-18 20:26:08 ----D---- C:\Documents and Settings\Wright\Application Data\vlc
2010-03-12 07:21:24 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-03-11 08:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-06 18:40:24 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-02-27 17:40:45 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-02-26 03:02:17 ----D---- C:\Program Files\TrendMicro
2010-02-25 08:56:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-21 13:50:39 ----A---- C:\Program Files\vlc-1.0.5-win32.exe
2010-02-15 14:36:23 ----D---- C:\Documents and Settings\Wright\Application Data\Canneverbe Limited
2010-02-15 14:36:22 ----D---- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2010-02-15 11:32:28 ----D---- C:\Documents and Settings\Wright\Application Data\WDGold Lite
2010-02-15 11:32:26 ----D---- C:\Documents and Settings\All Users\Application Data\ServeurFax
2010-02-15 11:32:00 ----D---- C:\Program Files\Fichiers communs\PC SOFT
2010-02-15 11:31:46 ----D---- C:\Program Files\WDGold Lite
2010-02-15 11:31:36 ----D---- C:\Documents and Settings\All Users\Application Data\WDGold Lite
2010-02-10 16:09:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 16:09:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 16:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 16:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 16:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 16:06:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 16:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 16:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 16:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-01-25 16:52:57 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-01-23 16:52:54 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2010-01-23 16:51:29 ----D---- C:\Documents and Settings\Wright\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-01-21 23:03:02 ----D---- C:\Documents and Settings\Wright\Application Data\Windows Search
2010-01-19 10:29:50 ----D---- C:\Documents and Settings\Wright\Application Data\Download Manager
2010-01-18 17:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2010-01-18 17:33:43 ----HDC---- C:\WINDOWS\ie8
2010-01-18 17:03:37 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2010-01-18 16:57:50 ----D---- C:\Documents and Settings\Wright\Application Data\Windows Desktop Search
2010-01-18 16:53:44 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-01-18 16:53:44 ----D---- C:\Program Files\Windows Desktop Search
2010-01-18 16:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2010-01-18 16:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2010-01-16 15:52:33 ----D---- C:\Program Files\Fichiers communs\DESIGNER
2010-01-16 15:26:40 ----A---- C:\WINDOWS\system32\msonpmon.dll
2010-01-16 15:24:23 ----D---- C:\Program Files\Microsoft Works
2010-01-16 15:22:38 ----D---- C:\Program Files\Microsoft.NET
2010-01-16 15:16:02 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-01-16 15:14:50 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-01-16 15:12:46 ----RHD---- C:\MSOCache
2010-01-16 14:55:02 ----D---- C:\WINDOWS\Performance
2010-01-16 14:54:16 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2010-01-14 10:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-01-14 10:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-14 10:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-14 10:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-01-14 10:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-14 10:06:27 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-14 10:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-01-14 10:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-14 10:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-01-14 10:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-01-13 16:37:32 ----A---- C:\WINDOWS\_ISENV31.INI
2010-01-13 16:32:58 ----D---- C:\Dell
2010-01-13 16:25:18 ----RA---- C:\WINDOWS\system32\LVUI2RC.dll
2010-01-13 16:25:18 ----RA---- C:\WINDOWS\system32\LVUI2.dll
2010-01-13 16:25:18 ----RA---- C:\WINDOWS\system32\lvcoinst.ini
2010-01-13 16:25:18 ----RA---- C:\WINDOWS\system32\lvcodec2.dll
2010-01-13 16:25:18 ----RA---- C:\WINDOWS\system32\lvci1110.dll
2010-01-13 16:19:56 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2010-01-13 16:19:53 ----D---- C:\Program Files\Logitech
2010-01-13 16:19:53 ----D---- C:\Program Files\Fichiers communs\LogiShrd
2010-01-13 16:18:46 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd

======List of files/folders modified in the last 3 months======

2010-03-23 17:00:37 ----D---- C:\WINDOWS\Prefetch
2010-03-23 16:57:55 ----D---- C:\WINDOWS\Temp
2010-03-23 16:57:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-23 16:57:22 ----D---- C:\WINDOWS\system32
2010-03-23 16:57:16 ----SD---- C:\WINDOWS\Tasks
2010-03-23 16:40:45 ----D---- C:\Documents and Settings\Wright\Application Data\Skype
2010-03-23 16:26:01 ----D---- C:\WINDOWS
2010-03-23 16:23:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-23 16:23:24 ----SHD---- C:\WINDOWS\Installer
2010-03-23 16:22:33 ----RD---- C:\Program Files
2010-03-23 16:22:07 ----D---- C:\WINDOWS\system32\drivers
2010-03-23 16:20:55 ----HD---- C:\WINDOWS\inf
2010-03-23 09:24:13 ----A---- C:\WINDOWS\dellstat.ini
2010-03-23 09:04:30 ----D---- C:\Program Files\Mozilla Firefox
2010-03-23 07:37:32 ----SHD---- C:\System Volume Information
2010-03-22 20:00:54 ----D---- C:\Program Files\Fichiers communs
2010-03-22 19:59:46 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-22 19:52:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-03-22 19:46:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-22 19:43:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-13 15:57:11 ----D---- C:\Program Files\Google
2010-03-13 13:06:07 ----D---- C:\WINDOWS\Debug
2010-03-12 13:19:39 ----D---- C:\Program Files\Alwil Software
2010-03-12 07:22:08 ----D---- C:\WINDOWS\WinSxS
2010-03-11 08:08:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-11 08:08:15 ----D---- C:\Program Files\Movie Maker
2010-03-11 08:07:45 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-09 12:24:05 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-07 08:27:17 ----D---- C:\Documents and Settings\Wright\Application Data\Image Zone Express
2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-26 02:59:22 ----D---- C:\Program Files\CCleaner
2010-02-25 08:57:05 ----D---- C:\WINDOWS\ie8updates
2010-02-21 13:57:09 ----D---- C:\Documents and Settings\Wright\Application Data\dvdcss
2010-02-21 13:46:40 ----A---- C:\WINDOWS\cdplayer.ini
2010-02-15 20:00:38 ----SD---- C:\Documents and Settings\Wright\Application Data\Microsoft
2010-02-15 16:03:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-15 15:45:38 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-12 21:16:19 ----D---- C:\Program Files\CDBurnerXP
2010-02-10 19:05:52 ----D---- C:\WINDOWS\network diagnostic
2010-02-02 13:49:11 ----D---- C:\WINDOWS\Help
2010-01-31 08:29:16 ----A---- C:\WINDOWS\npornap.INI
2010-01-23 19:14:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-23 16:51:18 ----D---- C:\Program Files\Fichiers communs\Adobe AIR
2010-01-23 09:11:44 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-01-22 08:38:30 ----D---- C:\Program Files\Internet Explorer
2010-01-20 16:39:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-20 16:27:27 ----A---- C:\WINDOWS\win.ini
2010-01-18 17:39:15 ----D---- C:\WINDOWS\system32\en-US
2010-01-18 17:39:14 ----D---- C:\WINDOWS\Media
2010-01-18 17:02:58 ----D---- C:\Program Files\MSECache
2010-01-18 16:58:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-18 16:53:46 ----D---- C:\WINDOWS\system32\fr-fr
2010-01-18 16:53:44 ----D---- C:\WINDOWS\system32\wbem
2010-01-17 17:26:21 ----RSD---- C:\WINDOWS\assembly
2010-01-16 19:42:49 ----RSD---- C:\WINDOWS\Fonts
2010-01-16 19:42:42 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2010-01-16 19:39:33 ----D---- C:\Program Files\Fichiers communs\System
2010-01-16 15:32:47 ----D---- C:\WINDOWS\SHELLNEW
2010-01-16 15:26:25 ----D---- C:\WINDOWS\system32\config
2010-01-16 15:24:12 ----D---- C:\Program Files\MSBuild
2010-01-16 15:23:59 ----D---- C:\Program Files\Microsoft Office
2010-01-14 10:09:01 ----D---- C:\WINDOWS\AppPatch
2010-01-14 10:01:53 ----RD---- C:\Program Files\Skype
2010-01-14 10:01:39 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-01-13 20:17:03 ----D---- C:\Program Files\Fichiers communs\Adobe
2010-01-13 20:17:03 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-13 16:25:18 ----D---- C:\WINDOWS\twain_32
2010-01-13 16:23:57 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\athw.sys [2008-04-08 1309504]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\System32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-07-19 41752]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-11-21 160256]
R3 smserial;smserial; C:\WINDOWS\System32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2006-05-25 193088]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\System32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\System32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
R3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\System32\DRIVERS\l251x86.sys [2007-08-21 30208]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\WINDOWS\System32\DRIVERS\athr.sys [2008-04-05 908800]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-07-19 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-07-19 1278104]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]
S3 R300;R300; C:\WINDOWS\System32\DRIVERS\atikmdag.sys [2007-02-02 2385920]
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\System32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSIMD;wsimd Service; C:\WINDOWS\System32\DRIVERS\wsimd.sys [2008-02-08 57408]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Service de configuration Atheros; C:\WINDOWS\System32\acs.exe [2008-04-09 467028]
R2 Ati External Event Utility;Ati External Event Utility; C:\WINDOWS\System32\Ati2evxx.exe [2007-02-02 446464]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-22 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-06-02 303104]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\oacat.exe [2009-04-18 361160]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2007-02-02 446464]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-15 30192]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-12-16 195752]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-04-18 3259592]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
sarah33500
Regular Member
 
