Hi I am so tired with these beasts. Dont know if this is the write please to post this but simply let me know.
I have been using Avatar, Malwarebyte, Avast and AVG all latest version and updated. They are always coming back after deleting. Here are the two logs for review and comments. Had to log here using another computer as I am always redirected on IE.
Cheers

For some reason the HJT log didn't upload and still cant. I am not permitted for that type.

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Failure to reply within 5 days will result in the topic being closed.
5. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

Please copy/paste the logs rather than attaching them


Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.
  ( They can also be found in the C:\RSIT folder )

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click Yes.
  
• Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
  
• GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

• Click the Scan button and let the program do its work. GMER will produce a log.
• Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

• RSIT Logs
• GMER Log

Well I shoud of followed the directions. Tried to post but was blank. Will post seperatly my logs.
As I originaly posted I appriciate you helping me on this matter.
FYI I only scaned the C drive not all my other ones. Akso no network was connected.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Guylain at 2009-08-29 07:25:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (13%) free of 71 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:31 AM, on 29/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\BITWARE\NT\bwprnmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Guylain\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Guylain.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 70.86.135.18 WWW.FUTURE-FTA.COM
O1 - Hosts: 70.86.135.18 FUTURE-FTA.COM
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [bwprnmon.exe] C:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100826512530
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136250875250
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 13158 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-19 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-14 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-18 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-27 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll [2006-01-17 282624]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-14 259696]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728]
"IntelliType"=C:\Program Files\Microsoft Hardware\Keyboard\type32.exe [2002-03-22 94208]
"bwprnmon.exe"=C:\BITWARE\NT\bwprnmon.exe [2004-11-26 54272]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [2003-06-03 99840]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2005-03-08 176128]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-08 7630848]
"nwiz"=nwiz.exe /install []
"SW20"=C:\WINDOWS\system32\sw20.exe []
"SW24"=C:\WINDOWS\system32\sw24.exe [2006-06-01 69632]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-19 2007832]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-18 67128]
"WeatherEye"=C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe [2009-01-16 4519832]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-30 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
C:\Program Files\MSI\Live Update 3\LMonitor.exe [2007-01-17 496640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe [2004-08-13 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2004-11-30 1945600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2006-08-08 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [1999-09-30 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scanner Detector.lnk]
C:\PROGRA~1\SCANSU~1\SDetect.exe [1998-07-27 29184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Guylain^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
C:\Documents and Settings\Guylain\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Guylain^Start Menu^Programs^Startup^Printkey2000 (2).lnk]
C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [1999-09-30 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Guylain^Start Menu^Programs^Startup^Printkey2000.lnk]
C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [1999-09-30 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Guylain^Start Menu^Programs^Startup^ReadMe.lnk]
C:\PROGRA~1\PRINTK~1\ReadMe.rtf [1999-09-22 10007]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech Harmony Remote.lnk - C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Guylain\Start Menu\Programs\Startup
SmartCapture.lnk - C:\WINDOWS\Seiko\slpcap.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-19 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\KaZaA Lite\Kazaa.exe"="C:\Program Files\KaZaA Lite\Kazaa.exe:*:Enabled:Kazaa Lite"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"G:\Program Files\KaZaA Lite\Kazaa.exe"="G:\Program Files\KaZaA Lite\Kazaa.exe:*:Enabled:Kazaa Lite"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Disabled:WinMX Application"
"C:\My Download\StubInstaller.exe"="C:\My Download\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"D:\Setup.exe"="D:\Setup.exe:*:Enabled:Setup Wizard of WGA54G"
"C:\FTA\N fusion\PVRSERVER_111b\PVRSERVER_111b.exe"="C:\FTA\N fusion\PVRSERVER_111b\PVRSERVER_111b.exe:*:Enabled:PVRSERVER_111b"
"C:\Documents and Settings\Guylain\Local Settings\Temp\Temporary Directory 2 for ipvr.zip\ipvr\IPPVR.exe"="C:\Documents and Settings\Guylain\Local Settings\Temp\Temporary Directory 2 for ipvr.zip\ipvr\IPPVR.exe:*:Enabled:IPPVR"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\nFusion IPPVR\IPPVR.exe"="C:\Program Files\nFusion IPPVR\IPPVR.exe:*:Enabled:IPPVR"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-08-29 07:22:39 ----D---- C:\rsit
2009-08-26 18:40:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-26 18:40:10 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-26 17:20:32 ----D---- C:\Program Files\Trend Micro
2009-08-24 22:18:11 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-24 22:18:07 ----D---- C:\Program Files\MSBuild
2009-08-24 22:18:01 ----D---- C:\Program Files\Reference Assemblies
2009-08-24 22:17:36 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-24 22:17:36 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-24 22:17:36 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-20 17:51:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-20 16:14:53 ----D---- C:\Program Files\Avira
2009-08-20 16:14:53 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-19 18:17:22 ----A---- C:\WINDOWS\is-4412C.exe
2009-08-19 15:57:28 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-08-19 15:56:39 ----D---- C:\Program Files\Common Files\iS3
2009-08-19 15:56:39 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-08-18 21:40:13 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-18 21:40:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 18:56:52 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-08-18 18:56:50 ----D---- C:\Program Files\Alwil Software
2009-08-18 17:02:05 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-18 16:12:10 ----D---- C:\Program Files\Includes
2009-08-17 06:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-17 06:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-17 06:32:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-17 06:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-17 06:32:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-17 06:32:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-17 06:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-17 06:32:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-17 06:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-04 19:14:28 ----D---- C:\Documents and Settings\Guylain\Application Data\Malwarebytes
2009-08-04 19:14:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-04 18:40:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-04 18:39:49 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-08-04 18:39:47 ----D---- C:\Program Files\Registry Mechanic
2009-08-04 17:37:22 ----D---- C:\Documents and Settings\Guylain\Application Data\Logs
2009-08-03 13:21:14 ----D---- C:\Program Files\Common Files\DivX Shared

