Need help with removal - Trojan-Spy.Win32.KeyLogger.aa [RESOLVED]

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

Need help with removal - Trojan-Spy.Win32.KeyLogger.aa [RESOLVED], Yet, not sure if this is the right name...

Options

JMInterceptor View Member Profile	Sep 6 2008, 07:15 PM Post #1
New Member Posts: 7 OS: Windows Vista	Hi, Since a week now, I have been trying to remove a virus / trojan that constantly open a fake Windows Security Alert informing me that I'm infected with Trojan-Downloader.win32.aa / Trojan-Spy.Win32.KeyLogger.aa / Trojan-Spy.HTML.Bankfraud.dq. I have ran many times ADWARE and Trend Mico PC-cillin Internet Security (My anti-virus program), and even if they detect / remove the targeted trojan, it keep re-activating itself. I have also used SmitfraudFix but without any success. I have inserted there a picture of the pop-up : If anyone can help me remove this trojan without reinstalling Windows Vista, I would greatly appreciate it. Thanks in advance ! Sorry if there is already a guide for this trojan, but like I said before, I'm not even sure of its name. If that is the case, please just foward me to the correct link. *** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:13:36, on 2008-09-06 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\ProgramData\lahkleti\lyzaxara.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\ProgramData\AdmSrv\snwxsxsp.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Windows\System32\mobsync.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Windows\system32\taskeng.exe C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [beqr6OHuSa] C:\ProgramData\lahkleti\lyzaxara.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3148121903-2916808347-2587529542-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{CE135834-4A0E-4BD4-AD3B-FE30198CFE51}: NameServer = 207.164.234.129 207.164.234.193 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13702 bytes **

fenzodahl512 View Member Profile	Sep 7 2008, 01:50 AM Post #2
Trusted Helper Posts: 4,267 OS: Windows XP	Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following... Please download Malwarebytes' Anti-Malware from HERE or HERE Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan" Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. *NEXT* Please download RSIT by random/random and save it to your Desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply. Please post these logs in your next reply.. Please post each log in separate post.. 1. Malwarebytes' 2. RSIT log.txt 3. RSIT info.txt

JMInterceptor View Member Profile	Sep 7 2008, 12:00 PM Post #3
New Member Posts: 7 OS: Windows Vista	Malwarebytes' log : Malwarebytes' Anti-Malware 1.26 Database version: 1125 Windows 6.0.6000 2008-09-07 13:59:22 mbam-log-2008-09-07 (13-59-22).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 243400 Time elapsed: 1 hour(s), 6 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\ProgramData\procapi\xkhcxmxw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\ProgramData\apiui\puvaxkjc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\ProgramData\DscEnWeb\xwzyzqjk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\ProgramData\mnten\yzqrengp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

