Picsou

Members
  • Content count

    22
  • Joined

  • Last visited

About Picsou

  • Rank
    New Member
  • Birthday
  1. Hello Maniac, I did the test again and no redirection. Seems OK . Last question: How to uninstall the following tools or shoul I uninstall them: - DDS -aswMBR - OTL - TDSkiller - Kaspersky - MinitoolBox ? Regards, Picsou
  2. Hello Maniac, I will do a last test, to ensure that at start-up, that nothing happens.
  3. hello Maniac, Good news ! I uninstalled IE 8 and reinstalled it with updates and tested the redirection. And... there was no redirection. I tested numerous pages inside and outside the bank firewall and I did not get any redirection where before I had. It seems that the uninstall and reinstall after all other corrections and validations resolved the problem. So Thank you very much . Mnogo blagodaria! Cordialement Picsou
  4. Bonjour Maniac, Yes, I still have the problem. Sorry if I did not come back but I was away for 3 days. I just tested it again, few minutes ago, and I still get the redirection. The Minitoolbox did not change any thing. Cordialement, Picsou PS: Should I uninstall IE 8 and reinstall it?
  5. Hello Maniac, find below the Minitoolbox Result.txt report: MiniToolBox by Farbar Version: 25-06-2012 Ran by Gilles (administrator) on 29-06-2012 at 13:30:00 Microsoft Windows XP Home Edition Service Pack 3 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Realtek RTL8139/810X Family PCI Fast Ethernet NIC = Local Area Connection (Connected) # ---------------------------------- # Interface IP Configuration # ---------------------------------- pushd interface ip # Interface IP Configuration for "Local Area Connection" set address name="Local Area Connection" source=dhcp set dns name="Local Area Connection" source=dhcp register=PRIMARY set wins name="Local Area Connection" source=dhcp popd # End of interface IP configuration Windows IP Configuration Host Name . . . . . . . . . . . . : owner-akf11bv1p Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8139/810X Family PCI Fast Ethernet NIC Physical Address. . . . . . . . . : 00-C0-A8-80-43-45 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Lease Obtained. . . . . . . . . . : June 28, 2012 8:30:51 PM Lease Expires . . . . . . . . . . : July 5, 2012 8:30:51 PM Server: UnKnown Address: 192.168.0.1 Name: google.com Addresses: 74.125.228.100, 74.125.228.104, 74.125.228.99, 74.125.228.96 74.125.228.103, 74.125.228.101, 74.125.228.102, 74.125.228.97, 74.125.228.98 74.125.228.110, 74.125.228.105 Pinging google.com [74.125.228.66] with 32 bytes of data: Reply from 74.125.228.66: bytes=32 time=36ms TTL=56 Reply from 74.125.228.66: bytes=32 time=36ms TTL=56 Ping statistics for 74.125.228.66: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 36ms, Maximum = 36ms, Average = 36ms Server: UnKnown Address: 192.168.0.1 Name: yahoo.com Addresses: 72.30.38.140, 209.191.122.70, 98.139.183.24 Pinging yahoo.com [209.191.122.70] with 32 bytes of data: Reply from 209.191.122.70: bytes=32 time=51ms TTL=55 Reply from 209.191.122.70: bytes=32 time=56ms TTL=55 Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 51ms, Maximum = 56ms, Average = 53ms Server: UnKnown Address: 192.168.0.1 Name: bleepingcomputer.com Address: 208.43.87.2 Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data: Reply from 208.43.87.2: Destination host unreachable. Reply from 208.43.87.2: Destination host unreachable. Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 c0 a8 80 43 45 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - McAfee Core NDIS Intermediate Filter Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 169.254.0.0 255.255.0.0 192.168.0.100 192.168.0.100 20 192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 20 192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 20 224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 20 255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1 Default Gateway: 192.168.0.1 =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation) Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation) Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation) Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation) Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation) Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (06/29/2012 00:35:50 AM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation. Error: (06/29/2012 00:35:49 AM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation. Error: (06/29/2012 00:35:30 AM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (06/28/2012 02:57:01 PM) (Source: Application Error) (User: ) Description: Faulting application nmindexstoresvr.exe, version 3.3.8.0, faulting module unknown, version 0.0.0.0, fault address 0x01ec9fe2. Processing media-specific event for [nmindexstoresvr.exe!ws!] Error: (06/27/2012 10:36:29 PM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (06/24/2012 05:10:45 PM) (Source: Application Error) (User: ) Description: Faulting application nmindexstoresvr.exe, version 3.3.8.0, faulting module unknown, version 0.0.0.0, fault address 0x01ea3f3c. Processing media-specific event for [nmindexstoresvr.exe!ws!] Error: (06/23/2012 02:37:02 PM) (Source: Application Error) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19258, fault address 0x001095b3. Processing media-specific event for [iexplore.exe!ws!] Error: (06/22/2012 04:36:19 PM) (Source: Application Hang) (User: ) Description: Hanging application ImageReady.exe, version 3.0.1.192, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (06/22/2012 09:23:34 AM) (Source: Application Hang) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (06/21/2012 10:37:58 PM) (Source: Application Error) (User: ) Description: Faulting application nmindexstoresvr.exe, version 3.3.8.0, faulting module unknown, version 0.0.0.0, fault address 0x01de5fd2. Processing media-specific event for [nmindexstoresvr.exe!ws!] System errors: ============= Error: (06/29/2012 00:35:13 AM) (Source: DCOM) (User: OWNER-AKF11BV1P) Description: DCOM got error "%%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} Error: (06/29/2012 00:35:13 AM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect. Error: (06/29/2012 00:33:31 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout. Error: (06/27/2012 07:42:59 PM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout. Error: (06/24/2012 07:22:14 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service. Error: (06/24/2012 05:13:17 PM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout. Error: (06/21/2012 01:03:07 PM) (Source: Service Control Manager) (User: ) Description: The NMIndexingService service terminated unexpectedly. It has done this 1 time(s). Error: (06/21/2012 01:03:02 PM) (Source: Service Control Manager) (User: ) Description: The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (06/21/2012 01:03:02 PM) (Source: Service Control Manager) (User: ) Description: The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (06/21/2012 01:03:02 PM) (Source: Service Control Manager) (User: ) Description: The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Microsoft Office Sessions: ========================= Error: (12/30/2010 01:55:42 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16093 seconds with 120 seconds of active time. This session ended with a crash. =========================== Installed Programs ============================ AceHTML Freeware (Version: Build 11) Adobe Acrobat 5.0 (Version: 5.0) Adobe AIR (Version: 2.7.1.19610) Adobe Flash Player 11 ActiveX (Version: 11.1.102.62) Adobe Photoshop 6.0 (Version: 6.0) Adobe Photoshop Elements 8.0 (Version: 8.0) Adobe Reader X (10.1.3) (Version: 10.1.3) Anti-phishing Domain Advisor (Version: 1.0.0.5) Apple Application Support (Version: 1.4.1) Apple Mobile Device Support (Version: 3.3.1.3) Apple Software Update (Version: 2.1.1.116) ArcSoft PhotoStudio 6 (Version: 6.0.1.148) AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 Bonjour (Version: 2.0.4.0) CameraHelperMsi (Version: 13.00.1774.0) Canon MP Navigator EX 3.1 Canon Utilities Solution Menu CanoScan 9000F Scanner Driver CanoScan Toolbox 4.1 Coffret de pilotes Logitech Webcam Software (Version: 12.10.1110) Dell ResourceCD Driver Detective (Version: 8.0.1) DVD Solution erLT (Version: 1.20.138.34) ESET Online Scanner v3 Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.3.2710.138) Google Update Helper (Version: 1.3.21.111) HP Deskjet 6500 Series ImpôtRapide 2009 (Version: 1.00.0000) ImpôtRapide 2010 (Version: 1.00.0000) ImpôtRapide 2011 (Version: 1.00.0000) InCD (Version: 4.3.18.0) iTunes (Version: 10.1.2.17) LightScribe 1.4.74.1 (Version: 1.4.74.1) Logitech Webcam Software (Version: 2.0) LWS Facebook (Version: 13.00.1777.0) LWS Gallery (Version: 13.00.1778.0) LWS Help_main (Version: 13.00.1783.0) LWS Launcher (Version: 13.00.1776.0) LWS Motion Detection (Version: 13.00.1778.0) LWS Pictures And Video (Version: 13.00.1778.0) LWS Video Mask Maker (Version: 13.00.1774.0) LWS VideoEffects (Version: 13.00.1774.0) LWS Webcam Software (Version: 13.00.1774.0) LWS WLM Plugin (Version: 1.00.1774.0) LWS YouTube Plugin (Version: 13.00.1777.0) Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400) McAfee AntiVirus Plus (Version: 11.0.678) McAfee Security Scan Plus (Version: 2.0.181.2) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft Combat Flight Simulator 3 Mission Pack (Version: 3.0.0.0921) Microsoft Combat Flight Simulator 3.1 Microsoft Download Manager (Version: 1.2.1) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (French) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (French) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Arabic) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Dutch) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (French) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (French) 2007 (Version: 12.0.6612.1000) Microsoft Office XP Web Components (Version: 10.0.6765.0) Microsoft Picture It! Photo 2002 (Version: 6.0.0.0000) Microsoft Silverlight (Version: 4.1.10329.0) Microsoft Software Update for Web Folders (French) 12 (Version: 12.0.6612.1000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) Multimedia Launcher MyFonts Order M3792118 (Version: 1.0) Nero 8 (Version: 8.3.305) Nero MediaHome CE Nero OEM Nero Recode CE Nero ShowTime CE neroxml (Version: 1.0.0) Nikon Message Center (Version: 0.91.000) NVIDIA Display Driver NVIDIA Drivers OmniPage SE (Version: 11.00.0001) PhotoInPress BookDesigner PictureProject (Version: 1.0) Presto! PageManager 6 Print@Fujicolor (Version: 2.73) QuickTime (Version: 7.69.80.9) RegCure (Version: 2.1.0.0) Samsung_MonSetup (Version: 1.00.0000) Skype Toolbars (Version: 5.0.4137) Skype™ 5.1 (Version: 5.1.112) SoundMAX Spybot - Search & Destroy (Version: 1.6.2) SpyHunter (Version: 4.9.11.3987) System Requirements Lab Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Windows Internet Explorer 8 (KB976662) (Version: 1) Update for Windows Internet Explorer 8 (KB980182) (Version: 1) Update for Windows XP (KB2141007) (Version: 1) Update for Windows XP (KB2345886) (Version: 1) Update for Windows XP (KB2467659) (Version: 1) Update for Windows XP (KB2541763) (Version: 1) Update for Windows XP (KB2607712) (Version: 1) Update for Windows XP (KB2616676) (Version: 1) Update for Windows XP (KB2641690) (Version: 1) Update for Windows XP (KB2718704) (Version: 1) Update for Windows XP (KB951978) (Version: 1) Update for Windows XP (KB955759) (Version: 1) Update for Windows XP (KB967715) (Version: 1) Update for Windows XP (KB968389) (Version: 1) Update for Windows XP (KB971029) (Version: 1) Update for Windows XP (KB971737) (Version: 1) Update for Windows XP (KB973687) (Version: 1) Update for Windows XP (KB973815) (Version: 1) VCRedistSetup (Version: 1.0.0) WebFldrs XP (Version: 9.50.5318) Winamp (Version: 5.572 ) Winamp Toolbar Windows Defender (Version: 1.1.1593.21) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Media Format 11 runtime Windows XP Service Pack 3 (Version: 20080414.031525) ========================= Devices: ================================ Name: ACPI Uniprocessor PC Description: ACPI Uniprocessor PC Class Guid: {4D36E966-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard computers) Service: \Driver\ACPI_HAL Name: Microsoft ACPI-Compliant System Description: Microsoft ACPI-Compliant System Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: ACPI Name: Intel® Pentium® 4 CPU 1.80GHz Description: Processor Class Guid: {50127DC3-0F36-415E-A6CC-4CB3BE910B65} Manufacturer: Intel Service: Processor Name: PCI bus Description: PCI bus Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: pci Name: Intel® 82845 Processor to I/O Controller - 1A30 Description: Intel® 82845 Processor to I/O Controller - 1A30 Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: Intel Service: Name: Intel® 82845 Processor to AGP Controller - 1A31 Description: Intel® 82845 Processor to AGP Controller - 1A31 Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: Intel Service: pci Name: NVIDIA GeForce4 MX 420 Description: NVIDIA GeForce4 MX 420 Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318} Manufacturer: NVIDIA Service: nv Name: SyncMaster B2030 (Analog) Description: SyncMaster B2030 (Analog) Class Guid: {4D36E96E-E325-11CE-BFC1-08002BE10318} Manufacturer: Samsung Service: Name: Intel® 82801DB/DBM USB Universal Host Controller - 24C2 Description: Intel® 82801DB/DBM USB Universal