======List of files/folders modified in the last 1 months======

2009-08-29 07:14:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-29 07:13:55 ----D---- C:\WINDOWS
2009-08-29 07:13:55 ----A---- C:\WINDOWS\ModemLog_Generic 56K HCF Data Fax Modem.txt
2009-08-29 07:13:18 ----D---- C:\WINDOWS\Temp
2009-08-29 07:13:07 ----D---- C:\WINDOWS\system32\drivers
2009-08-29 07:13:07 ----D---- C:\WINDOWS\system32
2009-08-28 06:32:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-26 18:41:02 ----HD---- C:\WINDOWS\inf
2009-08-26 18:41:00 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-26 18:40:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-26 18:40:24 ----A---- C:\WINDOWS\imsins.BAK
2009-08-26 18:13:53 ----D---- C:\WINDOWS\Prefetch
2009-08-26 17:20:32 ----RD---- C:\Program Files
2009-08-25 17:45:18 ----D---- C:\WINDOWS\Minidump
2009-08-25 05:30:57 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-25 05:07:07 ----SHD---- C:\Config.Msi
2009-08-24 22:22:04 ----SHD---- C:\WINDOWS\Installer
2009-08-24 22:21:43 ----RSD---- C:\WINDOWS\assembly
2009-08-24 22:21:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-24 22:21:06 ----D---- C:\WINDOWS\WinSxS
2009-08-24 22:18:05 ----RSD---- C:\WINDOWS\Fonts
2009-08-24 22:16:06 ----D---- C:\Program Files\Internet Explorer
2009-08-24 20:35:05 ----HD---- C:\$AVG8.VAULT$
2009-08-20 16:06:12 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-20 15:39:54 ----D---- C:\Program Files\Common Files
2009-08-20 15:38:01 ----D---- C:\Program Files\Viewpoint
2009-08-19 15:47:49 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-18 21:31:55 ----D---- C:\WINDOWS\system32\config
2009-08-18 19:59:48 ----D---- C:\WINDOWS\system32\$sys$filesystem
2009-08-18 16:33:30 ----D---- C:\My Download
2009-08-18 15:56:34 ----D---- C:\Program Files\Lavasoft
2009-08-18 07:24:26 ----D---- C:\WINDOWS\system32\Restore
2009-08-17 06:32:23 ----D---- C:\Program Files\Outlook Express
2009-08-05 05:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 19:23:33 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-08-04 19:21:13 ----SD---- C:\WINDOWS\Tasks
2009-08-03 13:21:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-03 13:21:22 ----D---- C:\Program Files\DivX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2004-12-30 25244]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-19 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-19 27784]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2004-11-21 3026]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 DLKRTS;D-Link DFE-538TX 10/100 Adapter; C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS [2002-06-23 45568]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-08-08 3958272]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2008-06-10 31048]
R3 smbusp;Intel® SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2006-12-28 45184]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 $sys$crater;$sys$crater; \??\C:\WINDOWS\system32\$sys$filesystem\crater.sys []
S1 ospyfviqqornoeqv;ospyfviqqornoeqv; C:\WINDOWS\system32\drivers\ospyfviqqornoeqv.sys []
S1 xnidutermtpecynt;xnidutermtpecynt; C:\WINDOWS\system32\drivers\xnidutermtpecynt.sys []
S2 hisrmsgm;hisrmsgm; C:\WINDOWS\system32\drivers\bizwrpfd.sys []
S2 jhudeelr;jhudeelr; C:\WINDOWS\system32\drivers\tesouh.sys []
S3 cdrmkaun;cdrmkaun; \??\C:\DOCUME~1\Guylain\LOCALS~1\Temp\cdrmkaun.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-19 235100]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 scsiscan;SCSI Scanner Driver; C:\WINDOWS\System32\DRIVERS\scsiscan.sys [2008-04-13 11520]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WINIO;WINIO; \??\C:\Hobby\Magic2.2.5\Magic2.2.5\Magic2.2.5\winio.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-19 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-08 155715]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 $sys$DRMServer;Plug and Play Device Manager; C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-08-29 07:22:45

======Uninstall list======

-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 3.13-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\7-zip.inf,SevenZip.Uninstall
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe® Photoshop® Album Starter Edition 3.0.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Channel Master-->"C:\Program Files\SharpC\Channel Master\uninstall.exe"
Citrix ICA Client-->C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\Citrix\ICACLI~1\Uninst.isu -cC:\PROGRA~1\Citrix\ICACLI~1\uninstpn.dll
Corel WordPerfect Suite 8-->C:\program files\AppMan\Setup\REMOVELAUNCHER.EXE
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON PhotoCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D21553E9-2EC5-4E8C-AB71-07AC07D50BBC}\setup.exe" -l0x9 anything
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\Setup.exe" -l0x9 uninst
EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\Setup.exe" -l0x9 uninst
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON SPR300 Reference Guide-->C:\Program Files\epson\guide\spr300_e\uninstall.exe
Film Factory-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON Software\Film Factory\Uninst.isu"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
hp deskjet 6122 series-->rundll32 hpzcon06.dll,VendorJettison hp deskjet 6122 series
hp deskjet 6122-->MsiExec.exe /X{E1F4FB82-3EA6-46B6-A18A-9B3A62DA393E}
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
ImpôtRapide 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{484575DD-32E3-458C-B3BF-E36EEF44E276}\isetup.ex_" -l0xc0c -uninst
ImpôtRapide 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{740DC926-B248-41DF-A38A-0675749E4361}\isetup.ex_" -l0xc0c -uninst
ImpôtRapide 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{287E1968-462A-40EB-BA11-A557C5D64F12}\isetup.ex_" -l0xc0c -uninst
ImpôtRapide 2007-->MsiExec.exe /X{3156B2FD-5C1D-4649-9FE3-EB6E77320266}
Ipswitch WS_FTP Pro-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\WS_FTP Pro\uninst.isu" -c"C:\Program Files\WS_FTP Pro\FTPInstUtils.dll"
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
KaZaA Lite 2.0.0-->"C:\Program Files\KaZaA Lite\unins000.exe"
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech Harmony Remote Client-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9233F6E2-952D-48C5-A0A2-FA6AEEFA8194} /l1033
MailWasher-->"C:\Program Files\MailWasher\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MaxBlast 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\Setup.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft FrontPage 2002-->MsiExec.exe /I{92170409-6000-11D3-8CFE-0050048383C9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Standard-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microtek ScanSuite 1.11-->C:\Program Files\ScanSuite\UnInstSS.exe" -f"C:\Program Files\ScanSuite\Uninst.isu"
Microtek ScanWizard for Windows NT V2.53-->C:\WINDOWS\UNINST.EXE -fC:\WINDOWS\Twain_32\Scanwiz\DeIsL1.isu
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
MSI Live Update 3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
MSN Toolbar-->C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\mtbs.exe c
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
nFusion IPPVR Beta 12-->C:\WINDOWS\iun6002.exe "C:\Program Files\nFusion IPPVR\irunin.ini"
NTFS4DOS-->C:\Program Files\Datapol\NTFS4DOS\uninst.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PrintKey2000-->C:\PROGRA~1\PRINTK~1\UNWISE.EXE C:\PROGRA~1\PRINTK~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Smart Label Printer 6.0.7-->MsiExec.exe /I{94DB6B27-D013-45C2-82B0-238B261347B9}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
SureThing CD Labeler - Stomper Edition 32 bit-->C:\WINDOWS\MVUNINST\App1\unwise.exe C:\WINDOWS\MVUNINST\App1\INSTALL.LOG "SureThing CD Labeler - Stomper Edition Uninstall"
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Velocity Devices Copperhead Application-->C:\PROGRA~1\COPPER~1\UNWISE.EXE C:\PROGRA~1\COPPER~1\INSTALL.LOG
Velocity Devices Copperhead-->C:\PROGRA~1\COPPER~1\UNWISE.EXE C:\PROGRA~1\COPPER~1\INSTALL.LOG
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinImage-->"C:\Program Files\WinImage\winimage.exe" /uninstall
WinMX-->C:\Program Files\WinMX\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

70.86.135.18 WWW.FUTURE-FTA.COM
70.86.135.18 FUTURE-FTA.COM

======Security center information======

AV: AVG Anti-Virus Free
AV: AntiVir Desktop (disabled) (outdated)
AV: avast! antivirus 4.8.1351 [VPS 090826-0]

======System event log======

Computer Name: FAMILY
Event Code: 7000
Message: The Plug and Play Device Manager service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 1758
Source Name: Service Control Manager
Time Written: 20090621150038.000000-240
Event Type: error
User:

Computer Name: FAMILY
Event Code: 1002
Message: The IP address lease 192.168.1.100 for the Network Card with network address 0040058A192C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 1756
Source Name: Dhcp
Time Written: 20090621145926.000000-240
Event Type: error
User:

Computer Name: FAMILY
Event Code: 1002
Message: The IP address lease 192.168.1.100 for the Network Card with network address 0040058A192C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 1753
Source Name: Dhcp
Time Written: 20090621145812.000000-240
Event Type: error
User:

Computer Name: FAMILY
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 1741
Source Name: W32Time
Time Written: 20090620072514.000000-240
Event Type: warning
User:

Computer Name: FAMILY
Event Code: 263
Message: The service "Apple Mobile Device" may not have unregistered for device event notifications before it was stopped.