JMInterceptor View Member Profile	Sep 7 2008, 12:02 PM Post #4
New Member Posts: 7 OS: Windows Vista	RSIT log.txt : Logfile of random's system information tool (written by random/random) Run by Jean-Michel at 2008-09-07 14:01:13 Microsoft® Windows Vista™ Home Premium System drive C: has 199 GB (69%) free of 290 GB Total RAM: 3069 MB (66% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:01:18, on 2008-09-07 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\ProgramData\lahkleti\lyzaxara.exe C:\ProgramData\AdmSrv\snwxsxsp.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Windows\System32\mobsync.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Windows\system32\taskeng.exe C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Users\Jean-Michel\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Jean-Michel.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [beqr6OHuSa] C:\ProgramData\lahkleti\lyzaxara.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe O4 - HKCU\..\Run: [StrUtilCom] C:\ProgramData\StrUtilCom\rafszypo.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3148121903-2916808347-2587529542-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{CE135834-4A0E-4BD4-AD3B-FE30198CFE51}: NameServer = 207.164.234.129 207.164.234.193 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13822 bytes Scheduled tasks folder C:\Windows\tasks\ParetoLogic Registration.job Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}] PopKill Class - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll [2008-03-10 55536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-02-07 501384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-05-23 2549368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2008-02-07 325048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-05-23 2549368] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-25 17920] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-12 405504] "Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072] "SunJavaUpdateSched"=c:\Program Files\Java\jre1.6.0\bin\jusched.exe [2008-02-07 77824] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2007-06-27 439512] "CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2007-06-27 215256] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-07 1838592] "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384] "pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe [2007-08-27 1807696] "zzzHPSETUP"=E:\Setup.exe [2008-05-13 1696296] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-02-01 385024] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] "SSA.exe"=C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe [2007-03-27 2061816] "Gestionnaire de sécurité Sympatico"=C:\Program Files\Bell\Gestionnaire de securite\Rps.exe [2008-03-10 311024] "-FreedomNeedsReboot"=C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe [2008-03-10 13552] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2006-11-02 2159104] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2007-11-15 202544] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] "igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2007-03-05 1103480] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-07 68856] "beqr6OHuSa"=C:\ProgramData\lahkleti\lyzaxara.exe [2008-09-02 65536] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-19 1576176] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368] "Uniblue RegistryBooster 2009"=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe [] "StrUtilCom"=C:\ProgramData\StrUtilCom\rafszypo.exe [2008-09-06 94208] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{415fe03e-d581-11dc-bf24-806e6f6e6963}] shell\AutoRun\command - E:\autorun.exe -auto File associations .reg - open - regedit.exe "%1" %* .scr - open - "%1" %* List of files/folders created in the last three months 2008-09-07 14:01:13 ----D---- C:\rsit 2008-09-06 21:42:22 ----D---- C:\ProgramData\StrUtilCom 2008-09-06 20:04:31 ----D---- C:\ProgramData\AdmSrv 2008-09-06 16:52:13 ----D---- C:\Windows\temp 2008-09-06 16:52:02 ----A---- C:\ComboFix.txt 2008-09-06 14:28:17 ----D---- C:\Windows\erdnt 2008-09-06 14:27:55 ----D---- C:\QooBox 2008-09-06 14:27:55 ----A---- C:\Windows\zip.exe 2008-09-06 14:27:55 ----A---- C:\Windows\VFind.exe 2008-09-06 14:27:55 ----A---- C:\Windows\swxcacls.exe 2008-09-06 14:27:55 ----A---- C:\Windows\swsc.exe 2008-09-06 14:27:55 ----A---- C:\Windows\swreg.exe 2008-09-06 14:27:55 ----A---- C:\Windows\sed.exe 2008-09-06 14:27:55 ----A---- C:\Windows\Nircmd.exe 2008-09-06 14:27:55 ----A---- C:\Windows\grep.exe 2008-09-06 14:27:55 ----A---- C:\Windows\fdsv.exe 2008-09-06 12:46:39 ----D---- C:\Program Files\SpyNoMore 2008-09-06 12:42:57 ----D---- C:\Users\Jean-Michel\AppData\Roaming\Download Manager 2008-09-04 09:30:50 ----D---- C:\ProgramData\ChkHlp 2008-09-04 08:15:02 ----D---- C:\Users\Jean-Michel\AppData\Roaming\Uniblue 2008-09-03 21:47:20 ----D---- C:\ProgramData\Spybot - Search & Destroy 2008-09-03 21:47:20 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-09-03 21:30:35 ----D---- C:\ProgramData\smartwebcmd 2008-09-03 21:30:29 ----D---- C:\ProgramData\apiui 2008-09-03 10:03:40 ----A---- C:\rollback.ini 2008-09-03 10:00:04 ----D---- C:\ProgramData\ParetoLogic Anti-Virus PLUS 2008-09-03 10:00:04 ----D---- C:\ProgramData\ParetoLogic 2008-09-03 10:00:04 ----D---- C:\Program Files\Common Files\ParetoLogic 2008-09-03 09:59:00 ----D---- C:\ProgramData\Downloaded Installations 2008-09-03 09:39:36 ----D---- C:\ProgramData\mntappdsc 2008-09-03 09:39:28 ----D---- C:\ProgramData\mnten 2008-09-03 08:20:56 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2008-09-03 08:20:33 ----D---- C:\Users\Jean-Michel\AppData\Roaming\SUPERAntiSpyware.com 2008-09-03 08:20:33 ----D---- C:\Program Files\SUPERAntiSpyware 2008-09-02 21:45:52 ----D---- C:\ProgramData\MsgCfg 2008-09-02 21:45:44 ----D---- C:\ProgramData\procapi 2008-09-02 21:34:46 ----D---- C:\Users\Jean-Michel\AppData\Roaming\Malwarebytes 2008-09-02 21:34:44 ----D---- C:\ProgramData\Malwarebytes 2008-09-02 21:34:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-02 20:18:50 ----A---- C:\Users\Jean-Michel\AppData\Roaming\SetValue.bat 2008-09-02 20:18:50 ----A---- C:\Users\Jean-Michel\AppData\Roaming\GetValue.vbs 2008-09-02 20:18:49 ----A---- C:\Windows\system32\tmp.txt 2008-09-02 20:18:43 ----A---- C:\rapport.txt 2008-09-02 20:17:29 ----A---- C:\Windows\ntbtlog.txt 2008-09-02 18:23:34 ----D---- C:\Program Files\Lavasoft 2008-09-02 18:23:33 ----D---- C:\ProgramData\Lavasoft 2008-09-02 08:10:43 ----D---- C:\ProgramData\lahkleti 2008-09-02 08:10:41 ----D---- C:\ProgramData\ShGenEn 2008-09-02 08:10:39 ----D---- C:\ProgramData\DscEnWeb 2008-08-26 12:31:27 ----A---- C:\Windows\system32\wups2.dll 2008-08-26 12:31:27 ----A---- C:\Windows\system32\wucltux.dll 2008-08-26 12:31:27 ----A---- C:\Windows\system32\wuaueng.dll 2008-08-26 12:31:27 ----A---- C:\Windows\system32\wuauclt.exe 2008-08-26 12:31:16 ----A---- C:\Windows\system32\wups.dll 2008-08-26 12:31:16 ----A---- C:\Windows\system32\wudriver.dll 2008-08-26 12:31:16 ----A---- C:\Windows\system32\wuapi.dll 2008-08-26 12:31:04 ----A---- C:\Windows\system32\wuwebv.dll 2008-08-26 12:31:04 ----A---- C:\Windows\system32\wuapp.exe 2008-08-14 19:43:16 ----A---- C:\Windows\system32\CmdLineExt.dll 2008-08-13 21:36:53 ----A---- C:\Windows\system32\tzres.dll 