Posts: 21
Joined: March 24th, 2009, 10:30 am

Re: SPAM

Unread postby askey127 » March 23rd, 2010, 12:40 pm

sarah33500,
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Dictionary.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Folder Deletion
In Windows Explorer (My Computer), navigate to the folder shown below, highlight, if found, and press Delete.

C:\Program Files\Ask.com\ <== this folder only

You may have to first open the folder, choose View, Details, and delete all the underlying files and folders before an entire folder can be deleted.
If you need to delete underlying files in a folder and are unable to do so:
Right click the file set for deletion, and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that,, note the name of the file, hit Ctrl-Alt-Delete and look under the Processes tab. If the exact filename is in there, highlight it and click End Process, then retry Delete.
Please Note the name and location of any item you cannot delete, or anything not found.
--------------------------------------------------------
Download and Run ToolBar S&D
Download ToolBar S&D and save to your desktop.
Disable your antivirus and antimalware programs so they do not interfere with the running of ToolBar S&D.
To disable Avast:
DISABLE AVAST
Right click on the avast! icon in system tray (looks like this: Image) and choose (Stop On-Access Protection)
Avast On-Access Protection is now disabled.
Reverse the procedure to re-enable the On-Access Protection after you run Toolbar S&D below..
Then:
  • Double-click ToolBar S&D.exe
  • Choose the language, then choose Option 1 (Search)
  • Wait till the end of the scan.
  • Notepad will open containing the report log.
  • Post that log in your next reply.
  • A copy will also be saved in %SystemDrive%\TB.txt. Usually C:\TB.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: SPAM

Unread postby sarah33500 » March 23rd, 2010, 1:07 pm

Do you ever sleep?!

Thanks.

Here's the Toolbar S&D log:

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz )
BIOS : Default System BIOS
USER : Wright ( Administrator )
BOOT : Normal boot
Antivirus : avast! Antivirus 5.0.83886542 (Not Activated)
Firewall : Online Armor Firewall 3.0.0.190 (Not Activated)
C:\ (Local Disk) - NTFS - Total:116 Go (Free:81 Go)
D:\ (Local Disk) - NTFS - Total:106 Go (Free:106 Go)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 23/03/2010|18:00 )

-----------\\ Searching for Files - Folders ...