Record Number: 1690
Source Name: PlugPlayManager
Time Written: 20090614093044.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: FAMILY
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 89
Source Name: Adobe Active File Monitor 4.0
Time Written: 20090621150001.000000-240
Event Type:
User:

Computer Name: FAMILY
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 29
Source Name: usnjsvc
Time Written: 20090614034957.000000-240
Event Type:
User:

Computer Name: FAMILY
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 19
Source Name: Adobe Active File Monitor 4.0
Time Written: 20090612173020.000000-240
Event Type:
User:

Computer Name: FAMILY
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 8
Source Name: Adobe Active File Monitor 4.0
Time Written: 20090612113939.000000-240
Event Type:
User:

Computer Name: FAMILY
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 1
Source Name: Adobe Active File Monitor 4.0
Time Written: 20090612100215.000000-240
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-29 09:05:43
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 86C9B8A0 ZwEnumerateKey
Code 86C99AF8 ZwFlushInstructionCache
Code 86C9EBA6 IofCallDriver
Code 86C9FE0E IofCompleteRequest
Code 86C98A4D ZwSaveKey
Code 86C986BD ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 86C9EBAB
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 86C9FE13
.text ntoskrnl.exe!ZwSaveKey 804E42AE 5 Bytes JMP 86C98A52
.text ntoskrnl.exe!ZwSaveKeyEx 804E42C2 5 Bytes JMP 86C986C2
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP 86C9B8A4
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 86C99AFC
? system32\drivers\wkae.sys The system cannot find the path specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACwevsiemntr.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACwevsiemntr.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACwevsiemntr.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACdsiwqwbvfu.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACirwkwblhta.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqpqmofjwfo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACleusvxtgwb.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACwweyqbnrem.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACpbaypruuvf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACfkoexyyrjc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACwevsiemntr.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACwevsiemntr.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACdsiwqwbvfu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACirwkwblhta.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqpqmofjwfo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACleusvxtgwb.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACwweyqbnrem.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACpbaypruuvf.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACfkoexyyrjc.dll
Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.1
Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.1@ UAAddressBookBttn Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.1\CLSID@ {C0E10003-001C-0001-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.1
Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.1@ UAButton Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.1\CLSID@ {C0E10003-0007-0001-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.1
Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.1@ UACheckBox Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.1\CLSID@ {C0E10003-0013-0001-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.1
Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.1@ UADropDown Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.1\CLSID@ {C0E10003-000A-0001-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.1
Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.1@ UAEdit Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.1\CLSID@ {C0E10003-0023-0001-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.1
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.1@ UAGalleryBttn Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.1\CLSID@ {C0E10003-0010-0001-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.1
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.1@ UAGallery Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.1\CLSID@ {C0E10003-0019-0001-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.1
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.1@ UAGraphicDropDown Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.1\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.1\CLSID@ {C0E10003-0026-0001-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.1
Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.1@ UAHelp Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.1\CLSID@ {C0E10003-002F-0001-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.1
Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.1@ UAPartsList Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.1\CLSID@ {C0E10003-000D-0001-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.1
Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.1@ UARadioButton Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.1\CLSID@ {C0E10003-0016-0001-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.1
Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.1@ UAScrapBookBttn Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.1\CLSID@ {C0E10003-001F-0001-C0E1-C0E1C0E1C0E1}
Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.1
Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.1@ UAText Control
Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.1\CLSID@ {C0E10003-002C-0001-C0E1-C0E1C0E1C0E1}

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Guylain\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-05-07-1147-08\D'eux 0 bytes
File C:\Documents and Settings\Guylain\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-05-07-1147-08\desktop.ini 364 bytes
File C:\Documents and Settings\Guylain\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-05-07-1147-08\The Colour Of My Love 0 bytes
File C:\Documents and Settings\Guylain\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-05-07-1147-08\Unison 0 bytes
File C:\Documents and Settings\Guylain\Application Data\Adobe\Updater\Data\Come On Over 0 bytes
File C:\Documents and Settings\Guylain\Application Data\Adobe\Updater\Data\desktop.ini 359 bytes
File C:\Documents and Settings\Guylain\Application Data\Adobe\Updater\Data\VH1 Divas Live 0 bytes
File C:\Documents and Settings\Guylain\Application Data\Macromedia\Flash Player\#SharedObjects\X4B4MPKM\media.tattomedia.com\Love is all 0 bytes
File C:\Documents and Settings\Guylain\Application Data\Macromedia\Flash Player\#SharedObjects\X4B4MPKM\media.tattomedia.com\Un peu plus haut - Le Nouveau 0 bytes
File C:\Documents and Settings\Guylain\Application Data\Macromedia\Flash Player\#SharedObjects\X4B4MPKM\media.tattomedia.com\Un peu plus haut- Le nouveau 0 bytes
File C:\Documents and Settings\Guylain\Application Data\Macromedia\Flash Player\#SharedObjects\X4B4MPKM\media.tattomedia.com\Unknown Album 0 bytes
File C:\Documents and Settings\Guylain\Local Settings\Temp\UAC4375.tmp 343040 bytes executable
File C:\Documents and Settings\Guylain\Local Settings\Temp\UACa19d.tmp 343040 bytes executable
File C:\WINDOWS\system32\drivers\UACwevsiemntr.sys 54784 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACdsiwqwbvfu.dll 26624 bytes executable
File C:\WINDOWS\system32\UACfkoexyyrjc.dll 19968 bytes executable
File C:\WINDOWS\system32\uacinit.dll 6145 bytes
File C:\WINDOWS\system32\UACirwkwblhta.dat 174 bytes
File C:\WINDOWS\system32\UACleusvxtgwb.db 1110399 bytes
File C:\WINDOWS\system32\UACpbaypruuvf.dll 18432 bytes executable
File C:\WINDOWS\system32\UACqpqmofjwfo.dll 74240 bytes executable
File C:\WINDOWS\system32\UACwweyqbnrem.dll 30208 bytes executable
File C:\WINDOWS\Temp\UAC4dfc.tmp 74240 bytes executable
File C:\WINDOWS\Temp\UAC5ffd.tmp 74240 bytes executable
File C:\WINDOWS\Temp\UAC68c7.tmp 74240 bytes executable
File C:\WINDOWS\Temp\UAC7ab9.tmp 74240 bytes executable

---- EOF - GMER 1.0.15 ----

Information

IMPORTANT
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

KaZaA Lite 2.0.0
LimeWire 4.18.3
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
Please note: you must NOT use any P2P whilst we are cleaning your machine.


AntiVirus
You appear to have

avast! Antivirus
AVG Free 8.5
Avira AntiVir Personal - Free Antivirus

First you should know that you're actually doing more harm than good by running more than one Anti Virus program.
When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.
I recommend that you choose one that you want to keep.
The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.

----------------------------------------------------------------------------------------

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• You must download it to and run it from your Desktop
  
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  
• Double click combofix.exe & follow the prompts.
  
• When finished, it will produce a log. Please save that log to post in your next reply
  
• Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

• Combofix Log
• Kaspersky Log
• How are things running now ?