2008-08-13 19:01:44 ----A---- C:\Windows\system32\winipsec.dll 2008-08-13 19:01:44 ----A---- C:\Windows\system32\polstore.dll 2008-08-13 19:01:44 ----A---- C:\Windows\system32\IPSECSVC.DLL 2008-08-13 19:01:44 ----A---- C:\Windows\system32\FwRemoteSvr.dll 2008-08-13 19:00:41 ----A---- C:\Windows\system32\es.dll 2008-08-13 18:59:40 ----A---- C:\Windows\system32\mshtml.dll 2008-08-13 18:59:39 ----A---- C:\Windows\system32\wininet.dll 2008-08-13 18:59:39 ----A---- C:\Windows\system32\urlmon.dll 2008-08-13 18:59:39 ----A---- C:\Windows\system32\mstime.dll 2008-08-13 18:59:39 ----A---- C:\Windows\system32\mshtmled.dll 2008-08-13 18:59:39 ----A---- C:\Windows\system32\ieui.dll 2008-08-13 18:59:39 ----A---- C:\Windows\system32\iesetup.dll 2008-08-13 18:59:39 ----A---- C:\Windows\system32\iernonce.dll 2008-08-13 18:59:39 ----A---- C:\Windows\system32\ieframe.dll 2008-08-13 18:59:39 ----A---- C:\Windows\system32\ieapfltr.dll 2008-08-13 18:59:39 ----A---- C:\Windows\system32\ie4uinit.exe 2008-08-13 18:59:39 ----A---- C:\Windows\system32\dxtrans.dll 2008-08-13 18:59:39 ----A---- C:\Windows\system32\advpack.dll 2008-08-13 18:59:38 ----A---- C:\Windows\system32\pngfilt.dll 2008-08-13 18:59:38 ----A---- C:\Windows\system32\jsproxy.dll 2008-08-13 18:59:38 ----A---- C:\Windows\system32\ieUnatt.exe 2008-08-13 18:59:38 ----A---- C:\Windows\system32\icardie.dll 2008-08-13 18:59:38 ----A---- C:\Windows\system32\dxtmsft.dll 2008-08-13 18:57:26 ----A---- C:\Windows\system32\INETRES.dll 2008-08-13 18:57:26 ----A---- C:\Windows\system32\inetcomm.dll 2008-08-12 18:27:46 ----D---- C:\Program Files\Common Files\BioWare 2008-08-12 18:11:08 ----D---- C:\Program Files\Mass Effect 2008-08-06 10:56:42 ----D---- C:\divx 2008-08-04 19:57:54 ----D---- C:\Program Files\Black Isle 2008-07-31 23:49:14 ----D---- C:\Program Files\FLV Player 2008-07-28 21:59:07 ----D---- C:\Program Files\Personal Vault 2008-07-28 21:57:27 ----D---- C:\Program Files\Common Files\Authentium 2008-07-28 21:57:18 ----D---- C:\ProgramData\Raxco 2008-07-28 21:57:18 ----D---- C:\Program Files\Raxco 2008-07-28 21:57:08 ----D---- C:\Program Files\CA 2008-07-28 21:57:05 ----D---- C:\Program Files\Common Files\Scanner 2008-07-28 21:55:01 ----D---- C:\Users\Jean-Michel\AppData\Roaming\InstallShield 2008-07-25 04:36:00 ----A---- C:\Windows\system32\DivXsm.exe 2008-07-25 04:34:54 ----A---- C:\Windows\system32\dpl100.dll 2008-07-25 04:34:52 ----A---- C:\Windows\system32\dtu100.dll 2008-07-25 04:34:50 ----A---- C:\Windows\system32\dpuGUI10.dll 2008-07-25 04:34:46 ----A---- C:\Windows\system32\dpv11.dll 2008-07-25 04:34:46 ----A---- C:\Windows\system32\dpus11.dll 2008-07-25 04:34:46 ----A---- C:\Windows\system32\dpuGUI11.dll 2008-07-25 04:34:46 ----A---- C:\Windows\system32\dpu11.dll 2008-07-25 04:34:46 ----A---- C:\Windows\system32\dpu10.dll 2008-07-25 04:34:42 ----A---- C:\Windows\system32\divx_xx07.dll 2008-07-25 04:34:40 ----A---- C:\Windows\system32\divx_xx11.dll 2008-07-25 04:34:40 ----A---- C:\Windows\system32\divx_xx0c.dll 2008-07-25 04:34:40 ----A---- C:\Windows\system32\divx_xx0a.dll 2008-07-25 04:34:36 ----A---- C:\Windows\system32\DivX.dll 2008-07-25 04:34:30 ----A---- C:\Windows\system32\DivXCodecVersionChecker.exe 2008-07-23 12:50:52 ----A---- C:\Windows\system32\qt-dx331.dll 2008-07-23 12:48:40 ----A---- C:\Windows\system32\ssldivx.dll 2008-07-23 12:48:40 ----A---- C:\Windows\system32\libdivx.dll 2008-07-23 12:47:34 ----A---- C:\Windows\system32\dtu100.dll.manifest 2008-07-23 12:47:34 ----A---- C:\Windows\system32\dpl100.dll.manifest 2008-07-23 12:46:38 ----A---- C:\Windows\system32\DivXWMPExtType.dll 2008-07-17 14:07:44 ----A---- C:\Windows\system32\NlsLexicons0007.dll 2008-07-17 14:07:43 ----A---- C:\Windows\system32\NlsLexicons0009.dll 2008-07-17 14:07:37 ----A---- C:\Windows\system32\NlsData0009.dll 2008-07-17 14:07:36 ----A---- C:\Windows\system32\NlsData000d.dll 2008-07-17 14:07:36 ----A---- C:\Windows\system32\NlsData000c.dll 2008-07-17 14:07:36 ----A---- C:\Windows\system32\NlsData000a.dll 2008-07-17 14:07:36 ----A---- C:\Windows\system32\NaturalLanguage6.dll 2008-07-17 14:07:35 ----A---- C:\Windows\system32\NlsData0027.dll 2008-07-17 14:07:35 ----A---- C:\Windows\system32\NlsData0011.dll 2008-07-17 14:07:35 ----A---- C:\Windows\system32\NlsData0007.dll 2008-07-17 14:07:35 ----A---- C:\Windows\system32\NlsData0001.dll 2008-07-17 14:07:34 ----A---- C:\Windows\system32\NlsData003e.dll 2008-07-17 14:07:34 ----A---- C:\Windows\system32\NlsData002a.dll 2008-07-17 14:07:34 ----A---- C:\Windows\system32\NlsData0024.dll 2008-07-17 14:07:34 ----A---- C:\Windows\system32\NlsData0022.dll 2008-07-17 14:07:34 ----A---- C:\Windows\system32\NlsData0021.dll 2008-07-17 14:07:34 ----A---- C:\Windows\system32\NlsData001a.dll 2008-07-17 14:07:34 ----A---- C:\Windows\system32\NlsData0019.dll 2008-07-17 14:07:34 ----A---- C:\Windows\system32\NlsData0018.dll 2008-07-17 14:07:34 ----A---- C:\Windows\system32\NlsData000f.dll 2008-07-17 14:07:34 ----A---- C:\Windows\system32\NlsData0002.dll 2008-07-17 14:07:33 ----A---- C:\Windows\system32\NlsData0816.dll 2008-07-17 14:07:33 ----A---- C:\Windows\system32\NlsData0049.dll 2008-07-17 14:07:33 ----A---- C:\Windows\system32\NlsData0039.dll 2008-07-17 14:07:33 ----A---- C:\Windows\system32\NlsData0020.dll 2008-07-17 14:07:33 ----A---- C:\Windows\system32\NlsData001d.dll 2008-07-17 14:07:33 ----A---- C:\Windows\system32\NlsData0013.dll 2008-07-17 14:07:33 ----A---- C:\Windows\system32\NlsData0010.dll 2008-07-17 14:07:32 ----A---- C:\Windows\system32\NlsData0416.dll 2008-07-17 14:07:32 ----A---- C:\Windows\system32\NlsData0414.dll 2008-07-17 14:07:32 ----A---- C:\Windows\system32\NlsData0047.dll 2008-07-17 14:07:31 ----A---- C:\Windows\system32\NlsData0c1a.dll 2008-07-17 14:07:31 ----A---- C:\Windows\system32\NlsData081a.dll 2008-07-17 14:07:31 ----A---- C:\Windows\system32\NlsData004c.dll 2008-07-17 14:07:31 ----A---- C:\Windows\system32\NlsData004a.dll 2008-07-17 14:07:30 ----A---- C:\Windows\system32\NlsData0046.dll 2008-07-17 14:07:30 ----A---- C:\Windows\system32\NlsData0045.dll 2008-07-17 14:07:30 ----A---- C:\Windows\system32\NlsData001b.dll 2008-07-17 14:07:30 ----A---- C:\Windows\system32\NlsData0000.dll 2008-07-17 14:07:29 ----A---- C:\Windows\system32\NlsData004e.dll 2008-07-17 14:07:29 ----A---- C:\Windows\system32\NlsData004b.dll 2008-07-17 14:07:29 ----A---- C:\Windows\system32\NlsData0026.dll 2008-07-17 14:07:29 ----A---- C:\Windows\system32\NlsData0003.dll 2008-07-17 14:07:20 ----A---- C:\Windows\system32\NlsModels0011.dll 2008-07-17 14:07:20 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll 2008-07-17 14:07:19 ----A---- C:\Windows\system32\NlsLexicons081a.dll 2008-07-17 14:07:18 ----A---- C:\Windows\system32\NlsLexicons0816.dll 2008-07-17 14:07:18 ----A---- C:\Windows\system32\NlsLexicons0416.dll 2008-07-17 14:07:18 ----A---- C:\Windows\system32\NlsLexicons0414.dll 2008-07-17 14:07:17 ----A---- C:\Windows\system32\NlsLexicons004c.dll 2008-07-17 14:07:16 ----A---- C:\Windows\system32\NlsLexicons004a.dll 2008-07-17 14:07:16 ----A---- C:\Windows\system32\NlsLexicons003e.dll 2008-07-17 14:07:16 ----A---- C:\Windows\system32\NlsLexicons0027.dll 2008-07-17 14:07:15 ----A---- C:\Windows\system32\NlsLexicons0026.dll 2008-07-17 14:07:15 ----A---- C:\Windows\system32\NlsLexicons0024.dll 2008-07-17 14:07:15 ----A---- C:\Windows\system32\NlsLexicons0022.dll 2008-07-17 14:07:15 ----A---- C:\Windows\system32\NlsLexicons0021.dll 2008-07-17 14:07:14 ----A---- C:\Windows\system32\NlsLexicons001d.dll 2008-07-17 14:07:14 ----A---- C:\Windows\system32\NlsLexicons001b.dll 2008-07-17 14:07:14 ----A---- C:\Windows\system32\NlsLexicons001a.dll 2008-07-17 14:07:14 ----A---- C:\Windows\system32\NlsLexicons0019.dll 2008-07-17 14:07:14 ----A---- C:\Windows\system32\NlsLexicons0018.dll 2008-07-17 14:07:13 ----A---- C:\Windows\system32\NlsLexicons0013.dll 2008-07-17 14:07:13 ----A---- C:\Windows\system32\NlsLexicons0011.dll 2008-07-17 14:07:13 ----A---- C:\Windows\system32\NlsLexicons0010.dll 2008-07-17 14:07:13 ----A---- C:\Windows\system32\NlsLexicons000f.dll 2008-07-17 14:07:13 ----A---- C:\Windows\system32\NlsLexicons000c.dll 2008-07-17 14:07:12 ----A---- C:\Windows\system32\NlsLexicons004e.dll 2008-07-17 14:07:12 ----A---- C:\Windows\system32\NlsLexicons004b.dll 2008-07-17 14:07:12 ----A---- C:\Windows\system32\NlsLexicons0049.dll 2008-07-17 14:07:12 ----A---- C:\Windows\system32\NlsLexicons000a.dll 2008-07-17 14:07:12 ----A---- C:\Windows\system32\NlsLexicons0002.dll 2008-07-17 14:07:12 ----A---- C:\Windows\system32\NlsLexicons0001.dll 2008-07-17 14:07:11 ----A---- C:\Windows\system32\NlsLexicons0047.dll 2008-07-17 14:07:11 ----A---- C:\Windows\system32\NlsLexicons0046.dll 2008-07-17 14:07:11 ----A---- C:\Windows\system32\NlsLexicons0045.dll 2008-07-17 14:07:11 ----A---- C:\Windows\system32\NlsLexicons0039.dll 2008-07-17 14:07:11 ----A---- C:\Windows\system32\NlsLexicons002a.dll 2008-07-17 14:07:11 ----A---- C:\Windows\system32\NlsLexicons0020.dll 2008-07-17 14:07:11 ----A---- C:\Windows\system32\NlsLexicons000d.dll 2008-07-17 14:07:11 ----A---- C:\Windows\system32\NlsLexicons0003.dll 2008-07-09 22:50:51 ----D---- C:\Windows\system32\Adobe 2008-07-09 17:14:27 ----A---- C:\Windows\system32\shell32.dll 2008-06-14 05:00:25 ----A---- C:\Windows\system32\EncDec.dll 2008-06-14 05:00:24 ----A---- C:\Windows\system32\psisdecd.dll 2008-06-14 05:00:24 ----A---- C:\Windows\system32\mcmde.dll 2008-06-10 20:57:52 ----A---- C:\Windows\system32\wshrm.dll 2008-06-10 20:57:51 ----A---- C:\Windows\system32\quartz.dll List of drivers R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-08-19 8944] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-19 55024] R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2007-02-20 5632] R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2007-08-27 73288] R2 CSS DVP;Dynamic Virus Protection; C:\Windows\system32\DRIVERS\css-dvp.sys [2007-07-09 834448] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376] R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2008-07-18 36368] R2 tmxpflt;tmxpflt; C:\Windows\system32\drivers\TmXPFlt.sys [2008-07-18 205328] R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2008-07-18 1195448] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 3544064] R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584] R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384] R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864] R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-09-12 228224] R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624] R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-10-18 258048] R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2008-02-07 5632] R3 RPPKT;Radialpoint Filter (x86); C:\Windows\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384] R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-08-19 7408] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-12 326656] R3 tmcfw;Trend Micro Common Firewall Service; C:\Windows\system32\DRIVERS\TM_CFW.sys [2007-08-27 280392] R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968] R3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2006-11-02 31616] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856] S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2007-08-21 24064] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 3544064] S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2007-06-27 14552] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-01-15 30464] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys [] List of services R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-02 611664] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832] R2 AlertService;Intel® Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2007-06-27 223448] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-29 667648] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896] R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe [2007-07-09 177416] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936] R2 ISSM;Intel® Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2007-06-27 59096] R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2007-04-10 284176] R2 LicCtrlService;LicCtrl Service; C:\Windows\runservice.exe [2008-02-22 2560] R2 M1 Server;Intel® Viiv™ Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2007-06-27 268504] R2 MCLServiceATL;Intel® Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2007-06-27 157912] R2 NMSCore;Intel® NMSCore; C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656] R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2007-08-27 1471840] R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-03-02 407056] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 QualityManager;Intel® Quality Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 Remote UI Service;Intel® Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2007-06-27 446680] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544] R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-12 94208] R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-08-27 345432] R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-08-27 923216] R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-08-27 566872] R2 VaultClientUpgrade;Personal Vault Upgrade Service; C:\Program Files\Personal Vault\VaultClientUpgrade.exe [2008-03-07 53248] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016] R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104] R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016] S2 RP_FWS;Gestionnaire de sécurité Sympatico Coupe-feu; C:\Program Files\Bell\Gestionnaire de securite\Fws.exe [2008-03-10 303344] S3 DHTRACE;Intel® DHTrace Controller; C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-07 654848] S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-07 1838592] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-07 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-03-02 734736] S3 Radialpoint Security Services;Gestionnaire de sécurité Sympatico; C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe [2008-03-10 67824] S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-09-06 1010160] S3 RPSUpdaterR;Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico; C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe [2008-03-10 99568] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF-----------------

JMInterceptor

Sep 7 2008, 12:03 PM

Post #5

New Member

Posts: 7
OS: Windows Vista

RSIT info.txt :

info.txt logfile of random's system information tool 2008-09-07 14:01:20

Uninstall list

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
-->MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Of