-----------\\ Extensions

(Wright) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Wright) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Wright) - {3e0e7d2a-070f-4a47-b019-91fe5385ba79} => addthis
(Wright) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Wright) - {b055c535-4a3a-11db-9659-00e08161166f} => mdtv5toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.bbc.co.uk/"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


--------------------\\ Searching for other infections


No other infections found !


1 - "C:\ToolBar SD\TB_1.txt" - 23/03/2010|18:01 - Option : [1]

-----------\\ Scan completed at 18:01:03,00
sarah33500
Regular Member
 
Posts: 21
Joined: March 24th, 2009, 10:30 am

Re: SPAM

Unread postby askey127 » March 23rd, 2010, 2:54 pm

sarah33500,
Do you have any other connection with the BBC? Who is your official Internet Provider?
The BBC has acquired a questionable reputation based on some previous activities. Here is one article.
http://www.h-online.com/security/news/item/The-BBC-acquired-a-botnet-but-was-it-legal-Update-740506.html
No question that some sites have blacklisted their e-mail servers.
I have no information that anything like that has happened in the last couple months, but the blacklisting can go on for a long time.
I am removing your bbc.co.uk start page anyway, and replacing it with google.
------------------------------------------------------------
Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: If you ever needed to restore your registry later, you would go to the backup folder and start ERDNT.exe
-----------------------------------------------------------
Copy/Paste/Run a Registry Edit
Copy/paste the following quote box into a new notepad document (do not include the word "Code"):
Code: Select all
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\eMule\emule.exe"=-
"C:\Program Files\LimeWire\LimeWire.exe"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Save it as File Type All Files (not as a Text document, or it won't work).
Save it to your Desktop as fixme.reg
Double click fixme.reg on your Desktop, and merge it into the registry when asked.
-----------------------------------------------------------
Reboot Windows.
-----------------------------------------------------------
Folder Deletion
In Windows Explorer (My Computer), navigate to each folder shown below, highlight each one in turn shown in red, if found, and press Delete.
C:\Program Files\LimeWire\ <== this folder only
C:\Program Files\eMule\ <== this folder only
C:\Program Files\Ask.com\ <== this folder only if it's still there
You may have to first open the folder, choose View, Details, and delete all the underlying files and folders before an entire folder can be deleted.
If you need to delete underlying files in a folder and are unable to do so:
Right click the file set for deletion, and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that,, note the name of the file, hit Ctrl-Alt-Delete and look under the Processes tab. If the exact filename is in there, highlight it and click End Process, then retry Delete.
Please Note the name and location of any item you cannot delete, or any file not found.
-----------------------------------------------------------
File Deletion
In Windows Explorer (My Computer), navigate to the folder(s) shown below, select View, Details, highlight each listed file only, one at a time, and press Delete. Be careful not to delete any file without double-checking the exact spelling of the filename.

C:\Windows\tasks\Scheduled Update for Ask Toolbar.job
C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job

If you have any problem deleting a file, right click the file and choose Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the exact filename is in there, highlight it and click End Process, then retry Delete.
Please Note the name and location of any item you cannot delete or find.

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: SPAM

Unread postby sarah33500 » March 23rd, 2010, 3:31 pm

Greetings,

Have done everything you requested, but note that I did not find any program files related to eMule or Ask.com - or any files at all for that matter. All these files that I have deleted and that are in the bin, should I delete them completely?

My internet provider is Orange (France Telecom). I had BBC as my homepage cause I am a news junkie. I also listen to BBC radio online using Real Player.