Host Controller - 24C2 Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: Intel Service: usbuhci Name: USB Root Hub Description: USB Root Hub Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: USB Printing Support Description: USB Printing Support Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: Microsoft Service: usbprint Name: HP Deskjet 6500 Series Description: HP Deskjet 6500 Series Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318} Manufacturer: Hewlett-Packard Service: Name: Intel® 82801DB/DBM USB Universal Host Controller - 24C4 Description: Intel® 82801DB/DBM USB Universal Host Controller - 24C4 Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: Intel Service: usbuhci Name: USB Root Hub Description: USB Root Hub Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: Intel® 82801DB/DBM USB Universal Host Controller - 24C7 Description: Intel® 82801DB/DBM USB Universal Host Controller - 24C7 Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: Intel Service: usbuhci Name: USB Root Hub Description: USB Root Hub Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: Intel® 82801DB/DBM USB 2.0 Enhanced Host Controller - 24CD Description: Intel® 82801DB/DBM USB 2.0 Enhanced Host Controller - 24CD Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: Intel Service: usbehci Name: USB Root Hub Description: USB Root Hub Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: Generic USB Hub Description: Generic USB Hub Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: (Generic USB Hub) Service: usbhub Name: Logitech USB Camera (Webcam 905) Description: Logitech USB Camera (Webcam 905) Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: Logitech Service: usbccgp Name: Logitech Webcam 905 Description: Logitech Webcam 905 Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F} Manufacturer: Logitech Service: LVUVC Name: Webcam 905 Description: Webcam 905 Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318} Manufacturer: Logitech Service: usbaudio Name: USB Composite Device Description: USB Composite Device Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbccgp Name: USB Audio Device Description: USB Audio Device Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318} Manufacturer: (Generic USB Audio) Service: usbaudio Name: USB Human Interface Device Description: USB Human Interface Device Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} Manufacturer: (Standard system devices) Service: HidUsb Name: HID-compliant consumer control device Description: HID-compliant consumer control device Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} Manufacturer: Microsoft Service: Name: USB Human Interface Device Description: USB Human Interface Device Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} Manufacturer: (Standard system devices) Service: HidUsb Name: HID-compliant mouse Description: HID-compliant mouse Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: mouhid Name: Intel® 82801DB PCI Bridge - 244E Description: Intel® 82801DB PCI Bridge - 244E Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: Intel Service: pci Name: SoftV90 Data Fax Modem Description: SoftV90 Data Fax Modem Class Guid: {4D36E96D-E325-11CE-BFC1-08002BE10318} Manufacturer: CXT Service: Modem Name: Realtek RTL8139/810X Family PCI Fast Ethernet NIC Description: Realtek RTL8139/810X Family PCI Fast Ethernet NIC Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Realtek Service: rtl8139 Name: Intel® 82801DB LPC Interface Controller - 24C0 Description: Intel® 82801DB LPC Interface Controller - 24C0 Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: Intel Service: isapnp Name: ISAPNP Read Data Port Description: ISAPNP Read Data Port Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: Name: Programmable interrupt controller Description: Programmable interrupt controller Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: Name: Direct memory access controller Description: Direct memory access controller Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: Name: System timer Description: System timer Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: Name: System CMOS/real time clock Description: System CMOS/real time clock Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: Name: System speaker Description: System speaker Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: Name: Numeric data processor Description: Numeric data processor Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: Name: Communications Port (COM1) Description: Communications Port Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard port types) Service: Serial Name: Standard floppy disk controller Description: Standard floppy disk controller Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard floppy disk controllers) Service: fdc Name: Floppy disk drive Description: Floppy disk drive Class Guid: {4D36E980-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard floppy disk drives) Service: flpydisk Name: ECP Printer Port (LPT1) Description: ECP Printer Port Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard port types) Service: Parport Name: Printer Port Logical Interface Description: Printer Port Logical Interface Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: Name: Motherboard resources Description: Motherboard resources Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: Name: Intel® 82802 Firmware Hub Device Description: Intel® 82802 Firmware Hub Device Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: Intel Service: Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard keyboards) Service: i8042prt Name: Motherboard resources Description: Motherboard resources Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: Name: Intel® 82801DB Ultra ATA Storage Controller - 24CB Description: Intel® 82801DB Ultra ATA Storage Controller - 24CB Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318} Manufacturer: Intel Service: pciide Name: Primary IDE Channel Description: Primary IDE Channel Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard IDE ATA/ATAPI controllers) Service: atapi Name: MAXTOR 6L040J2 Description: Disk drive Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard disk drives) Service: disk Name: MAXTOR STM3200820A Description: Disk drive Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard disk drives) Service: disk Name: Secondary IDE Channel Description: Secondary IDE Channel Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard IDE ATA/ATAPI controllers) Service: atapi Name: HL-DT-ST DVD-RAM GSA-H22L Description: CD-ROM Drive Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard CD-ROM drives) Service: cdrom Name: _NEC NR-7900A Description: CD-ROM Drive Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard CD-ROM drives) Service: cdrom Name: Intel® 82801DB/DBM SMBus Controller - 24C3 Description: Intel® 82801DB/DBM SMBus Controller - 24C3 Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: Intel Service: Name: SoundMAX Integrated Digital Audio Description: SoundMAX Integrated Digital Audio Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318} Manufacturer: Analog Devices, Inc. Service: smwdm Name: System board Description: System board Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: Name: ACPI Sleep Button Description: ACPI Sleep Button Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: Name: ACPI Fixed Feature Button Description: ACPI Fixed Feature Button Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: Name: Volume Manager Description: Volume Manager Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: ftdisk Name: Generic volume Description: Generic volume Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F} Manufacturer: Microsoft Service: Name: Generic volume Description: Generic volume Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F} Manufacturer: Microsoft Service: Name: Generic volume Description: Generic volume Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F} Manufacturer: Microsoft Service: Name: AFD Networking Support Environment Description: AFD Networking Support Environment Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AFD Name: Beep Description: Beep Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Beep Name: catchme Description: catchme Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: catchme Name: McAfee Inc. cfwids Description: McAfee Inc. cfwids Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: cfwids Name: dmboot Description: dmboot Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: dmboot Name: dmload Description: dmload Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: dmload Name: esgiguard Description: esgiguard Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: esgiguard Name: Fallback Description: Fallback Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Fallback Name: Fips Description: Fips Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Fips Name: Fsks Description: Fsks Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Fsks Name: Generic Packet Classifier Description: Generic Packet Classifier Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Gpc Name: HTTP Description: HTTP Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: HTTP Name: IP Traffic Filter Driver Description: IP Traffic Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: IpFilterDriver Name: IP Network Address Translator Description: IP Network Address Translator Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: IpNat Name: IPSEC driver Description: IPSEC driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: IPSec Name: K56 Description: K56 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: K56 Name: ksecdd Description: ksecdd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ksecdd Name: Logitech LVPr2Mon Driver Description: Logitech LVPr2Mon Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: LVPr2Mon Name: mdmxsdk Description: mdmxsdk Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mdmxsdk Name: McAfee Inc. mfeapfk Description: McAfee Inc. mfeapfk Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mfeapfk Name: McAfee Inc. mfeavfk Description: McAfee Inc. mfeavfk Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mfeavfk Name: McAfee Inc. Description: McAfee Inc. Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mfeavfk01 Name: McAfee Inc. mfebopk Description: McAfee Inc. mfebopk Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mfebopk Name: McAfee Inc. mfefirek Description: McAfee Inc. mfefirek Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mfefirek Name: McAfee Inc. mfehidk Description: McAfee Inc. mfehidk Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mfehidk Name: McAfee Inc. mferkdet Description: McAfee Inc. mferkdet Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mferkdet Name: McAfee Inc. mfetdi2k Description: McAfee Inc. mfetdi2k Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mfetdi2k Name: mnmdd Description: mnmdd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mnmdd Name: mountmgr Description: mountmgr Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mountmgr Name: NDIS System Driver Description: NDIS System Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NDIS Name: Remote Access NDIS TAPI Driver Description: Remote Access NDIS TAPI Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NdisTapi Name: NDIS Usermode I/O Protocol Description: NDIS Usermode I/O Protocol Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Ndisuio Name: NDProxy Description: NDProxy Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NDProxy Name: NetBios over Tcpip Description: NetBios over Tcpip Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NetBT Name: Null Description: Null Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Null Name: OMCI Description: OMCI Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: OMCI Name: PartMgr Description: PartMgr Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: PartMgr Name: ParVdm Description: ParVdm Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ParVdm Name: Remote Access Auto Connection Driver Description: Remote Access Auto Connection Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: RasAcd Name: RDPCDD Description: RDPCDD Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: RDPCDD Name: Secdrv Description: Secdrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Secdrv Name: SoftFax Description: SoftFax Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SoftFax Name: TCP/IP Protocol Driver Description: TCP/IP Protocol Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Tcpip Name: Tones Description: Tones Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Tones Name: V124 Description: V124 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: V124 Name: VgaSave Description: VgaSave Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: VgaSave Name: VolSnap Description: VolSnap Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: VolSnap Name: Remote Access IP ARP Driver Description: Remote Access IP ARP Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Wanarp Name: Windows Socket 2.0 Non-IFS Service Provider Support Environment Description: Windows Socket 2.0 Non-IFS Service Provider Support Environment Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: WS2IFSL Name: Audio Codecs Description: Audio Codecs Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: audstub Name: Legacy Audio Drivers Description: Legacy Audio Drivers Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: audstub Name: Media Control Devices Description: Media Control Devices Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: audstub Name: Legacy Video Capture Devices Description: Legacy Video Capture Devices Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: audstub Name: Video Codecs Description: Video Codecs Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: audstub Name: WAN Miniport (IP) - McAfee Core NDIS Intermediate Filter Miniport Description: McAfee Core NDIS Intermediate Filter Miniport Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: McAfee Service: mfendiskmp Name: Realtek RTL8139 Family PCI Fast Ethernet NIC - McAfee Core NDIS Intermediate Filter Miniport Description: McAfee Core NDIS Intermediate Filter Miniport Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: McAfee Service: mfendiskmp Name: WAN Miniport (L2TP) Description: WAN Miniport (L2TP) Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: Rasl2tp Name: WAN Miniport (IP) Description: WAN Miniport (IP) Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: NdisWan Name: WAN Miniport (PPPOE) Description: WAN Miniport (PPPOE) Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: RasPppoe Name: WAN Miniport (PPTP) Description: WAN Miniport (PPTP) Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: PptpMiniport Name: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport Description: Packet Scheduler Miniport Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: PSched Name: WAN Miniport (IP) - Packet Scheduler Miniport Description: Packet Scheduler Miniport Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: PSched Name: Direct Parallel Description: Direct Parallel Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: Raspti Name: Terminal Server Keyboard Driver Description: Terminal Server Keyboard Driver Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: TermDD Name: Terminal Server Mouse Driver Description: Terminal Server Mouse Driver Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: TermDD Name: Plug and Play Software Device Enumerator Description: Plug and Play Software Device Enumerator Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: swenum Name: Microsoft WINMM WDM Audio Compatibility Driver Description: Microsoft WINMM WDM Audio Compatibility Driver Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: wdmaud Name: Microsoft Kernel System Audio Device Description: Microsoft Kernel System Audio Device Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: sysaudio Name: RAS Async Adapter Description: RAS Async Adapter Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: AsyncMac Name: Microsoft Kernel Wave Audio Mixer Description: Microsoft Kernel Wave Audio Mixer Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: kmixer Name: Microcode Update Device Description: Microcode Update Device Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: update Name: Microsoft System Management BIOS Driver Description: Microsoft System Management BIOS Driver Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard system devices) Service: mssmbios ========================= Memory info: =================================== Percentage of memory in use: 65% Total physical RAM: 766.8 MB Available physical RAM: 266.03 MB Total Pagefile: 1876.23 MB Available Pagefile: 1182.82 MB Total Virtual: 2047.88 MB Available Virtual: 1969.49 MB ========================= Partitions: ===================================== 2 Drive c: () (Fixed) (Total:37.24 GB) (Free:5.45 GB) NTFS 3 Drive d: (DRV2_VOL1) (Fixed) (Total:186.31 GB) (Free:88.76 GB) NTFS ========================= Users: ======================================== User accounts for \\OWNER-AKF11BV1P Administrator Gilles Guest H‚lŠne HelpAssistant Owner SUPPORT_388945a0 ========================= Minidump Files ================================== No minidump file found **** End of log **** Cordialement, Picsou
  6. hello Maniac, Did the Microsoft FixIt as instructed. Did it 3 times, 1 for my partition, 1 for my wife and 1 for the Admin. Each time, I closed IE and restarted it. After that, I retested the redirection. I found an advertisement on the welcome page of the bank before accessing the bank site. this advertisement has an URL similar to the one inside the bank site. So I clicked on it and was redirected to the Panda site: www.cloudantivirus.com. The URL was: https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=653267&r=9878 I also did a test: In a word file, I created an hyperlink with the url: https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=653267&r=9878 and surprise, when I clicked on it, I was not redirected to the Panda web site but to the real web page related to the advertisement. I am not sure if this could help you What is next?. Regards, Picsou
  7. Bonjour Maniac, I just tested the advertisement link within my bank web site and I am still getting a redirection. I navigated within the web site and found another advertisement that had a similar url : (ex:https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=26192) and this one also redirected me to a web page advertising a Panda AV website. When I clicked to other advertisement that had a URL not starting with " https://rbc.bridgetrack.com..." , I did not get any redirection. I had my work Portable PC opened and i went to the bank web site. But this time there was no redirection when I clicked on the same advertisement. The only thing I can conclude is the following: 1. I still have redirection with my PC . 2. Seems to happens when the url is starting with : https://rbc.bridgetrack.com/..." The problem is not yet resolved. Cordialement Picsou
  8. Bonjour Maniac, i was waiting for the next step... but was away for the last 3 days. Not sure what progress you refer to ? I do not want to test the redirection (i-e clicking on the advertisement) until we are finished. Should I test it? Cordialement, Picsou
  9. Bonjour Maniac, See below, I posted the OTL Custom Scan Fixes: All processes killed ========== OTL ========== C:\Documents and Settings\Gilles\Application Data\Uniblue folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\widgets_cache folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\weather folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\shopping folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\games folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\coupons folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\widgets\net.vmn.www.Shopzilla folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\widgets folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\scripts folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\css folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\js folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\images folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\css folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\widgets folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content\lib folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome\content folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb\chrome folder moved successfully. C:\Documents and Settings\Hélène\Application Data\mystarttb folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\widgets_cache folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\weather folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\shopping folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\search folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\games folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\coupons folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\scripts folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\images folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin\css folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\skin folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\js folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\images folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla\css folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.Shopzilla folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\widgets folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content\lib folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome\content folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb\chrome folder moved successfully. C:\Documents and Settings\Owner\Application Data\mystarttb folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Gilles\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Gilles\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Elise User: Gilles ->Temp folder emptied: 140755237 bytes ->Temporary Internet Files folder emptied: 551219270 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 3271 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Hélène ->Temp folder emptied: 522615 bytes ->Temporary Internet Files folder emptied: 55784839 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 790 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 7202 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Owner ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Premier ministre %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 543044 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 714.00 mb Error creating restore point. OTL by OldTimer - Version 3.2.50.0 log created on 06212012_130252 Files\Folders moved on Reboot... C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\T7WT2ATW\index[2].htm moved successfully. C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\MWHCHZI9\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\Content.IE5\CB61PKRI\fastbutton[2].htm moved successfully. C:\Documents and Settings\Gilles\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File\Folder C:\WINDOWS\temp\TMP0000000DE3230FC4610EF0B7 not found! Registry entries deleted on Reboot... what is next? Cordialement, Picsou
  10. Bonjour Maniac, I have done 1. Step 1: Deleting 22:52:20.0000 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip with TDSSKiller. Note that when TDSSKiller has completed the cure (deletion) and quarantined some files, a pop-up message by McAfee Antivirus Plus indicated it had detected a threat and repaired it, a trojan named: DNSChanger.as . (I am unable to paste an image into the post???) The message was as follows: - Scan Type: Real time - Threat detected: DNSCharger.as (trojan) - Status: repaired (removed) - File: C:\TDSSKiller_Quarantine\20.06.2012_18:52:07\tdlfs0000\tsk0003.dta - process description: TDSS rootkit removal toolIs this meaningful to you? 2 Step 2 with OTL: find below both reports : OTL,txt : OTL logfile created on: 20/06/2012 7:18:25 PM - Run 2 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Gilles\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 766.80 Mb Total Physical Memory | 319.66 Mb Available Physical Memory | 41.69% Memory free 1.83 Gb Paging File | 1.25 Gb Available in Paging File | 68.32% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.24 Gb Total Space | 4.75 Gb Free Space | 12.75% Space Free | Partition Type: NTFS Drive D: | 186.31 Gb Total Space | 88.92 Gb Free Space | 47.73% Space Free | Partition Type: NTFS Computer Name: OWNER-AKF11BV1P | User Name: Gilles | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/20 19:15:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gilles\Desktop\OTL.exe PRC - [2012/06/02 14:58:48 | 000,763,840 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe PRC - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe PRC - [2011/01/19 11:02:44 | 000,232,104 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2008/12/02 15:29:52 | 002,221,352 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe PRC - [2008/06/24 17:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2005/07/08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe PRC - [2001/03/15 08:18:18 | 000,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe ========== Modules (No Company Name) ========== MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2009/02/13 13:44:56 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll MOD - [2009/02/13 13:44:52 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll MOD - [2009/02/13 13:44:52 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll MOD - [2001/10/11 16:34:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/06/02 14:58:48 | 000,763,840 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2012/01/13 12:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2010/12/26 21:08:39 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2006/11/03 19:20:06 | 000,271,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2005/07/08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek) DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k) DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp) DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk) DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids) DRV - [2011/05/06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2010/05/14 18:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2010/05/14 18:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 905(UVC) DRV - [2010/05/14 18:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2005/07/08 18:17:56 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2005/07/08 18:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2005/07/08 18:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2005/07/08 11:17:31 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm) DRV - [2001/09/03 17:14:38 | 000,025,454 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI) DRV - [2001/08/17 09:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124) DRV - [2001/08/17 09:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones) DRV - [2001/08/17 09:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft) DRV - [2001/08/17 09:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample) DRV - [2001/08/17 09:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56) DRV - [2001/08/17 09:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback) DRV - [2001/08/17 09:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax) DRV - [2001/08/17 09:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks) DRV - [2001/08/17 09:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lactualite.com/ IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 2F 15 F6 72 8A CA 01 [binary data] IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enCA359 IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\programs\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/06/20 19:06:33 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/23 18:30:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/06/20 19:22:22 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/06/15 09:46:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120429230329.dll (McAfee, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security)) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKU\S-1-5-21-1202660629-1417001333-682003330-1005\..Trusted Domains: gouv.qc.ca ([www.registrefoncier] https in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261492779045 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268959760125 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control) O16 - DPF: {DB28CF23-0083-40B5-BF63-69925D672385} http://www.nero.com/doc/NeroVersionChecker.cab (CNeroSerialChecker Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://infolot.mrnf.gouv.qc.ca/ACGM/acgm.cab (ActiveCGM Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{195DA4A8-BFF1-4173-9F08-100DA3E0C850}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\intu-ir2009 {E4616804-F2F8-4839-B728-5305004DA6A7} - C:\Program Files\ImpotRapide 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.) O18 - Protocol\Handler\intu-ir2011 {DFF68B15-A8D3-420b-B32C-E9554E2F5C15} - C:\Program Files\ImpotRapide 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/12/21 18:46:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008/01/05 14:52:34 | 000,000,000 | ---D | M] - D:\autoplay cd -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/06/20 19:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee [2012/06/20 19:14:59 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gilles\Desktop\OTL.exe [2012/06/20 18:58:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/06/19 08:01:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2012/06/18 21:11:54 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gilles\Desktop\tdsskiller.exe [2012/06/18 11:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender [2012/06/18 11:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilles\My Documents\My Downloads [2012/06/18 11:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager [2012/06/18 11:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager [2012/06/15 15:58:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/06/15 11:03:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012/06/13 22:57:48 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/06/13 22:51:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/06/13 22:51:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/06/13 22:51:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/06/13 22:51:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/06/13 22:50:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/06/13 22:47:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/12 22:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/06/12 17:57:53 | 000,000,000 | ---D | C] -- C:\_OTL [2012/06/12 12:16:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Gilles\Desktop\aswMBR.exe [2012/06/08 19:07:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos [2012/06/08 19:07:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gilles\Start Menu\Programs\Administrative Tools [2012/06/08 19:01:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Gilles\Desktop\dds.scr [2012/06/08 14:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gilles\Start Menu\Programs\SpyHunter [2012/06/08 14:32:02 | 000,000,000 | ---D | C] -- C:\sh4ldr [2012/06/08 14:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012/06/08 14:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2012/05/31 17:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/31 17:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/05/31 17:55:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Files - Modified Within 30 Days ========== [2012/06/20 19:15:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gilles\Desktop\OTL.exe [2012/06/20 19:12:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/06/20 19:08:36 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/06/20 19:05:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/06/20 19:05:15 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job [2012/06/20 19:05:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/20 19:04:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2012/06/20 19:04:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2012/06/20 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job [2012/06/19 23:23:20 | 137,525,896 | ---- | M] () -- C:\Documents and Settings\Gilles\Desktop\setup_11.0.0.1245.x01_2012_06_19_21_12.exe [2012/06/18 21:50:39 | 137,503,544 | ---- | M] () -- C:\Documents and Settings\Gilles\Desktop\setup_11.0.0.1245.x01_2012_06_18_19_12.exe [2012/06/18 21:14:44 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Gilles\Desktop\tdsskiller.exe [2012/06/18 11:31:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/18 11:30:31 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk [2012/06/15 17:34:16 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012/06/15 09:46:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/06/14 00:05:50 | 000,245,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/13 22:57:56 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/06/13 22:06:24 | 000,434,270 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/13 22:06:24 | 000,068,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/13 21:46:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/06/12 21:04:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT [2012/06/12 13:23:54 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Gilles\Desktop\MBR.dat [2012/06/12 12:16:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Gilles\Desktop\aswMBR.exe [2012/06/10 03:06:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job [2012/06/08 19:01:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Gilles\Desktop\dds.scr [2012/06/08 14:32:20 | 000,001,975 | ---- | M] () -- C:\Documents and Settings\Gilles\Desktop\SpyHunter.lnk [2012/06/06 09:15:46 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Gilles\Application Data\default.pls [2012/05/31 17:56:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/28 21:31:17 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Gilles\Desktop\MyFonts Order M3792118.msi [2012/05/24 16:55:47 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Gilles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2012/06/19 23:19:37 | 137,525,896 | ---- | C] () -- C:\Documents and Settings\Gilles\Desktop\setup_11.0.0.1245.x01_2012_06_19_21_12.exe [2012/06/18 21:48:53 | 137,503,544 | ---- | C] () -- C:\Documents and Settings\Gilles\Desktop\setup_11.0.0.1245.x01_2012_06_18_19_12.exe [2012/06/18 11:36:05 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/06/18 11:32:51 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk [2012/06/18 11:30:31 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk [2012/06/13 22:57:56 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/06/13 22:57:51 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/06/13 22:51:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/06/13 22:51:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/06/13 22:51:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/06/13 22:51:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/06/13 22:51:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/06/12 21:04:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT [2012/06/12 13:23:54 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Gilles\Desktop\MBR.dat [2012/06/08 14:32:20 | 000,001,975 | ---- | C] () -- C:\Documents and Settings\Gilles\Desktop\SpyHunter.lnk [2012/05/31 17:56:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/28 21:30:46 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\Gilles\Desktop\MyFonts Order M3792118.msi [2012/02/15 22:50:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/12/18 22:33:55 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2011/12/18 22:33:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll [2011/05/29 22:29:14 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll [2011/05/29 21:09:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/05/29 21:09:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2011/02/26 00:07:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2010/12/26 20:17:12 | 000,786,504 | ---- | C] () -- C:\WINDOWS\System32\CNQ9602N.DAT [2010/12/26 20:17:12 | 000,296,064 | ---- | C] () -- C:\WINDOWS\System32\CNQ9602W.DAT [2010/07/16 22:50:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/07/16 22:29:25 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini ========== LOP Check ========== [2011/12/21 19:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor [2011/12/18 17:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ [2010/12/26 20:21:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan [2010/12/26 20:52:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu [2009/12/23 00:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2010/12/26 21:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2010/01/08 20:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2009/12/22 13:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2011/05/29 13:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2010/01/04 08:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure [2009/12/22 12:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2009/12/22 12:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard [2011/05/29 13:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB [2009/12/23 00:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2011/02/22 00:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/01/20 22:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/12/26 20:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Canon [2006/05/05 23:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\HotSync [2008/01/02 13:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\ImageMatics [2004/10/29 19:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Inspiration Software [2002/08/26 21:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\InterTrust [2011/03/21 00:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\LANCITE [2010/07/16 22:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Leadertech [2006/12/30 22:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\muvee Technologies [2008/02/18 01:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Netscape [2003/01/25 01:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\NewSoft [2006/12/30 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Nikon [2003/01/26 02:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\NSBackup [2011/02/05 11:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\PhotoInPress [2003/12/14 00:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Qualcomm [2003/01/24 23:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\ScanSoft [2008/01/08 22:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\STOIK [2009/03/29 12:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\Uniblue [2008/12/30 22:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gilles\Application Data\XnView [2012/06/15 17:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\Canon [2011/12/22 11:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\mystarttb [2011/12/22 12:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\Nikon [2011/02/05 10:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\PhotoInPress [2010/01/15 23:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\Qualcomm [2008/08/26 23:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hélène\Application Data\Vidéotron [2009/12/23 01:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2009/12/24 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon [2009/12/22 12:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust [2012/06/01 13:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mystarttb [2009/12/23 00:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NewSoft [2009/12/31 22:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon [2010/01/15 22:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Qualcomm [2009/12/22 12:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft [2012/06/20 19:08:36 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2012/06/20 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job [2012/06/20 19:05:15 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job [2012/06/10 03:06:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job ========== Purity Check ========== < End of report > And for the EXTRAS.txt file, i did not see it. I looked where the OTL.txt file was recorded but did not see any EXTRAs.txt file other than the one of June 12. Is this OK? Cordialement, Picsou
  11. Bonjour Maniac, Find below the TDSSKiller file. Note that I am unable to send you the Virus Removal Tool (Kaspersky) file, because for some reasons it scanned all my hard drives including the Backup drive, even if it was not ticked in the Parameters screen. After 24 hours, I stopped it when will run it again tonight and send it to you tomorrow. But I was able to see that it did not detect any Threats on drive C, D and G. The TDSSKiller file: 22:46:41.0671 2960 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 22:46:43.0671 2960 ============================================================ 22:46:43.0671 2960 Current date / time: 2012/06/19 22:46:43.0671 22:46:43.0671 2960 SystemInfo: 22:46:43.0671 2960 22:46:43.0671 2960 OS Version: 5.1.2600 ServicePack: 3.0 22:46:43.0671 2960 Product type: Workstation 22:46:43.0671 2960 ComputerName: OWNER-AKF11BV1P 22:46:43.0671 2960 UserName: Gilles 22:46:43.0671 2960 Windows directory: C:\WINDOWS 22:46:43.0671 2960 System windows directory: C:\WINDOWS 22:46:43.0671 2960 Processor architecture: Intel x86 22:46:43.0671 2960 Number of processors: 1 22:46:43.0671 2960 Page size: 0x1000 22:46:43.0671 2960 Boot type: Normal boot 22:46:43.0671 2960 ============================================================ 22:46:49.0375 2960 Drive \Device\Harddisk0\DR0 - Size: 0x951CC0000 (37.28 Gb), SectorSize: 0x200, Cylinders: 0x1302, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 22:46:49.0390 2960 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 22:46:49.0390 2960 ============================================================ 22:46:49.0390 2960 \Device\Harddisk0\DR0: 22:46:49.0390 2960 MBR partitions: 22:46:49.0390 2960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4A796BD 22:46:49.0390 2960 \Device\Harddisk1\DR1: 22:46:49.0390 2960 MBR partitions: 22:46:49.0390 2960 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82 22:46:49.0390 2960 ============================================================ 22:46:49.0468 2960 C: <-> \Device\Harddisk0\DR0\Partition0 22:46:49.0515 2960 D: <-> \Device\Harddisk1\DR1\Partition0 22:46:49.0515 2960 ============================================================ 22:46:49.0515 2960 Initialize success 22:46:49.0515 2960 ============================================================ 22:47:04.0171 0156 ============================================================ 22:47:04.0171 0156 Scan started 22:47:04.0171 0156 Mode: Manual; SigCheck; TDLFS; 22:47:04.0171 0156 ============================================================ 22:47:04.0609 0156 Abiosdsk - ok 22:47:04.0625 0156 abp480n5 - ok 22:47:04.0750 0156 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 22:47:05.0859 0156 ACDaemon - ok 22:47:05.0906 0156 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:47:08.0078 0156 ACPI - ok 22:47:08.0125 0156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 22:47:08.0718 0156 ACPIEC - ok 22:47:08.0968 0156 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) D:\Program Files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe 22:47:09.0234 0156 AdobeActiveFileMonitor8.0 - ok 22:47:09.0250 0156 adpu160m - ok 22:47:09.0328 0156 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys 22:47:09.0734 0156 aeaudio - ok 22:47:09.0796 0156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 22:47:10.0234 0156 aec - ok 22:47:10.0296 0156 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 22:47:10.0718 0156 AFD - ok 22:47:10.0750 0156 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 22:47:11.0140 0156 agp440 - ok 22:47:11.0171 0156 Aha154x - ok 22:47:11.0187 0156 aic78u2 - ok 22:47:11.0203 0156 aic78xx - ok 22:47:11.0250 0156 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 22:47:11.0640 0156 Alerter - ok 22:47:11.0671 0156 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 22:47:12.0093 0156 ALG - ok 22:47:12.0109 0156 AliIde - ok 22:47:12.0125 0156 amsint - ok 22:47:12.0250 0156 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:47:12.0500 0156 Apple Mobile Device - ok 22:47:12.0515 0156 AppMgmt - ok 22:47:12.0531 0156 asc - ok 22:47:12.0546 0156 asc3350p - ok 22:47:12.0578 0156 asc3550 - ok 22:47:12.0718 0156 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 22:47:13.0093 0156 aspnet_state - ok 22:47:13.0140 0156 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:47:13.0593 0156 AsyncMac - ok 22:47:13.0640 0156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 22:47:14.0000 0156 atapi - ok 22:47:14.0015 0156 Atdisk - ok 22:47:14.0062 0156 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:47:14.0609 0156 Atmarpc - ok 22:47:14.0656 0156 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 22:47:15.0093 0156 AudioSrv - ok 22:47:15.0156 0156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 22:47:15.0671 0156 audstub - ok 22:47:15.0703 0156 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys 22:47:16.0500 0156 basic2 - ok 22:47:16.0562 0156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 22:47:17.0109 0156 Beep - ok 22:47:17.0203 0156 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 22:47:17.0656 0156 BITS - ok 22:47:17.0765 0156 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe 22:47:17.0828 0156 Bonjour Service - ok 22:47:17.0890 0156 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 22:47:18.0312 0156 Browser - ok 22:47:18.0343 0156 catchme - ok 22:47:18.0390 0156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 22:47:18.0937 0156 cbidf2k - ok 22:47:19.0000 0156 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 22:47:19.0453 0156 CCDECODE - ok 22:47:19.0468 0156 cd20xrnt - ok 22:47:19.0531 0156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 22:47:20.0031 0156 Cdaudio - ok 22:47:20.0093 0156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 22:47:20.0515 0156 Cdfs - ok 22:47:20.0562 0156 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:47:21.0000 0156 Cdrom - ok 22:47:21.0078 0156 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\WINDOWS\system32\drivers\cfwids.sys 22:47:21.0125 0156 cfwids - ok 22:47:21.0140 0156 Changer - ok 22:47:21.0218 0156 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 22:47:21.0640 0156 cisvc - ok 22:47:21.0671 0156 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 22:47:22.0093 0156 ClipSrv - ok 22:47:22.0234 0156 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:47:22.0421 0156 clr_optimization_v2.0.50727_32 - ok 22:47:22.0437 0156 CmdIde - ok 22:47:22.0453 0156 COMSysApp - ok 22:47:22.0484 0156 Cpqarray - ok 22:47:22.0546 0156 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 22:47:22.0953 0156 CryptSvc - ok 22:47:22.0968 0156 dac2w2k - ok 22:47:22.0984 0156 dac960nt - ok 22:47:23.0093 0156 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 22:47:23.0296 0156 DcomLaunch - ok 22:47:23.0375 0156 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 22:47:23.0750 0156 Dhcp - ok 22:47:23.0781 0156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 22:47:24.0203 0156 Disk - ok 22:47:24.0218 0156 dmadmin - ok 22:47:24.0281 0156 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 22:47:24.0781 0156 dmboot - ok 22:47:24.0812 0156 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 22:47:25.0234 0156 dmio - ok 22:47:25.0281 0156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 22:47:25.0796 0156 dmload - ok 22:47:25.0843 0156 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 22:47:26.0234 0156 dmserver - ok 22:47:26.0296 0156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 22:47:26.0703 0156 DMusic - ok 22:47:26.0750 0156 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 22:47:27.0000 0156 Dnscache - ok 22:47:27.0062 0156 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 22:47:27.0500 0156 Dot3svc - ok 22:47:27.0500 0156 dpti2o - ok 22:47:27.0546 0156 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 22:47:27.0984 0156 drmkaud - ok 22:47:28.0046 0156 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 22:47:28.0437 0156 EapHost - ok 22:47:28.0484 0156 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 22:47:28.0890 0156 ERSvc - ok 22:47:29.0046 0156 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 22:47:29.0500 0156 esgiguard - ok 22:47:29.0562 0156 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 22:47:29.0687 0156 Eventlog - ok 22:47:29.0781 0156 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll 22:47:29.0953 0156 EventSystem - ok 22:47:30.0046 0156 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys 22:47:30.0609 0156 Fallback - ok 22:47:30.0671 0156 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 22:47:31.0093 0156 Fastfat - ok 22:47:31.0171 0156 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 22:47:31.0328 0156 FastUserSwitchingCompatibility - ok 22:47:31.0453 0156 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe 22:47:31.0890 0156 Fax - ok 22:47:31.0906 0156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 22:47:32.0343 0156 Fdc - ok 22:47:32.0421 0156 FilterService (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 22:47:32.0921 0156 FilterService - ok 22:47:32.0968 0156 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 22:47:33.0375 0156 Fips - ok 22:47:33.0468 0156 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 22:47:34.0000 0156 FLEXnet Licensing Service - ok 22:47:34.0078 0156 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 22:47:34.0484 0156 Flpydisk - ok 22:47:34.0593 0156 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 22:47:35.0000 0156 FltMgr - ok 22:47:35.0187 0156 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 22:47:35.0265 0156 FontCache3.0.0.0 - ok 22:47:35.0343 0156 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys 22:47:36.0046 0156 Fsks - ok 22:47:36.0109 0156 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:47:36.0671 0156 Fs_Rec - ok 22:47:36.0703 0156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:47:37.0250 0156 Ftdisk - ok 22:47:37.0328 0156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 22:47:37.0593 0156 GEARAspiWDM - ok 22:47:37.0640 0156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:47:38.0062 0156 Gpc - ok 22:47:38.0281 0156 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 22:47:38.0328 0156 gupdate - ok 22:47:38.0375 0156 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 22:47:38.0421 0156 gupdatem - ok 22:47:38.0515 0156 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 22:47:38.0765 0156 gusvc - ok 22:47:38.0890 0156 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 22:47:39.0296 0156 helpsvc - ok 22:47:39.0359 0156 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 22:47:39.0750 0156 HidServ - ok 22:47:39.0828 0156 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:47:40.0234 0156 HidUsb - ok 22:47:40.0296 0156 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 22:47:40.0703 0156 hkmsvc - ok 22:47:40.0734 0156 hpn - ok 22:47:40.0750 0156 hpt3xx - ok 22:47:40.0859 0156 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 22:47:41.0671 0156 HSFHWBS2 - ok 22:47:42.0109 0156 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 22:47:42.0671 0156 HSF_DP - ok 22:47:42.0734 0156 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys 22:47:43.0500 0156 hsf_msft - ok 22:47:43.0578 0156 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 22:47:43.0703 0156 HTTP - ok 22:47:43.0750 0156 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 22:47:44.0171 0156 HTTPFilter - ok 22:47:44.0187 0156 i2omgmt - ok 22:47:44.0203 0156 i2omp - ok 22:47:44.0265 0156 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:47:44.0671 0156 i8042prt - ok 22:47:44.0781 0156 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 22:47:45.0031 0156 IDriverT ( UnsignedFile.Multi.Generic ) - warning 22:47:45.0031 0156 IDriverT - detected UnsignedFile.Multi.Generic (1) 22:47:45.0296 0156 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:47:45.0828 0156 idsvc - ok 22:47:45.0875 0156 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys 22:47:46.0281 0156 Imapi - ok 22:47:46.0328 0156 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 22:47:46.0750 0156 ImapiService - ok 22:47:46.0812 0156 InCDfs (b87fc7c71632240dac8f4d20e9ce8377) C:\WINDOWS\system32\drivers\InCDfs.sys 22:47:47.0062 0156 InCDfs ( UnsignedFile.Multi.Generic ) - warning 22:47:47.0062 0156 InCDfs - detected UnsignedFile.Multi.Generic (1) 22:47:47.0093 0156 InCDPass (2e878405128ec98886eb9c2216ac7bd6) C:\WINDOWS\system32\DRIVERS\InCDPass.sys 22:47:47.0343 0156 InCDPass ( UnsignedFile.Multi.Generic ) - warning 22:47:47.0343 0156 InCDPass - detected UnsignedFile.Multi.Generic (1) 22:47:47.0359 0156 InCDrec (ddf078917a42f105385d7eb6debb3433) C:\WINDOWS\system32\drivers\InCDrec.sys 22:47:47.0609 0156 InCDrec ( UnsignedFile.Multi.Generic ) - warning 22:47:47.0609 0156 InCDrec - detected UnsignedFile.Multi.Generic (1) 22:47:47.0656 0156 incdrm (7f352360e947ad2cd4ba60de27b1a299) C:\WINDOWS\system32\drivers\incdrm.sys 22:47:47.0937 0156 incdrm ( UnsignedFile.Multi.Generic ) - warning 22:47:47.0937 0156 incdrm - detected UnsignedFile.Multi.Generic (1) 22:47:48.0093 0156 InCDsrv (e9372a17c22fc4e5c9fd8798a97775fc) C:\Program Files\Ahead\InCD\InCDsrv.exe 22:47:48.0515 0156 InCDsrv ( UnsignedFile.Multi.Generic ) - warning 22:47:48.0515 0156 InCDsrv - detected UnsignedFile.Multi.Generic (1) 22:47:48.0546 0156 ini910u - ok 22:47:48.0562 0156 IntelIde - ok 22:47:48.0625 0156 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 22:47:49.0015 0156 ip6fw - ok 22:47:49.0078 0156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:47:49.0593 0156 IpFilterDriver - ok 22:47:49.0609 0156 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:47:49.0984 0156 IpInIp - ok 22:47:50.0031 0156 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:47:50.0437 0156 IpNat - ok 22:47:50.0562 0156 iPod Service (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe 22:47:51.0015 0156 iPod Service - ok 22:47:51.0062 0156 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:47:51.0468 0156 IPSec - ok 22:47:51.0515 0156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 22:47:51.0921 0156 IRENUM - ok 22:47:51.0984 0156 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:47:52.0390 0156 isapnp - ok 22:47:52.0484 0156 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys 22:47:53.0234 0156 K56 - ok 22:47:53.0250 0156 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:47:53.0640 0156 Kbdclass - ok 22:47:53.0687 0156 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 22:47:54.0093 0156 kmixer - ok 22:47:54.0171 0156 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 22:47:54.0328 0156 KSecDD - ok 22:47:54.0375 0156 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 22:47:54.0578 0156 lanmanserver - ok 22:47:54.0640 0156 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 22:47:54.0781 0156 lanmanworkstation - ok 22:47:54.0796 0156 lbrtfdc - ok 22:47:54.0968 0156 LightScribeService (faab52b7766409d702b99fe5553dc34f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 22:47:55.0187 0156 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 22:47:55.0187 0156 LightScribeService - detected UnsignedFile.Multi.Generic (1) 22:47:55.0250 0156 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 22:47:55.0656 0156 LmHosts - ok 22:47:55.0718 0156 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys 22:47:56.0156 0156 LVPr2Mon - ok 22:47:56.0250 0156 LVPrcSrv (2333057542c91ae8228bdccc2e5f2632) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe 22:47:56.0531 0156 LVPrcSrv - ok 22:47:56.0593 0156 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys 22:47:57.0031 0156 LVRS - ok 22:47:57.0453 0156 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 22:47:58.0484 0156 LVUVC - ok 22:47:58.0687 0156 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 22:47:58.0734 0156 McAfee SiteAdvisor Service - ok 22:47:58.0859 0156 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe 22:47:58.0921 0156 McComponentHostService - ok 22:47:59.0109 0156 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 22:47:59.0156 0156 McMPFSvc - ok 22:47:59.0171 0156 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 22:47:59.0218 0156 mcmscsvc - ok 22:47:59.0234 0156 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 22:47:59.0296 0156 McNaiAnn - ok 22:47:59.0312 0156 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 22:47:59.0375 0156 McNASvc - ok 22:47:59.0515 0156 McODS (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe 22:47:59.0578 0156 McODS - ok 22:47:59.0609 0156 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 22:47:59.0656 0156 McProxy - ok 22:47:59.0812 0156 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 22:47:59.0859 0156 McShield - ok 22:48:00.0015 0156 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 22:48:00.0453 0156 mdmxsdk - ok 22:48:00.0546 0156 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 22:48:00.0937 0156 Messenger - ok 22:48:01.0031 0156 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\WINDOWS\system32\drivers\mfeapfk.sys 22:48:01.0078 0156 mfeapfk - ok 22:48:01.0109 0156 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\WINDOWS\system32\drivers\mfeavfk.sys 22:48:01.0187 0156 mfeavfk - ok 22:48:01.0218 0156 mfeavfk01 - ok 22:48:01.0296 0156 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\WINDOWS\system32\drivers\mfebopk.sys 22:48:01.0343 0156 mfebopk - ok 22:48:01.0390 0156 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 22:48:01.0468 0156 mfefire - ok 22:48:01.0578 0156 mfefirek (4ea6ff90015424517843e931448e00f1) C:\WINDOWS\system32\drivers\mfefirek.sys 22:48:01.0859 0156 mfefirek - ok 22:48:01.0937 0156 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\WINDOWS\system32\drivers\mfehidk.sys 22:48:02.0453 0156 mfehidk - ok 22:48:02.0515 0156 mfendisk (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 22:48:02.0796 0156 mfendisk - ok 22:48:02.0812 0156 mfendiskmp (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 22:48:02.0875 0156 mfendiskmp - ok 22:48:02.0937 0156 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\WINDOWS\system32\drivers\mferkdet.sys 22:48:03.0203 0156 mferkdet - ok 22:48:03.0234 0156 mfetdi2k (070d3faf2eac417c59d8674a8752f7a6) C:\WINDOWS\system32\drivers\mfetdi2k.sys 22:48:03.0484 0156 mfetdi2k - ok 22:48:03.0578 0156 mfevtp (b10c4efd40810c08f4b44df2efcb54f7) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe 22:48:03.0875 0156 mfevtp - ok 22:48:03.0937 0156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 22:48:04.0468 0156 mnmdd - ok 22:48:04.0531 0156 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe 22:48:04.0953 0156 mnmsrvc - ok 22:48:05.0000 0156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 22:48:05.0390 0156 Modem - ok 22:48:05.0453 0156 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:48:05.0859 0156 Mouclass - ok 22:48:05.0921 0156 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:48:06.0453 0156 mouhid - ok 22:48:06.0500 0156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 22:48:06.0890 0156 MountMgr - ok 22:48:06.0906 0156 mraid35x - ok 22:48:06.0953 0156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:48:07.0375 0156 MRxDAV - ok 22:48:07.0531 0156 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:48:08.0093 0156 MRxSmb - ok 22:48:08.0156 0156 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe 22:48:08.0578 0156 MSDTC - ok 22:48:08.0640 0156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 22:48:09.0046 0156 Msfs - ok 22:48:09.0062 0156 MSIServer - ok 22:48:09.0109 0156 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:48:09.0500 0156 MSKSSRV - ok 22:48:09.0546 0156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:48:09.0953 0156 MSPCLOCK - ok 22:48:10.0031 0156 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 22:48:10.0437 0156 MSPQM - ok 22:48:10.0500 0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:48:10.0906 0156 mssmbios - ok 22:48:10.0968 0156 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 22:48:11.0359 0156 MSTEE - ok 22:48:11.0406 0156 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 22:48:11.0765 0156 Mup - ok 22:48:11.0828 0156 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 22:48:12.0218 0156 NABTSFEC - ok 22:48:12.0312 0156 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 22:48:12.0781 0156 napagent - ok 22:48:12.0828 0156 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 22:48:13.0250 0156 NDIS - ok 22:48:13.0265 0156 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 22:48:13.0656 0156 NdisIP - ok 22:48:13.0703 0156 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:48:14.0046 0156 NdisTapi - ok 22:48:14.0109 0156 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:48:14.0468 0156 Ndisuio - ok 22:48:14.0515 0156 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:48:14.0937 0156 NdisWan - ok 22:48:14.0968 0156 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 22:48:15.0312 0156 NDProxy - ok 22:48:15.0578 0156 Nero BackItUp Scheduler 3 (78073f606ae3b24f6c1f555759aa8511) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 22:48:16.0031 0156 Nero BackItUp Scheduler 3 - ok 22:48:16.0078 0156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 22:48:16.0468 0156 NetBIOS - ok 22:48:16.0531 0156 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 22:48:16.0906 0156 NetBT - ok 22:48:16.0984 0156 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 22:48:17.0375 0156 NetDDE - ok 22:48:17.0375 0156 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 22:48:17.0734 0156 NetDDEdsdm - ok 22:48:17.0781 0156 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 22:48:18.0125 0156 Netlogon - ok 22:48:18.0187 0156 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 22:48:18.0593 0156 Netman - ok 22:48:18.0750 0156 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:48:18.0812 0156 NetTcpPortSharing - ok 22:48:18.0875 0156 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 22:48:19.0000 0156 Nla - ok 22:48:19.0218 0156 NMIndexingService (62f68443d244024845b875b44d76a92f) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 22:48:19.0343 0156 NMIndexingService - ok 22:48:19.0453 0156 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 22:48:19.0859 0156 Npfs - ok 22:48:19.0921 0156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 22:48:20.0406 0156 Ntfs - ok 22:48:20.0453 0156 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe 22:48:20.0796 0156 NtLmSsp - ok 22:48:20.0875 0156 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 22:48:21.0265 0156 NtmsSvc - ok 22:48:21.0296 0156 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 22:48:21.0750 0156 Null - ok 22:48:21.0921 0156 nv (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 22:48:22.0562 0156 nv - ok 22:48:22.0687 0156 NVSvc (5ed834603c36414b579979b3a9c90f54) C:\WINDOWS\system32\nvsvc32.exe 22:48:23.0093 0156 NVSvc - ok 22:48:23.0187 0156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:48:23.0718 0156 NwlnkFlt - ok 22:48:23.0765 0156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:48:24.0312 0156 NwlnkFwd - ok 22:48:24.0515 0156 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:48:24.0796 0156 odserv - ok 22:48:24.0875 0156 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 22:48:25.0125 0156 OMCI ( UnsignedFile.Multi.Generic ) - warning 22:48:25.0125 0156 OMCI - detected UnsignedFile.Multi.Generic (1) 22:48:25.0187 0156 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:48:25.0421 0156 ose - ok 22:48:25.0500 0156 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 22:48:25.0906 0156 Parport - ok 22:48:25.0984 0156 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 22:48:26.0375 0156 PartMgr - ok 22:48:26.0421 0156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 22:48:26.0953 0156 ParVdm - ok 22:48:27.0015 0156 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 22:48:27.0406 0156 PCI - ok 22:48:27.0437 0156 PCIDump - ok 22:48:27.0500 0156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 22:48:28.0031 0156 PCIIde - ok 22:48:28.0062 0156 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 22:48:28.0453 0156 Pcmcia - ok 22:48:28.0484 0156 PDCOMP - ok 22:48:28.0500 0156 PDFRAME - ok 22:48:28.0515 0156 PDRELI - ok 22:48:28.0546 0156 PDRFRAME - ok 22:48:28.0578 0156 perc2 - ok 22:48:28.0593 0156 perc2hib - ok 22:48:28.0687 0156 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe 22:48:28.0968 0156 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning 22:48:28.0968 0156 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1) 22:48:29.0031 0156 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 22:48:29.0093 0156 PlugPlay - ok 22:48:29.0171 0156 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 22:48:29.0515 0156 PolicyAgent - ok 22:48:29.0578 0156 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:48:29.0984 0156 PptpMiniport - ok 22:48:30.0015 0156 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 22:48:30.0406 0156 Processor - ok 22:48:30.0421 0156 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 22:48:30.0781 0156 ProtectedStorage - ok 22:48:30.0828 0156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 22:48:31.0250 0156 PSched - ok 22:48:31.0296 0156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:48:31.0828 0156 Ptilink - ok 22:48:31.0890 0156 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 22:48:32.0156 0156 PxHelp20 - ok 22:48:32.0187 0156 ql1080 - ok 22:48:32.0203 0156 Ql10wnt - ok 22:48:32.0218 0156 ql12160 - ok 22:48:32.0234 0156 ql1240 - ok 22:48:32.0265 0156 ql1280 - ok 22:48:32.0312 0156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:48:32.0843 0156 RasAcd - ok 22:48:32.0890 0156 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 22:48:33.0265 0156 RasAuto - ok 22:48:33.0296 0156 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:48:33.0640 0156 Rasl2tp - ok 22:48:33.0703 0156 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 22:48:34.0093 0156 RasMan - ok 22:48:34.0125 0156 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:48:34.0531 0156 RasPppoe - ok 22:48:34.0562 0156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 22:48:35.0093 0156 Raspti - ok 22:48:35.0140 0156 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:48:35.0515 0156 Rdbss - ok 22:48:35.0562 0156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:48:36.0046 0156 RDPCDD - ok 22:48:36.0125 0156 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys 22:48:36.0593 0156 RDPWD - ok 22:48:36.0671 0156 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 22:48:37.0031 0156 RDSessMgr - ok 22:48:37.0109 0156 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 22:48:37.0515 0156 redbook - ok 22:48:37.0546 0156 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 22:48:37.0937 0156 RemoteAccess - ok 22:48:37.0984 0156 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys 22:48:38.0703 0156 Rksample - ok 22:48:38.0750 0156 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe 22:48:39.0093 0156 RpcLocator - ok 22:48:39.0203 0156 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 22:48:39.0281 0156 RpcSs - ok 22:48:39.0343 0156 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe 22:48:39.0828 0156 RSVP - ok 22:48:39.0890 0156 rtl8139 (d6066a0596b13e486204dd365fdb2d4f) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 22:48:40.0390 0156 rtl8139 - ok 22:48:40.0453 0156 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 22:48:40.0796 0156 SamSs - ok 22:48:40.0859 0156 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 22:48:41.0234 0156 SCardSvr - ok 22:48:41.0281 0156 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 22:48:41.0687 0156 Schedule - ok 22:48:41.0734 0156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:48:42.0140 0156 Secdrv - ok 22:48:42.0203 0156 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 22:48:42.0593 0156 seclogon - ok 22:48:42.0625 0156 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 22:48:43.0031 0156 SENS - ok 22:48:43.0062 0156 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 22:48:43.0437 0156 serenum - ok 22:48:43.0484 0156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 22:48:43.0890 0156 Serial - ok 22:48:43.0984 0156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 22:48:44.0359 0156 Sfloppy - ok 22:48:44.0421 0156 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 22:48:44.0812 0156 SharedAccess - ok 22:48:44.0875 0156 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 22:48:44.0937 0156 ShellHWDetection - ok 22:48:44.0953 0156 Simbad - ok 22:48:45.0031 0156 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 22:48:45.0390 0156 SLIP - ok 22:48:45.0515 0156 smwdm (12d9287937366bf1c9ad7007b5407deb) C:\WINDOWS\system32\drivers\smwdm.sys 22:48:45.0859 0156 smwdm - ok 22:48:45.0937 0156 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys 22:48:46.0640 0156 SoftFax - ok 22:48:46.0656 0156 Sparrow - ok 22:48:46.0703 0156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 22:48:47.0109 0156 splitter - ok 22:48:47.0171 0156 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 22:48:47.0265 0156 Spooler - ok 22:48:47.0500 0156 SpyHunter 4 Service (05580ac1c1cd96d04ef74ebd18dc81c3) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE 22:48:47.0906 0156 SpyHunter 4 Service - ok 22:48:47.0953 0156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 22:48:48.0312 0156 sr - ok 22:48:48.0359 0156 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 22:48:48.0765 0156 srservice - ok 22:48:48.0843 0156 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 22:48:49.0140 0156 Srv - ok 22:48:49.0218 0156 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 22:48:49.0609 0156 SSDPSRV - ok 22:48:49.0687 0156 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 22:48:50.0093 0156 stisvc - ok 22:48:50.0171 0156 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 22:48:50.0531 0156 streamip - ok 22:48:50.0562 0156 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 22:48:50.0937 0156 swenum - ok 22:48:50.0968 0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 22:48:51.0328 0156 swmidi - ok 22:48:51.0343 0156 SwPrv - ok 22:48:51.0375 0156 symc810 - ok 22:48:51.0406 0156 symc8xx - ok 22:48:51.0421 0156 sym_hi - ok 22:48:51.0437 0156 sym_u3 - ok 22:48:51.0500 0156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 22:48:51.0906 0156 sysaudio - ok 22:48:51.0984 0156 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 22:48:52.0328 0156 SysmonLog - ok 22:48:52.0390 0156 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 22:48:52.0781 0156 TapiSrv - ok 22:48:52.0843 0156 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:48:52.0984 0156 Tcpip - ok 22:48:53.0046 0156 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 22:48:53.0437 0156 TDPIPE - ok 22:48:53.0468 0156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 22:48:53.0828 0156 TDTCP - ok 22:48:53.0859 0156 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 22:48:54.0265 0156 TermDD - ok 22:48:54.0343 0156 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 22:48:54.0734 0156 TermService - ok 22:48:54.0781 0156 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 22:48:54.0843 0156 Themes - ok 22:48:54.0921 0156 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys 22:48:55.0671 0156 Tones - ok 22:48:55.0687 0156 TosIde - ok 22:48:55.0734 0156 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 22:48:56.0140 0156 TrkWks - ok 22:48:56.0218 0156 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 22:48:56.0609 0156 Udfs - ok 22:48:56.0625 0156 ultra - ok 22:48:56.0703 0156 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 22:48:57.0125 0156 Update - ok 22:48:57.0187 0156 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 22:48:57.0546 0156 upnphost - ok 22:48:57.0593 0156 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 22:48:57.0968 0156 UPS - ok 22:48:58.0015 0156 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 22:48:58.0531 0156 USBAAPL - ok 22:48:58.0562 0156 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 22:48:58.0906 0156 usbaudio - ok 22:48:58.0953 0156 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:48:59.0359 0156 usbccgp - ok 22:48:59.0437 0156 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:48:59.0812 0156 usbehci - ok 22:48:59.0843 0156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:49:00.0203 0156 usbhub - ok 22:49:00.0265 0156 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 22:49:00.0656 0156 usbprint - ok 22:49:00.0718 0156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:49:01.0109 0156 usbscan - ok 22:49:01.0187 0156 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:49:01.0578 0156 USBSTOR - ok 22:49:01.0640 0156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 22:49:02.0046 0156 usbuhci - ok 22:49:02.0078 0156 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 22:49:02.0437 0156 usbvideo - ok 22:49:02.0515 0156 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys 22:49:03.0250 0156 V124 - ok 22:49:03.0312 0156 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 22:49:03.0671 0156 VgaSave - ok 22:49:03.0687 0156 ViaIde - ok 22:49:03.0750 0156 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 22:49:04.0093 0156 VolSnap - ok 22:49:04.0171 0156 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 22:49:04.0531 0156 VSS - ok 22:49:04.0609 0156 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 22:49:05.0000 0156 W32Time - ok 22:49:05.0078 0156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:49:05.0421 0156 Wanarp - ok 22:49:05.0453 0156 WDICA - ok 22:49:05.0500 0156 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 22:49:05.0906 0156 wdmaud - ok 22:49:05.0984 0156 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 22:49:06.0343 0156 WebClient - ok 22:49:06.0468 0156 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys 22:49:06.0953 0156 winachsf - ok 22:49:07.0125 0156 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe 22:49:07.0171 0156 WinDefend - ok 22:49:07.0328 0156 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 22:49:07.0671 0156 winmgmt - ok 22:49:07.0734 0156 WmdmPmSN (482069cda24aa0e94b1351e30eb3d01f) C:\WINDOWS\system32\MsPMSNSv.dll 22:49:08.0078 0156 WmdmPmSN - ok 22:49:08.0171 0156 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe 22:49:08.0531 0156 WmiApSrv - ok 22:49:08.0609 0156 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 22:49:09.0109 0156 WS2IFSL - ok 22:49:09.0187 0156 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 22:49:09.0531 0156 wscsvc - ok 22:49:09.0578 0156 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 22:49:09.0953 0156 WSTCODEC - ok 22:49:10.0000 0156 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 22:49:10.0343 0156 wuauserv - ok 22:49:10.0437 0156 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 22:49:10.0828 0156 WZCSVC - ok 22:49:10.0890 0156 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 22:49:11.0265 0156 xmlprov - ok 22:49:11.0312 0156 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 22:49:12.0000 0156 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 22:49:12.0000 0156 \Device\Harddisk0\DR0 - detected TDSS File System (1) 22:49:12.0031 0156 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1 22:49:17.0593 0156 \Device\Harddisk1\DR1 - ok 22:49:17.0640 0156 Boot (0x1200) (a384bb46cb41360ba0b17d4e8ab1c472) \Device\Harddisk0\DR0\Partition0 22:49:17.0640 0156 \Device\Harddisk0\DR0\Partition0 - ok 22:49:17.0671 0156 Boot (0x1200) (4abee8fbd8bc1b5ee15462ab80a447c1) \Device\Harddisk1\DR1\Partition0 22:49:17.0671 0156 \Device\Harddisk1\DR1\Partition0 - ok 22:49:17.0687 0156 ============================================================ 22:49:17.0687 0156 Scan finished 22:49:17.0687 0156 ============================================================ 22:49:17.0812 3772 Detected object count: 10 22:49:17.0812 3772 Actual detected object count: 10 22:52:19.0968 3772 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 22:52:19.0968 3772 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:52:19.0968 3772 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user 22:52:19.0968 3772 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:52:19.0984 3772 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user 22:52:19.0984 3772 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:52:19.0984 3772 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user 22:52:19.0984 3772 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:52:20.0000 3772 incdrm ( UnsignedFile.Multi.Generic ) - skipped by user 22:52:20.0000 3772 incdrm ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:52:20.0000 3772 InCDsrv ( UnsignedFile.Multi.Generic ) - skipped by user 22:52:20.0000 3772 InCDsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:52:20.0000 3772 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 22:52:20.0000 3772 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:52:20.0000 3772 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user 22:52:20.0000 3772 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:52:20.0000 3772 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user 22:52:20.0000 3772 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:52:20.0000 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 22:52:20.0000 3772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 22:53:19.0562 1216 Deinitialize success I will send you soon the Virus Removal Tool file. Cordialement. Picsou
  12. Bonjour Maniac, Sorry If I did not reply rapidly to your last message. I was away for the last 3 days. Bonjour Maniac, As requested, i emptied the REcycle Bin. I tested my bank access and tested the same link (for a limited time offer for a rate) that is redirected. I clicked on it, received a Security Alert message saying: "You are about to leave a secure internet connection. It will be possible to others to view information you you send. Do you want to continue? ...." When clicking YES I was redirected to the following link: http://download.cloudantivirus.com/eng/malicious/?id=antiphishing-mystart3_6dn&url=rbc.bridgetrack.com/wmdi/_redir.htm?btdata=402127b796a617059574945bebeb4aba198978494faf8f3eceac5c2d69c220f2&bt_con=52&bt_as=8&bt_trf=83300 After that, I closed my bank access, closed IE and reopened it and navigated on the bank site without accessing my account. I found that each time the URL on a section of a page, contained "https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=26192"'>https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=26192" I was redirected to the URL above. Accordingly, by instance, I was also redirected with the following URL: https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=30464 to : http://download.cloudantivirus.com/eng/malicious/?id=antiphishing-mystart3_6dn&url=rbc.bridgetrack.com/bank/_redir.htm?btdata=6021278736c6175585d4947b1beb4aba49c968494faf8f3e4eac5c2d652ddd93&bt_con=51&bt_as=8&bt_trf=81335 Note that each time there is a UrL having this format: https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=26192 https://rbc.bridgetrack.com/a/c/?BT_CON=52&BT_PID=643277&r=30464 It is redirected to an advertisement for Panda Antivirus. I am disappointed that all the work done did not seem to resolve the issue. I still have the redirections. But note that I have them (redirections) only when I click on URL that has the format and syntax above. Any suggestion? Regards, Picsou.
  13. Hello Maniac, I manually deleted the folders c:\documents and settings\Owner\Local Settings\Application Data\Conduit c:\documents and settings\Hélène\Local Settings\Application Data\Conduit and also other files that had Conduit name in the file name. All these files (138) were created on May 23 (when I think I was infected first) and on June 1, 2012. See image: in the word file attached (sorry, unable to attach it and it is images from the Recycle Bin). Most of the files relate to WiseConvert. 2 examples: http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png http___storage_conduit_com_bankimages_CommandComps_RegistryEditor_gif I did not empty the Recycle BIN . Should I empty it? And what is the next step? Cordialment, Picsou.
  14. Bonjour Maniac, Find attached the ComboFix.txt file after running ComboFix with the CFScript.txt file incorporated. Note that I had to run it twice at it seems it did not work properly the first time. Before, just a quick question for you: When I started IE to post this message, I had a pop-up asking if I wanted to make IE as my web browser by default , leaving to understand that it could not be. is this normal? the comboFix File: ComboFix 12-06-15.02 - Gilles 15/06/2012 10:26:34.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.422 [GMT -4:00] Running from: c:\documents and settings\Gilles\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Gilles\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 ))))))))))))))))))))))))))))))) . . 2012-06-13 22:06 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-13 02:33 . 2012-06-13 02:33 -------- d-----w- c:\program files\ESET 2012-06-12 21:57 . 2012-06-12 21:57 -------- d-----w- C:\_OTL 2012-06-11 17:36 . 2012-06-11 17:36 -------- d-----w- c:\documents and settings\Hélène\Application Data\Malwarebytes 2012-06-08 18:32 . 2012-06-08 18:32 110080 ----a-r- c:\documents and settings\Gilles\Application Data\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconF7A21AF7.exe 2012-06-08 18:32 . 2012-06-08 18:32 110080 ----a-r- c:\documents and settings\Gilles\Application Data\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconD7F16134.exe 2012-06-08 18:32 . 2012-06-08 18:32 110080 ----a-r- c:\documents and settings\Gilles\Application Data\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconCF33A0CE.exe 2012-06-08 18:32 . 2012-06-08 18:33 -------- d-----w- C:\sh4ldr 2012-06-08 18:32 . 2012-06-08 18:32 -------- d-----w- c:\program files\Enigma Software Group 2012-06-08 18:31 . 2012-06-08 18:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-06-05 03:55 . 2012-06-05 03:55 -------- d-sh--w- c:\documents and settings\Hélène\IECompatCache 2012-06-01 17:35 . 2012-06-01 17:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit 2012-06-01 17:31 . 2012-06-01 17:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WiseConvert 2012-05-31 21:56 . 2012-05-31 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-05-31 21:55 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-23 19:40 . 2012-06-01 18:16 -------- d-----w- c:\documents and settings\Hélène\Local Settings\Application Data\WiseConvert 2012-05-23 19:40 . 2012-06-01 21:38 -------- d-----w- c:\documents and settings\Hélène\Local Settings\Application Data\Conduit . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-31 13:22 . 2001-08-18 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-15 13:20 . 2001-08-18 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42 . 2001-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2001-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:12 . 2001-08-18 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2001-08-18 12:00 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2009-12-21 22:42 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2004-10-01 20:00 . 2008-01-04 02:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-06-14_03.35.16 ))))))))))))))))))))))))))))))))))))))))) . - 2012-06-12 23:00 . 2012-06-14 00:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2012-06-12 23:00 . 2012-06-15 12:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-12-21 22:49 . 2012-06-15 12:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-12-21 22:49 . 2012-06-14 00:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2012-06-15 03:06 . 2012-06-15 03:06 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3b34fc2c8c94ffe21f75168980b69dfe\System.Web.DynamicData.Design.ni.dll - 2009-12-21 17:31 . 2012-05-31 20:00 245512 c:\windows\system32\FNTCACHE.DAT + 2009-12-21 17:31 . 2012-06-14 04:05 245512 c:\windows\system32\FNTCACHE.DAT + 2012-06-15 03:04 . 2012-06-15 03:04 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\b412e064a383e0ca090e2c0111f816dd\XPBurnComponent.ni.dll + 2012-06-15 03:06 . 2012-06-15 03:06 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\698c2093d7ac57af935b399d1c0b1790\System.Web.Routing.ni.dll + 2012-06-15 03:06 . 2012-06-15 03:06 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\75248baf640115daeb0e580f1c5ff98b\System.Web.Extensions.Design.ni.dll + 2012-06-15 03:06 . 2012-06-15 03:06 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\40c3b61ac38613e2b4b0f196e86185eb\System.Web.Entity.ni.dll + 2012-06-15 03:06 . 2012-06-15 03:06 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\39cc9a830f7f08fd9f397be452fd78b0\System.Web.Entity.Design.ni.dll + 2012-06-15 03:06 . 2012-06-15 03:06 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\88b1fd4792e7b698b788594d8e5e3c09\System.Web.DynamicData.ni.dll + 2012-06-15 03:06 . 2012-06-15 03:06 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6333d22a2ea347432d46c40d93194c68\System.Web.Abstractions.ni.dll + 2012-06-15 03:03 . 2012-06-15 03:03 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll + 2012-06-15 03:03 . 2012-06-15 03:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll + 2012-06-15 03:04 . 2012-06-15 03:04 230912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\6f3ec9b5a3e2a712e6b70edd6585bb2d\Microsoft.ApplicationBlocks.Updater.ni.dll + 2012-06-15 03:03 . 2012-06-15 03:03 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\487d532a59d9d2e8fa9288be13c686ea\DriversHQ.DriverDetective.Common.ni.dll + 2012-06-15 03:07 . 2012-06-15 03:07 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bd5bd406670d483b82bd51249eee59e3\System.WorkflowServices.ni.dll + 2012-06-15 03:07 . 2012-06-15 03:07 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\77361ebe9ad8ff77cc9a8d7f8363eb05\System.Workflow.Runtime.ni.dll + 2012-06-15 03:07 . 2012-06-15 03:07 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1c12dfa7826b331b243b7b45daf9904d\System.Workflow.ComponentModel.ni.dll + 2012-06-15 03:07 . 2012-06-15 03:07 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\514bf0e69e2c9fc8509cd23236057356\System.Workflow.Activities.ni.dll + 2012-06-15 03:03 . 2012-06-15 03:03 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll + 2012-06-15 03:06 . 2012-06-15 03:06 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\77f8cde07b131839f1841be702837e8e\System.Web.Mobile.ni.dll + 2012-06-15 03:06 . 2012-06-15 03:06 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\242b168aaca18197eca371ec269e23ac\System.Web.Extensions.ni.dll + 2012-06-15 03:03 . 2012-06-15 03:03 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7a53d68ad544f8e9edfdbd5a90a48fd3\System.Deployment.ni.dll + 2012-06-15 03:05 . 2012-06-15 03:05 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll + 2012-06-15 03:04 . 2012-06-15 03:04 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\4e463dcf2a03c71913a61b44c32e2389\Microsoft.Build.Tasks.ni.dll + 2012-06-15 03:05 . 2012-06-15 03:05 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\395b4a85c7941ac4dd9d1c6f5eb444c7\Microsoft.Build.Tasks.v3.5.ni.dll + 2012-06-15 03:03 . 2012-06-15 03:03 4675584 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\5e4b2849a69b40ceb6ff2fb0ff566ce7\DriversHQ.DriverDetective.Client.ni.exe + 2012-06-15 03:04 . 2012-06-15 03:04 1132032 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.Common\83087a68cbdcc4d85b34ba10de764267\DriversHQ.Common.ni.dll + 2012-06-15 03:03 . 2012-06-15 03:03 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-23 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-06 185896] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560] "nwiz"="nwiz.exe" [2003-10-06 741376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-10-06 49152] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-01-19 232104] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Gilles\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Hélène\Start Menu\Programs\Startup\ AOM.lnk - c:\program files\Common Files\Adobe\Web\AOM.exe [2002-8-1 696320] OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2002-8-26 49254] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2002-10-23 86016] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2005-07-08 15:25 1397760 ------w- c:\program files\Ahead\InCD\InCD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-01-25 20:08 421160 ----a-w- d:\programs\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] 2002-06-03 16:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-01-13 22:44 37888 ----a-w- d:\programs\winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\programs\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"= . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [13/04/2010 8:08 PM 89792] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\program files\adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09/10/2009 6:45 AM 169312] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23/12/2009 1:13 AM 95200] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [13/04/2010 8:07 PM 214904] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [13/04/2010 8:07 PM 214904] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [13/04/2010 8:08 PM 161632] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [13/04/2010 8:08 PM 151880] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [13/04/2010 8:08 PM 57600] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [13/04/2010 8:08 PM 340920] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [13/04/2010 8:08 PM 83856] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/04/2009 9:22 PM 133104] S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [02/06/2012 2:58 PM 763840] S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [06/05/2011 4:57 PM 13904] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [06/04/2009 9:22 PM 133104] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 8:49 AM 227232] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [13/04/2010 8:08 PM 83856] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [13/04/2010 8:08 PM 87656] S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [18/08/2001 8:00 AM 14336] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 01:22] . 2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 01:22] . 2012-06-13 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2009-12-11 19:00] . 2012-06-15 c:\windows\Tasks\RegCure Startup.job - c:\program files\RegCure\RegCure.exe [2009-12-11 19:00] . 2012-06-10 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2009-12-11 19:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.lactualite.com/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: gouv.qc.ca\www.registrefoncier TCP: DhcpNameServer = 192.168.0.1 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-15 10:54 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2076) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-06-15 11:03:26 ComboFix-quarantined-files.txt 2012-06-15 15:03 ComboFix2.txt 2012-06-15 13:59 ComboFix3.txt 2012-06-14 03:41 . Pre-Run: 6,412,869,632 bytes free Post-Run: 6,393,147,392 bytes free . - - End Of File - - 197E5411ED745C7FD4CEBD3699799886 What the next step? Picsou
  15. Hello Maniac, Last message should have been signed as Picsou and not Maniac. ;-)) Regards, Picsou