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) . ( don't install it yet )

• Scroll down to where it says "Java SE Runtime Environment (JRE)".
• Click the "Download" button to the right.
• • Platform = Windows
  • Language = Multi Language
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

Sorry to interfere with this process but must say before I proceed that I will not be able to acces a derect link to combofix on IE as I am always rederected by the Windowclick. So I will not be able to download directly to my infected desktop computer. I have and must dowload from an another computer "laptop" onto a stick. Please correct me if I am wrong.
As for Antivirus I would like you to express your preference on witch one is best to use as at this point I have no comfidence in any. I thought Malwarebyte was one and active on my computer or is it a scan only. Sory for my ingnorance but this has been a nightmare.
Regards,
Guy

1) That's fine
2) I use Avast on my machines
3) MalwareBytes isn't an antivirus, it is an AntiSpyware

Man that is what confuses me. All those different things, Antypsywares, antyvirus , and ever thing else. Witch sofwares is one have to use to be protected?
Off topic: what the heck is one expected to have to protect against every potential actacts?
In the mean while I will countinue to proceed as you have instructed me to do and will forward my logs.
Again thank you for guiding me through this, hope to restores back to where I am safe to operate.
Guy

1) You really need AntiVirus and AntiSpyware to be protected
2) I will give you a full list of how to stay safe before we are finished

Cheers to you!
Write now I have done as much as I can within my faculties on this saturday. Will come back tomorrow morning with my logs. Again many thanks Kanata for your help.
Guy

Ok,, I have followed all of your instructions to the teeth. had to rename Combo fix to work as I did for verious exe.

Here are my logs, and my operating system seems to be working fine. Thank you Katana.

ComboFix 09-08-29.01 - Guylain 30/08/2009 8:04.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.653 [GMT -4:00]
Running from: c:\documents and settings\Guylain\Desktop\Combonono.com.exe
AV: avast! antivirus 4.8.1351 [VPS 090829-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT
c:\recycler\NPROTECT\00064606.
c:\recycler\NPROTECT\00125506.
c:\recycler\NPROTECT\00125507.
c:\recycler\NPROTECT\00125508.
c:\recycler\NPROTECT\00125509.
c:\recycler\NPROTECT\00125540.
c:\windows\Fonts\WPHV07NB.TTF
c:\windows\Install.txt
c:\windows\Installer\170f97e7.msi
c:\windows\Installer\1d707.msi
c:\windows\Installer\33ad7a3b.msi
c:\windows\Installer\b8482a.msi
c:\windows\Installer\eaa7aa0.msi
c:\windows\run.log
c:\windows\system32\42KJE738.ocx
c:\windows\system32\drivers\UACwevsiemntr.sys
c:\windows\system32\UACdsiwqwbvfu.dll
c:\windows\system32\UACfkoexyyrjc.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACirwkwblhta.dat
c:\windows\system32\UACleusvxtgwb.db
c:\windows\system32\UACpbaypruuvf.dll
c:\windows\system32\UACqpqmofjwfo.dll
c:\windows\system32\UACwweyqbnrem.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_$SYS$ARIES
-------\Legacy_$SYS$DRMSERVER
-------\Legacy_CD_PROXY
-------\Service_$sys$DRMServer


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-30 11:07 . 2009-08-30 11:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-30 10:56 . 2009-08-30 10:58 -------- d-----w- c:\documents and settings\Guylain\.SunDownloadManager
2009-08-29 11:22 . 2009-08-29 11:22 -------- d-----w- C:\rsit
2009-08-26 21:20 . 2009-08-26 21:20 -------- d-----w- c:\program files\Trend Micro
2009-08-25 02:18 . 2009-08-25 02:18 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-25 02:18 . 2009-08-25 02:18 -------- d-----w- c:\program files\MSBuild
2009-08-25 02:18 . 2009-08-25 02:18 -------- d-----w- c:\program files\Reference Assemblies
2009-08-25 02:17 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-25 02:17 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-25 02:17 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-25 02:17 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-25 02:17 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-25 02:17 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-25 02:17 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-20 21:51 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 21:51 . 2009-08-20 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 21:51 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 20:14 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-19 22:17 . 2009-08-19 22:17 687104 ----a-w- c:\windows\is-4412C.exe
2009-08-19 19:57 . 2009-08-19 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-08-19 19:56 . 2009-08-19 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-08-19 19:56 . 2009-08-19 19:56 -------- d-----w- c:\program files\Common Files\iS3
2009-08-19 01:40 . 2009-08-25 20:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-19 01:40 . 2009-08-25 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 22:57 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-18 22:57 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-18 22:57 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-18 22:57 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-18 22:57 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-18 22:57 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-18 22:57 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-18 22:57 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-18 22:56 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-18 22:56 . 2009-08-18 22:56 -------- d-----w- c:\program files\Alwil Software
2009-08-18 20:57 . 2009-08-18 20:57 72122 ----a-w- c:\documents and settings\Guylain\avg removal.reg
2009-08-18 20:12 . 2009-08-18 20:12 -------- d-----w- c:\program files\Includes
2009-08-17 23:32 . 2009-08-17 23:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-17 09:28 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 23:14 . 2009-08-04 23:14 -------- d-----w- c:\documents and settings\Guylain\Application Data\Malwarebytes
2009-08-04 23:14 . 2009-08-04 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-04 22:40 . 2009-08-25 09:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-04 21:37 . 2009-08-04 21:37 -------- d-----w- c:\documents and settings\Guylain\Application Data\Logs
2009-08-03 17:21 . 2009-08-03 17:21 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 11:07 . 2006-02-07 11:28 -------- d-----w- c:\program files\Java
2009-08-20 19:38 . 2005-03-19 15:10 -------- d-----w- c:\program files\Viewpoint
2009-08-19 20:03 . 2009-08-19 19:58 2648 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-08-18 19:56 . 2005-10-16 11:43 -------- d-----w- c:\program files\Lavasoft
2009-08-05 09:01 . 2001-08-23 15:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 17:21 . 2007-04-15 23:01 -------- d-----w- c:\program files\DivX
2009-07-26 02:11 . 2009-07-26 02:11 -------- d-----w- c:\program files\iTunes
2009-07-26 02:11 . 2009-07-26 02:11 -------- d-----w- c:\program files\iPod
2009-07-26 02:11 . 2007-08-19 18:01 -------- d-----w- c:\program files\Common Files\Apple
2009-07-26 02:06 . 2009-07-26 02:06 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2001-08-23 15:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-01-08 23:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2001-08-23 15:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 15:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2001-08-23 15:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2001-08-23 15:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2001-08-23 15:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-11-19 03:45 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2001-08-23 15:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 15:42 . 2009-06-14 13:31 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 15:42 . 2009-06-14 13:31 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 19:09 . 2001-08-23 15:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2007-02-25 11:46 . 2007-02-25 11:46 1488 ----a-w- c:\program files\ImpôtRapide 2006.lnk
2007-02-25 11:46 . 2007-02-25 11:46 1470 ----a-w- c:\program files\Aide d'ImpôtRapide 2006.lnk
2007-02-25 11:46 . 2007-02-25 11:46 1289 ----a-w- c:\program files\Aide de TaxLink 2006.lnk
2006-05-19 13:41 . 2007-01-19 22:24 1835008 ----a-w- c:\program files\A0812001.123
2006-05-19 01:58 . 2007-01-19 22:24 276016 ----a-w- c:\program files\UPR111D.exe
2006-03-13 22:16 . 2006-03-13 22:16 1488 ----a-w- c:\program files\ImpôtRapide 2005.lnk
2006-03-13 22:16 . 2006-03-13 22:16 1470 ----a-w- c:\program files\Aide d'ImpôtRapide 2005.lnk
2006-03-13 22:16 . 2006-03-13 22:16 1461 ----a-w- c:\program files\Aide de TaxLink 2005.lnk
2004-11-20 10:18 . 2004-11-20 10:18 616 ----a-w- c:\program files\Corel WordPerfect 8.LNK
2004-11-20 10:17 . 2004-11-20 10:17 656 ----a-w- c:\program files\Corel PerfectExpert.LNK
2003-12-23 07:20 . 2004-12-05 16:40 777 ----a-w- c:\program files\trial_setup.ini
2003-12-23 07:20 . 2004-12-05 16:40 4297728 ----a-w- c:\program files\trial_setup.msi
2003-12-23 07:20 . 2004-12-05 16:40 40448 ----a-w- c:\program files\trial_setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-18 67128]
"WeatherEye"="c:\program files\MétéoMédia\MétéoIMédia\WeatherEye.exe" [2009-01-16 4519832]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"bwprnmon.exe"="c:\bitware\NT\bwprnmon.exe" [2004-11-26 54272]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-03 99840]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-08 7630848]
"SW24"="c:\windows\system32\sw24.exe" [2006-06-01 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-30 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-08 1519616]

c:\documents and settings\Guylain\Start Menu\Programs\Startup\
SmartCapture.lnk - c:\windows\Seiko\slpcap.exe [2006-4-11 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-18 67128]
Logitech Harmony Remote.lnk - c:\program files\Logitech\Harmony Remote\harmonyClient.exe [2005-4-18 1478144]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
backup=c:\windows\pss\Printkey2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scanner Detector.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Scanner Detector.lnk
backup=c:\windows\pss\Scanner Detector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Guylain^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe]
path=c:\documents and settings\Guylain\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe
backup=c:\windows\pss\PowerReg SchedulerV2.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Guylain^Start Menu^Programs^Startup^Printkey2000 (2).lnk]
path=c:\documents and settings\Guylain\Start Menu\Programs\Startup\Printkey2000 (2).lnk
backup=c:\windows\pss\Printkey2000 (2).lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Guylain^Start Menu^Programs^Startup^Printkey2000.lnk]
path=c:\documents and settings\Guylain\Start Menu\Programs\Startup\Printkey2000.lnk
backup=c:\windows\pss\Printkey2000.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Guylain^Start Menu^Programs^Startup^ReadMe.lnk]
path=c:\documents and settings\Guylain\Start Menu\Programs\Startup\ReadMe.lnk
backup=c:\windows\pss\ReadMe.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"g:\\Program Files\\KaZaA Lite\\Kazaa.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\My Download\\StubInstaller.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\FTA\\N fusion\\PVRSERVER_111b\\PVRSERVER_111b.exe"=
"c:\\Program Files\\nFusion IPPVR\\IPPVR.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18/08/2009 6:57 PM 114768]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [21/11/2004 10:24 AM 3026]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18/08/2009 6:57 PM 20560]
R3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;c:\windows\system32\drivers\DLKRTS.SYS [08/03/2009 9:34 AM 45568]
S1 $sys$crater;$sys$crater;\??\c:\windows\system32\$sys$filesystem\crater.sys --> c:\windows\system32\$sys$filesystem\crater.sys [?]
S2 hisrmsgm;hisrmsgm;c:\windows\system32\drivers\bizwrpfd.sys --> c:\windows\system32\drivers\bizwrpfd.sys [?]
S2 jhudeelr;jhudeelr;c:\windows\system32\drivers\tesouh.sys --> c:\windows\system32\drivers\tesouh.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 cdrmkaun;cdrmkaun;\??\c:\docume~1\Guylain\LOCALS~1\Temp\cdrmkaun.sys --> c:\docume~1\Guylain\LOCALS~1\Temp\cdrmkaun.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [20/08/2009 5:51 PM 38160]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [18/11/2004 3:37 PM 11520]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKLM-Run-SW20 - c:\windows\system32\sw20.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 08:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
bwprnmon.exe = c:\bitware\NT\bwprnmon.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1868)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WS_FTP Pro\nsftpch.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-30 8:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-30 12:14

Pre-Run: 10,195,791,872 bytes free
Post-Run: 10,879,586,304 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

308 --- E O F --- 2009-08-26 22:41


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, August 30, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, August 30, 2009 16:12:46
Records in database: 2729400
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
F:\
G:\
H:\
K:\

Scan statistics:
Objects scanned: 116672
Threats found: 29
Infected objects found: 56
Suspicious objects found: 0
Scan duration: 02:58:29


File name / Threat / Threats count
C:\Documents and Settings\Guylain\Local Settings\Application Data\Identities\{3A15AE7F-ED70-4A23-9942-6B30B6857BAC}\Microsoft\Outlook Express\Jokes.dbx Infected: Virus.JS.Fortnight.b 1
C:\Documents and Settings\Guylain\My Documents\Downloads\ZIP\S XP PRO OR HOME KEY GEN KEYGEN, NO ACTIVATION HACK. REALLY WORKS!!!!!! TESTED ON JULY-12-03, YOU DON'T NEED TO ACTIVATE(1).zip Infected: not-a-virus:NetTool.Win32.Calc-FoldingAtHome 1
C:\My Download\angelflower.exe Infected: not-a-virus:AdWare.Win32.Quick.a 1
C:\My Download\angelflower.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\My Download\angelflower.exe Infected: Trojan-Dropper.Win32.Small.jh 1
C:\My Download\angelflower.exe Infected: not-a-virus:AdWare.Win32.MDH.h 1
C:\My Download\DASnormalv1.2.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 1
C:\My Download\DASnormalv1.2.exe Infected: not-a-virus:NetTool.Win32.NukeNabber.21 3
C:\My Download\DASnormalv1.2.exe Infected: not-a-virus:Monitor.Win32.ICMP_Watch 1
C:\My Download\My Download Files\Password\ophcrack-win32-installer-2.2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 2
C:\My Download\My Download Files\Password\ophcrack-win32-installer-2.2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.4 2
C:\My Download\New Folder\saminside.zip Infected: not-a-virus:PSWTool.Win32.SAMInside.p 1
C:\My Download\New Folder\saminside.zip Infected: not-a-virus:PSWTool.Win32.SAMInside.j 1
C:\My Download\ophcrack-livecd-1.0.iso Infected: not-a-virus:PSWTool.Win32.PWDump.2 2
C:\My Download\ophcrack-livecd-1.0.iso Infected: not-a-virus:PSWTool.Win32.PWDump.4 2
C:\My Download\sattech.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACwevsiemntr.sys.vir Infected: Rootkit.Win32.Agent.moy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACdsiwqwbvfu.dll.vir Infected: Trojan.Win32.Tdss.ajkj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACfkoexyyrjc.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpbaypruuvf.dll.vir Infected: Packed.Win32.Tdss.m 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqpqmofjwfo.dll.vir Infected: Trojan.Win32.Tdss.anrc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwweyqbnrem.dll.vir Infected: Trojan.Win32.Tdss.anrd 1
C:\transfered win98\WINDOWS\Application Data\Identities\{33F40A60-CE08-11D6-A4DF-DF6958D05B6A}\Microsoft\Outlook Express\Jokes.dbx Infected: Virus.JS.Fortnight.b 1
G:\Program Files\Mirc for sattech\Sattech.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 1
G:\Program Files\Norton AntiVirus\Quarantine\79684705.TMP Infected: Trojan-Dropper.Java.Beyond.c 1
G:\Program Files\Norton AntiVirus\Quarantine\796B7102.TMP Infected: Trojan.Java.ClassLoader.j 1
G:\Program Files\Norton AntiVirus\Quarantine\796F1AFE.TMP Infected: Trojan.Java.ClassLoader.h 1
G:\Program Files\Norton AntiVirus\Quarantine\797244FA.TMP Infected: Trojan.Java.ClassLoader.h 1
G:\Program Files\Norton AntiVirus\Quarantine\3FB7536E.TMP Infected: Trojan.Java.ClassLoader.Dummy.a 1
G:\Program Files\Norton AntiVirus\Quarantine\79756EF7.TMP Infected: Trojan.Java.ClassLoader.Dummy.a 1
G:\Program Files\Norton AntiVirus\Quarantine\057F316E.TMP Infected: Trojan.Java.ClassLoader.Dummy.a 1
G:\Program Files\Norton AntiVirus\Quarantine\797818F3.TMP Infected: Trojan.Java.ClassLoader.c 1
G:\Program Files\Norton AntiVirus\Quarantine\4B470F6D.TMP Infected: Trojan.Java.ClassLoader.c 1
G:\Program Files\Norton AntiVirus\Quarantine\797C42F0.TMP Infected: Trojan.Java.ClassLoader.c 1
G:\Program Files\Norton AntiVirus\Quarantine\11106D6C.TMP Infected: Exploit.Java.ByteVerify 1
G:\Program Files\Norton AntiVirus\Quarantine\797F6CEC.TMP Infected: Exploit.Java.ByteVerify 1
G:\Program Files\Norton AntiVirus\Quarantine\798216E8.TMP Infected: Exploit.Java.ByteVerify 1
G:\Program Files\Norton AntiVirus\Quarantine\1CA0296B.TMP Infected: Trojan-Downloader.Java.OpenConnection.v 1
G:\Program Files\Norton AntiVirus\Quarantine\798640E5.TMP Infected: Trojan-Downloader.Java.OpenConnection.v 1
G:\Program Files\Norton AntiVirus\Quarantine\6268076A.TMP Infected: Trojan-Downloader.Java.OpenConnection.v 1
G:\Program Files\Norton AntiVirus\Quarantine\79896AE1.TMP Infected: Trojan.Java.ClassLoader.d 1
G:\Program Files\Norton AntiVirus\Quarantine\2830656A.TMP Infected: Trojan.Java.ClassLoader.d 1
G:\Program Files\Norton AntiVirus\Quarantine\798C14DE.TMP Infected: Exploit.Java.ByteVerify 1
G:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.y 1
G:\Scoop2002\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 1
G:\DASnormal\Tools\Protection - NukeNabber.EXE Infected: not-a-virus:NetTool.Win32.NukeNabber.21 1
G:\DASnormal\Tools\protec.exe Infected: not-a-virus:NetTool.Win32.NukeNabber.21 1
G:\OLD D DRIVE\mirc\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 1
G:\OLD D DRIVE\mirc\backup\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 1
G:\OLD D DRIVE\Scoop2002\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 1

Selected area has been scanned.

What is this ?


Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Kanata I dont know! I have unsinstall all antivirus except the Avast and have disable it while scanining. Maybe f*** up but not intentianal.
Will folllow your next instructions. Thanks

That file was downloaded via P2P.

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 2.60GHz )
BIOS : BIOS Date: 11/21/03 12:14:47 Ver: 08.00.09
USER : Guylain ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1351 [VPS 090830-0] 4.8.1351 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:68 Go (Free:10 Go)
F:\ (Local Disk) - NTFS - Total:233 Go (Free:141 Go)
G:\ (Local Disk) - FAT32 - Total:37 Go (Free:4 Go)
H:\ (Local Disk) - NTFS - Total:46 Go (Free:46 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 31/08/2009| 5:33 )

--------------------\\ Listing folders in APPLIC~1

[26/03/2009|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[08/03/2009|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {66E2F539-12B6-4870-A500-7689CDE75C5E}
[13/04/2009|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[13/03/2009|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[31/12/2004|10:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[19/08/2007|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[26/11/2006|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[08/03/2009|09:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DriverScanner
[30/08/2008|07:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[25/09/2006|06:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> espionServerData
[23/12/2008|08:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[28/01/2006|08:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[13/11/2006|08:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[30/04/2009|05:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP Product Assistant
[29/02/2008|03:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit Canada
[04/02/2008|08:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[04/08/2009|07:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[04/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[16/11/2007|08:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6
[02/11/2008|08:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[03/04/2007|06:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NVIDIA
[26/02/2009|06:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Drivers HeadQuarters
[30/12/2004|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[19/08/2009|04:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SITEguard
[25/08/2009|04:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[19/08/2009|04:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> STOPzilla!
[25/08/2009|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[09/08/2008|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[12/09/2006|08:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[18/11/2004|11:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[05/10/2008|07:29] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Adobe
[06/08/2006|08:48] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> AdobeAUM
[11/07/2008|03:04] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> AdobeUM
[07/12/2004|06:56] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Ahead
[29/04/2008|11:41] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Apple Computer
[14/08/2005|09:40] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> avenir
[24/12/2006|02:14] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> dvdcss
[15/04/2007|07:23] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Google
[28/01/2006|08:07] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> GTek
[11/07/2005|09:21] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Help
[13/11/2006|09:27] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> HP
[16/04/2005|09:09] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> ICAClient
[21/11/2004|01:59] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Identities
[06/01/2007|09:31] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> ieSpell
[23/01/2007|07:07] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Image Zone Express
[29/02/2008|03:30] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Intuit Canada
[20/11/2004|07:16] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Ipswitch
[04/02/2008|08:11] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Lavasoft
[30/12/2004|01:12] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Leadertech
[04/08/2009|05:37] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Logs
[21/11/2004|08:23] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Macromedia
[02/11/2008|01:40] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> MailWasher
[04/08/2009|07:14] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Malwarebytes
[09/11/2008|11:30] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Microsoft
[16/11/2007|08:28] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> MSN6
[23/09/2007|04:50] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> RipIt4Me
[04/11/2006|07:39] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Seiko Instruments
[19/02/2006|09:32] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Sun
[08/03/2009|09:03] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Uniblue
[09/08/2008|07:58] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Viewpoint
[24/12/2006|09:02] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> vlc

[30/08/2009|06:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[30/08/2009|06:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[21/10/2005|11:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Symantec

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[29/08/2009 06:05 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[30/08/2009 08:10 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[23/08/2001 11:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[09/07/2005|07:29] C:\Program Files\<DIR> 321Studios
[25/01/2005|07:43] C:\Program Files\<DIR> 7-Zip
[02/11/2008|11:21] C:\Program Files\<DIR> ACW
[13/03/2009|07:01] C:\Program Files\<DIR> Adobe
[21/06/2009|06:16] C:\Program Files\<DIR> Ahead
[05/12/2004|12:40] C:\Program Files\<DIR> Alcohol Soft
[18/08/2009|06:56] C:\Program Files\<DIR> Alwil Software
[20/11/2004|09:35] C:\Program Files\<DIR> Analog Devices
[27/08/2008|06:17] C:\Program Files\<DIR> Apple Software Update
[20/11/2004|06:17] C:\Program Files\<DIR> AppMan
[14/08/2005|09:40] C:\Program Files\<DIR> Avenir
[14/06/2008|09:49] C:\Program Files\<DIR> AVG
[20/11/2004|01:51] C:\Program Files\<DIR> BITWARE
[21/12/2008|06:07] C:\Program Files\<DIR> Bonjour
[24/08/2008|11:43] C:\Program Files\<DIR> CCleaner
[16/04/2005|08:59] C:\Program Files\<DIR> Citrix
[30/08/2009|08:07] C:\Program Files\<DIR> Common Files
[18/11/2004|11:46] C:\Program Files\<DIR> ComPlus Applications
[11/01/2006|08:30] C:\Program Files\<DIR> Copperhead
[20/11/2004|06:18] C:\Program Files\<DIR> Dad
[22/04/2006|02:58] C:\Program Files\<DIR> Datapol
[03/08/2009|01:21] C:\Program Files\<DIR> DivX
[04/02/2006|01:19] C:\Program Files\<DIR> DssEvolution.com
[10/07/2005|05:23] C:\Program Files\<DIR> DVD Shrink
[23/09/2006|12:32] C:\Program Files\<DIR> ElcomSoft
[30/12/2004|01:12] C:\Program Files\<DIR> EPSON
[30/12/2004|04:53] C:\Program Files\<DIR> EPSON Print CD
[30/12/2004|01:07] C:\Program Files\<DIR> EPSON Software
[23/12/2008|08:13] C:\Program Files\<DIR> Google
[20/11/2004|06:16] C:\Program Files\<DIR> Graphics
[31/12/2007|12:34] C:\Program Files\<DIR> Grisoft
[14/03/2007|08:44] C:\Program Files\<DIR> Hewlett-Packard
[20/11/2004|05:49] C:\Program Files\<DIR> HighMAT CD Writing Wizard
[30/04/2009|05:42] C:\Program Files\<DIR> HP
[06/01/2007|09:30] C:\Program Files\<DIR> ieSpell
[23/04/2006|02:34] C:\Program Files\<DIR> IMPOTNET ARC
[19/04/2008|07:13] C:\Program Files\<DIR> ImpotRapide 2007
[18/08/2009|04:12] C:\Program Files\<DIR> Includes
[26/02/2009|06:13] C:\Program Files\<DIR> InstallShield Installation Information
[20/11/2004|09:42] C:\Program Files\<DIR> Intel
[24/08/2009|10:16] C:\Program Files\<DIR> Internet Explorer
[25/07/2009|10:11] C:\Program Files\<DIR> iPod
[28/04/2008|07:53] C:\Program Files\<DIR> IR2005
[10/09/2007|06:15] C:\Program Files\<DIR> IR2006
[25/07/2009|10:11] C:\Program Files\<DIR> iTunes
[30/08/2009|07:07] C:\Program Files\<DIR> Java
[18/08/2009|03:56] C:\Program Files\<DIR> Lavasoft
[26/12/2006|05:19] C:\Program Files\<DIR> Logitech
[20/11/2004|06:15] C:\Program Files\<DIR> Macros
[19/11/2006|06:39] C:\Program Files\<DIR> MailWasher
[20/08/2009|06:33] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[31/10/2006|09:50] C:\Program Files\<DIR> Maxtor
[23/08/2008|08:14] C:\Program Files\<DIR> Messenger
[14/03/2007|08:48] C:\Program Files\<DIR> MétéoMédia
[19/11/2004|07:25] C:\Program Files\<DIR> Microsoft ActiveSync
[18/11/2004|11:48] C:\Program Files\<DIR> microsoft frontpage
[20/11/2004|10:09] C:\Program Files\<DIR> Microsoft Hardware
[08/03/2009|09:26] C:\Program Files\<DIR> Microsoft IntelliPoint
[19/11/2004|07:24] C:\Program Files\<DIR> Microsoft Office
[19/11/2004|07:24] C:\Program Files\<DIR> Microsoft Visual Studio
[23/08/2008|08:10] C:\Program Files\<DIR> Movie Maker
[24/08/2009|10:18] C:\Program Files\<DIR> MSBuild
[31/10/2006|07:38] C:\Program Files\<DIR> MSI
[18/11/2004|11:45] C:\Program Files\<DIR> MSN
[20/11/2004|07:41] C:\Program Files\<DIR> MSN Apps
[18/11/2004|11:45] C:\Program Files\<DIR> MSN Gaming Zone
[02/09/2008|07:13] C:\Program Files\<DIR> MSN Messenger
[14/10/2006|06:44] C:\Program Files\<DIR> MSXML 4.0
[29/12/2004|06:35] C:\Program Files\<DIR> MVAPPS
[23/08/2008|08:07] C:\Program Files\<DIR> NetMeeting
[13/01/2008|12:01] C:\Program Files\<DIR> nFusion IPPVR
[02/11/2008|08:44] C:\Program Files\<DIR> NOS
[18/11/2004|11:47] C:\Program Files\<DIR> Online Services
[17/08/2009|06:32] C:\Program Files\<DIR> Outlook Express
[26/02/2009|06:12] C:\Program Files\<DIR> PC Drivers HeadQuarters
[10/07/2005|06:54] C:\Program Files\<DIR> PrintKey2000
[20/11/2004|06:17] C:\Program Files\<DIR> Programs
[14/06/2009|09:33] C:\Program Files\<DIR> QuickTime
[24/08/2009|10:18] C:\Program Files\<DIR> Reference Assemblies
[25/08/2009|04:23] C:\Program Files\<DIR> Registry Mechanic
[19/05/2005|01:24] C:\Program Files\<DIR> ScanSuite
[04/11/2006|07:36] C:\Program Files\<DIR> Seiko Instruments USA Inc
[29/04/2007|07:30] C:\Program Files\<DIR> Setup Files
[20/11/2004|06:16] C:\Program Files\<DIR> Shared
[19/03/2006|10:20] C:\Program Files\<DIR> SharpC
[04/11/2006|07:36] C:\Program Files\<DIR> Smart Label
[25/08/2009|04:25] C:\Program Files\<DIR> Spybot - Search & Destroy
[21/12/2006|07:26] C:\Program Files\<DIR> SymNetDrv
[20/11/2004|06:15] C:\Program Files\<DIR> Template
[03/12/2006|08:40] C:\Program Files\<DIR> TheWeatherNetwork
[26/08/2009|05:20] C:\Program Files\<DIR> Trend Micro
[08/03/2009|09:03] C:\Program Files\<DIR> Uniblue
[18/11/2004|08:53] C:\Program Files\<DIR> Uninstall Information
[24/12/2006|08:58] C:\Program Files\<DIR> VideoLAN
[20/08/2009|03:38] C:\Program Files\<DIR> Viewpoint
[18/05/2007|04:45] C:\Program Files\<DIR> Windows Live Safety Center
[24/12/2006|08:36] C:\Program Files\<DIR> Windows Media Connect 2
[23/08/2008|08:07] C:\Program Files\<DIR> Windows Media Player
[23/08/2008|08:07] C:\Program Files\<DIR> Windows NT
[18/11/2004|09:09] C:\Program Files\<DIR> WindowsUpdate
[23/09/2006|11:05] C:\Program Files\<DIR> WinImage
[04/04/2005|05:32] C:\Program Files\<DIR> WinMX
[04/02/2006|10:28] C:\Program Files\<DIR> WinRAR
[24/09/2005|08:12] C:\Program Files\<DIR> Wrightsoft HVAC
[20/11/2004|07:25] C:\Program Files\<DIR> WS_FTP Pro
[18/11/2004|11:48] C:\Program Files\<DIR> xerox
[14/07/2007|07:13] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[13/03/2009|07:01] C:\Program Files\Common Files\<DIR> Adobe
[02/11/2008|07:19] C:\Program Files\Common Files\<DIR> Adobe AIR
[21/06/2009|06:16] C:\Program Files\Common Files\<DIR> Ahead
[29/02/2008|03:30] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[25/07/2009|10:11] C:\Program Files\Common Files\<DIR> Apple
[13/01/2008|12:01] C:\Program Files\Common Files\<DIR> BitCtrl
[19/11/2004|07:24] C:\Program Files\Common Files\<DIR> Designer
[03/08/2009|01:21] C:\Program Files\Common Files\<DIR> DivX Shared
[13/01/2008|12:01] C:\Program Files\Common Files\<DIR> Elecard
[13/11/2006|08:46] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[28/12/2007|09:05] C:\Program Files\Common Files\<DIR> HP
[26/12/2006|05:19] C:\Program Files\Common Files\<DIR> InstallShield
[06/03/2005|11:10] C:\Program Files\Common Files\<DIR> Intuit
[19/08/2009|03:56] C:\Program Files\Common Files\<DIR> iS3
[07/02/2006|07:28] C:\Program Files\Common Files\<DIR> Java
[19/11/2004|07:24] C:\Program Files\Common Files\<DIR> L&H
[07/05/2007|03:57] C:\Program Files\Common Files\<DIR> Microsoft Shared
[18/11/2004|11:46] C:\Program Files\Common Files\<DIR> MSSoap
[18/11/2004|03:35] C:\Program Files\Common Files\<DIR> ODBC
[18/11/2004|11:46] C:\Program Files\Common Files\<DIR> Services
[18/11/2004|03:35] C:\Program Files\Common Files\<DIR> SpeechEngines
[23/08/2008|08:06] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 48 Processes )

iexplore.exe ~ [PID:2908]
iexplore.exe ~ [PID:1940]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 05:34:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 30

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Guylain\My Documents\Downloads\DVD-Cloner_v2[1].32_Crack_by_SND
C:\DOCUME~1\Guylain\My Documents\Downloads\Nero_Burning_ROM_v6+_Universal_Crack_by_Zpage
C:\DOCUME~1\Guylain\My Documents\Downloads\S XP PRO OR HOME KEY GEN KEYGEN, NO ACTIVATION HACK. REALLY WORKS!!!!!! TESTED ON JULY-12-03, YOU DON'T NEED TO ACTIVATE(1)
C:\DOCUME~1\Guylain\My Documents\Downloads\DVD-Cloner_v2[1].32_Crack_by_SND\Dvd-cloner.exe
C:\DOCUME~1\Guylain\My Documents\Downloads\DVD-Cloner_v2[1].32_Crack_by_SND\file_id.diz
C:\DOCUME~1\Guylain\My Documents\Downloads\DVD-Cloner_v2[1].32_Crack_by_SND\snd.nfo
C:\DOCUME~1\Guylain\My Documents\Downloads\Nero_Burning_ROM_v6+_Universal_Crack_by_Zpage\FILEID.DIZ
C:\DOCUME~1\Guylain\My Documents\Downloads\Nero_Burning_ROM_v6+_Universal_Crack_by_Zpage\NERO.6.0.0.0.UP.VERSIONS.CRACK.EXE
C:\DOCUME~1\Guylain\My Documents\Downloads\S XP PRO OR HOME KEY GEN KEYGEN, NO ACTIVATION HACK. REALLY WORKS!!!!!! TESTED ON JULY-12-03, YOU DON'T NEED TO ACTIVATE(1)\KeyGen
C:\DOCUME~1\Guylain\My Documents\Downloads\S XP PRO OR HOME KEY GEN KEYGEN, NO ACTIVATION HACK. REALLY WORKS!!!!!! TESTED ON JULY-12-03, YOU DON'T NEED TO ACTIVATE(1)\KeyGen\Files
C:\DOCUME~1\Guylain\My Documents\Downloads\S XP PRO OR HOME KEY GEN KEYGEN, NO ACTIVATION HACK. REALLY WORKS!!!!!! TESTED ON JULY-12-03, YOU DON'T NEED TO ACTIVATE(1)\KeyGen\Files\client.cfg
C:\DOCUME~1\Guylain\My Documents\Downloads\S XP PRO OR HOME KEY GEN KEYGEN, NO ACTIVATION HACK. REALLY WORKS!!!!!! TESTED ON JULY-12-03, YOU DON'T NEED TO ACTIVATE(1)\KeyGen\Files\FAHlog.txt
C:\DOCUME~1\Guylain\My Documents\Downloads\S XP PRO OR HOME KEY GEN KEYGEN, NO ACTIVATION HACK. REALLY WORKS!!!!!! TESTED ON JULY-12-03, YOU DON'T NEED TO ACTIVATE(1)\KeyGen\Files\MyFolding.html
C:\DOCUME~1\Guylain\My Documents\Downloads\S XP PRO OR HOME KEY GEN KEYGEN, NO ACTIVATION HACK. REALLY WORKS!!!!!! TESTED ON JULY-12-03, YOU DON'T NEED TO ACTIVATE(1)\KeyGen\Files\queue.dat
C:\DOCUME~1\Guylain\My Documents\Downloads\S XP PRO OR HOME KEY GEN KEYGEN, NO ACTIVATION HACK. REALLY WORKS!!!!!! TESTED ON JULY-12-03, YOU DON'T NEED TO ACTIVATE(1)\KeyGen\Files\unitinfo.txt
C:\DOCUME~1\Guylain\My Documents\Downloads\ZIP\DVD-Cloner_v2[1].32_Crack_by_SND.zip
C:\DOCUME~1\Guylain\My Documents\Downloads\ZIP\Nero_Burning_ROM_v6+_Universal_Crack_by_Zpage.zip
C:\DOCUME~1\Guylain\My Documents\Downloads\ZIP\S XP PRO OR HOME KEY GEN KEYGEN, NO ACTIVATION HACK. REALLY WORKS!!!!!! TESTED ON JULY-12-03, YOU DON'T NEED TO ACTIVATE(1).zip


[F:1539][D:12]-> C:\DOCUME~1\Guylain\LOCALS~1\Temp
[F:109][D:0]-> C:\DOCUME~1\Guylain\Cookies
[F:1326][D:4]-> C:\DOCUME~1\Guylain\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 31/08/2009| 5:35 - Option : [1]

--------------------\\ Scan completed at 5:35:35

Cracks/Kegens/Warez etc.

As you have admitted to, or the log(s) you've posted indicate that, you've used one or more of the above, we can not provide you with any help.

We do NOT knowingly provide help for anyone using any form of cracked software and/or Operating Systems.

In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.
The distribution and use of cracked software is illegal in almost every developed country.
They are also one of the biggest causes of infection.

This applies to Cracks, Keygens and Warez

As most other forums have the same policy, your best option is to format and re-install your operating system and programs from legitimate sources.

In the future I strongly suggest you stay away from using cracks and/or Keygens.

This topic will be closed and archived.