Cheers,
Sarah
sarah33500
Regular Member
 
Posts: 21
Joined: March 24th, 2009, 10:30 am

Re: SPAM

Unread postby askey127 » March 23rd, 2010, 3:58 pm

sarah33500,
Yes you should empty the Recycle bin.

Can we give the Kaspersky webscan another try? Looks like it is up again.
It gives information that is hard to find anywhere else.
It is thorough but slow, so some patience is in order. :D
-----------------------------------------------------
Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.
-----------------------------------------------------
If for some reason the Kaspersky Scan doesn't work, please try to run this one from ESET;
-----------------------------------------------
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Disable or Exit your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile will be created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please paste the contents of this file in your post.

Please post the log from whichever one works for you.
When you do get a log from Kaspersky or ESET, please also run a fresh HiJackThis scan, and post that log in addition.

(We do have a few more things to do and look at, after this.)
Thanks,

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: SPAM

Unread postby sarah33500 » March 23rd, 2010, 6:25 pm

hi,
Kapersky still not available so ran Eset, log below along with Hijack This.
Am off to bed.
Thanks again for everything so far.
Sarah

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2590c48da4fb754bb9c8c76ce35d5d44
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-23 09:57:33
# local_time=2010-03-23 10:57:33 (+0100, Paris, Madrid)
# country="France"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 32527478 32527478 0 0
# compatibility_mode=768 16777191 100 0 982729 982729 0 0
# compatibility_mode=6401 16777214 100 100 29311654 29313681 0 0
# compatibility_mode=8192 67108863 100 0 3866 3866 0 0
# scanned=55981
# found=0
# cleaned=0
# scan_time=5954


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23:24, on 23/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Wright\Bureau\HiJackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search/?q=%s
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://logicielsgratuits.orange.fr
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pe ... stscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fich ... _1_0_2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\System32\acs.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12985 bytes
sarah33500
Regular Member
 
Posts: 21
Joined: March 24th, 2009, 10:30 am

Re: SPAM

Unread postby askey127 » March 24th, 2010, 7:00 am

sarah33500,
You will likely be able to get your e-mail status restored, but first we must be certain that you have no hidden infectious files.
----------------------------------------------------
Compose A Script to Locate Files
Please highlight, copy (Ctrl+C) and paste (Ctrl+V) the text inside the quote into a new Notepad document.
For %%a in (
"combined community codec pack"
"bbcipl"
) do (
dir c:\*.* /L /A /B /S|Find %%a >> "%userprofile%\desktop\look.txt"
)
pause
Save it on your Desktop as file type "All Files" (NOT as "Text Documents") and name it FindMe.bat
Close Notepad.
Double click FindMe.bat on your Desktop.
A window will open and close in a few minutes. This is normal.
A new file icon named look.txt will appear on your desktop. In your next reply, please post the contents of the look.txt file, or tell me if it's blank.
-----------------------------------------------------------
Download Blacklight from here:
http://www.f-secure.com/en_EMEA/security/security-lab/tools-and-services/blacklight/index.html
or
Link to it from the ftp site: ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
Please save it to your desktop.
Go to Start-->Run, copy in the following text, and press Enter:
"%userprofile%\desktop\fsbl.exe" /expert

Accept the license agreement.
Click > scan, wait for it to finish, then click Close

There will be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.
-----------------------------------------
Firewall Settings
Set your Online Armor to run Outlook in "RunSafer" mode.
Instructions are here:
http://www.tallemu.com/webhelp3/KF-RunSafer.html
If you are using the free version of Online Armor, you should seriously consider getting the Premium/paid version, which gives better e-mail and website coverage.
--------------------------------------------
Download and Run the Microsoft Malicious Software Removal Tool
Download is here:
http://www.microsoft.com/downloads/deta ... laylang=en
If you get a message that it removed anything, please post the information here.

Let me know how it goes.
Please post the log from F-Secure's Blacklight, and the contents of look.txt from your desktop.
Use separate posts if it's more convenient.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware