XP shuts down at load screen

Solved/Closed
Ty - Mar 5, 2010 at 10:25 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Mar 13, 2010 at 05:46 AM
Hello,
I accidentally downloaded a virus. I know I'm stupid (an .exe file). Anyway, my computer immediately got the blue screen of death and shut down. Now whenever it tries to load, whenever it shows the XP logo, it blue screen of deaths and shuts down.
Fortunately, safe mode and safe mode with networking both work. So far, I've done a Spybot scan (found nothing), did a system restore, did an Ad-Aware scan (deleted a critical keylogger), and used CCleaner to clean the registry. Also, I went to my Prefetch folder in Windows, actually found the file which has been causing the havoc (because it was the same name of the file I downloaded) and deleted the .pf.
After all this, my computer still shows no sign of recovery! It made no difference. I don't want to lose everything and fresh install. Are there any other suggestions? I am writing this in safe mode now.

Thanks,

Tyler
Related:

11 responses

Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,163
Mar 12, 2010 at 06:29 AM
Hello Tyler,

You deleted some files, unfortunately, we ignore if they were essential to the system.

Here are my last recommendations, if the following do not bring your system to health, we will put it up for adoption or pension it off.

1. In case you deleted useful registry entries, open the Eusing Free registry cleaner and restore the 1829 errors.
2. Download and install CCleaner, this utility is less agressive for the registry. Run both the temp files cleaner and the registry cleaner. If you don't already have it:

https://www.ccleaner.com/

3. Download to your desktop ComboFix.

http://www.combofix.org/download.php

ComboFix is powerful!

Before you run ComboFix, you MUST, turn off or disconnect your modem, disable your antivirus, close all of your applications.

Run ComboFix and save the log.

4. Reboot your system in normal mode and take note if you have a healthy reboot. If as I hope and suspect you have a perfect reboot, the problem has been solved and we shall rejoice.

5. If all fails, you will need to insert your XP disk and boot in safe mode and choose the option to repair Windows.

Should you choose to accept this mission and that I am asked questions...

Good luck Tyler

This message will self destroy in 30 seconds.:))
3
You, sir, are a genius!

It worked! I did as you said with CCleaner, then I did ComboFix. It took a while and made me restart my computer, which worked fine, and then did some other stuff then worked. Unfortunately, I forgot to save the log and ComboFix somehow disappeared from my computer but it works!

I tried shutting down and turning it on. It loads normally, iTunes works, everything's great.

Thank you so much for your time, patience, and efforts.

With much gratitude,

Tyler
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,163
Mar 12, 2010 at 04:50 PM
Dear Tyler,

Make the trumpets sound, let the bells ring and the banners fly! Lets us rejoice for we have triumphed and slayed the evil virus.

Well Tyler this is really good news and thank you for letting me know. It was hard work for you and your patience paid off.

Now, you may defrag you system.

But the MOST IMPORTANT AT THIS TIME. Turn off your system restore and wait 30-45 seconds, turn it back on and create a new restore point. (PLEASE)

You may rerun Eusing free registry cleaner, but uncheck those item that are not obvious to you. Usually what ever is from MRU HK current user are safe.

Ensure you kept Panda and Windows updated and do not run more than one Internet Security System. I use F-Secure. While nobody else is listening, stay away from Symantec.

I really enjoyed working with you.

Good luck in the future.

Jules

P.S. What part of town are you living? Not that it matters, just curious.
1
Thanks! I will make sure to do all of that. I am just very happy that it's finally working. I live Dollard-Des-Ormeaux, where was it you lived?

Thanks again,

Tyler
0
Unfortunately I tried this. The restore restored but it had no effect. My computer still crashed. On a side note, deubgging mode seems to work fine. There is no perceivable difference but whenever I open iTunes, it will crash my entire computer and it's a pain to press F8, debugging mode, each time.

Any other suggestions?
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,163
Mar 9, 2010 at 11:09 AM
Hello Tyler

If you please, in order to prescribe the best poison recipe for this virus, which I suspect to be a worm, can you run a ZHP Diag scan and post the log here?

Here is the link to download ZHO Diag. The link is in French but once installed you can change the appkication to English by pressing on the yellow hard hat icon.

https://www.commentcamarche.net/download/telecharger-34066799-zhpdiag

We will find a way to full recovery.

Thank you

P.S. Are all of your drivers installed and working... I am asking because you mentioned I-Tune.
Also I Tune installs a DNS responder of the "Bonjour Service" sometimes responsible for opening ports
0
I posted a message already but I did not see it so I may as well post again (I guess it didn't come through).

Thanks for your help. I believe the iTunes problem is caused by me running my computer in debugging mode. I never had driver problems and iTunes worked perfectly fine before getting the virus.

Anyway, I did the scan (note that I also have a 1 TB LaCie external hard drive and my computer is slightly old). The French was fine as I'm from Montreal, Canada :D but here's the log (it's long):

Rapport de ZHPDiag v1.25.1285 par Nicolas Coolman
Run by User at 3/9/2010 4:18:31 PM
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
OPIE: Opera 10.10
OPIE: Opera 9.64
MFIE: Mozilla Firefox (3.6)

---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047.2 MB (54% free)
System drive C: has 21 GB (27%) free of 77 GB

---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 21 Go of 77 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 868 Go of 932 Go)
Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)


---\\ Running Processes
[MD5.519A35FD7E1BF9A6F5E698C907897C91] - (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
[MD5.644795F6985C740F5E36E9336B837D0B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[MD5.D3B42AAE91445328FEEF750EA3B4012D] - (.Panda Security, S.L. - Panda Cloud Antivirus.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
[MD5.07B9233D1B5554A7F3F05AA36755A8E9] - (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[MD5.73BB442A717B9BB0097C243374C14A3E] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.55D7A219AD8D0DB8980528944152A6FD] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
[MD5.8DC7685764B22DB97891012026FA7ED1] - (.Apple Inc. - iTunesHelper.) -- E:\Program Files\iTunes\iTunesHelper.exe
[MD5.C2444B96B191E83451C3E888D0A2DB71] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[MD5.5F1D5F88303D4A4DBC8E5F97BA967CC3] - (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
[MD5.D39DA5B7139B4B5147B3C6A94978B5AA] - (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[MD5.626A24ED1228580B9518C01930936DF9] - (.Google Inc. - Google Installer.) -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[MD5.AD4E7459833C2B6D20AA68572FE8AD2A] - (.Veoh Networks - Veoh Web Player Beta.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
[MD5.B410117F10C4796BF98A94450218ECA5] - (.Lee-Soft.com, Lee Matthew Chantrey - No comment.) -- C:\Program Files\ViGlance\ViGlance.exe
[MD5.3E930C641079443D4DE036167A69CAA2] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
[MD5.A9A65D1B9A21793F4C63E371EB8FCEB5] - (.Lee-Soft.com - No comment.) -- C:\Program Files\ViStart\ViStart.exe
[MD5.27C6D03BCDB8CFEB96B716F3D8BE3E18] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) -- C:\WINDOWS\system32\svchost.exe
[MD5.2486C8E3F14496341E90CF2AB8BC82ED] - (.Unknown owner - No comment.) -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
[MD5.AA3D68F26B2A27F660AFC46039B061A4] - (.Wireless Service - ANIWZCS2 Service Launcher.) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
[MD5.536FCD2CEC5161BFCC91CC21726B9DB2] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[MD5.3F56903E124E820AEECE6D471583C6C1] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[MD5.9F38FEB92D18468012543E1AFCF79BBC] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe
[MD5.9FEDD47EC395C894365C3FA50A50EF1B] - (.Matsushita Electric Industrial Co., Ltd. - Service of RAMAsst for Windows XP.) -- C:\WINDOWS\system32\DVDRAMSV.exe
[MD5.65DF52F5B8B6E9BBD183505225C37315] - (.Microsoft Corporation - Services and Controller app.) -- C:\WINDOWS\system32\services.exe
[MD5.626A24ED1228580B9518C01930936DF9] - (.Google Inc. - Google Installer.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.5467F1FF0AF264566740F67E8B810735] - (.Google - gusvc.) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[MD5.AA1757850F794F79DE5F3EB15C7A814E] - (.Unknown owner - No comment.) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
[MD5.D5687C8C02DF0EB4687B044A10DF5CB4] - (.AnchorFree Inc. - Hotspot Shield Helper Service.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
[MD5.890369AED0DDE1A98F09F7DC239CA2BD] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[MD5.1A383F027D4F282E954C5AE30E5BCE50] - (.Lavasoft - Ad-Aware Service Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
[MD5.6546A2C6710BAC946499D14F4AA07D47] - (.Panda Security, S.L. - Application Host Service.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
[MD5.934833B3CD462A6F8A96F64D024C8B20] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 175.1.) -- C:\WINDOWS\system32\nvsvc32.exe
[MD5.2D091A99624FB9E7EEF0A86D872EC0C3] - (.HP - PML Driver.) -- C:\WINDOWS\system32\HPZipm12.exe
[MD5.BF2466B3E18E970D8A976FB95FC1CA85] - (.Microsoft Corporation - LSA Shell (Export Version).) -- C:\WINDOWS\system32\lsass.exe
[MD5.4D05898896EC49CF663DDA61041AB096] - (.Unknown owner - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[MD5.7F8260BA2F62C010174431FBF5095DC4] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
[MD5.D8E14A61ACC1D4A6CD0D38AEBAC7FA3B] - (.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe


---\\ Plugin Opera Browser (P1)
P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation (written by Digital R - Npdsplay dll.) -- C:\Program Files\Opera\Program\Plugins\npdsplay.dll
P1 - OPN:Opera Plugin Navigator . (.1 mal 1 Software GmbH - Flatcast Producer Plugin 5.0.356.) -- C:\Program Files\Opera\Program\Plugins\NpFp501.dll
P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Opera\Program\Plugins\NPOFFICE.DLL
P1 - OPN:Opera Plugin Navigator . (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Opera\Program\Plugins\nppl3260.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin2.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin3.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin4.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin5.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin6.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin7.dll
P1 - OPN:Opera Plugin Navigator . (.RealNetworks, Inc. - 6.0.12.69.) -- C:\Program Files\Opera\Program\Plugins\nprpjplug.dll
P1 - OPN:Opera Plugin Navigator . (.Microsoft Corporation - DRM Store Netscape Plugin.) -- C:\Program Files\Opera\Program\Plugins\npwmsdrm.dll


---\\ Internet Explorer Start Page (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/


---\\ Internet Explorer Search Page (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=73960D15C3CC4942B0C871380AA65EA0{SUB_RFC1766}/srchasst/srchasst.htm


---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18876 (longhorn_ie8_gdr.091218-1700)) -- C:\WINDOWS\system32\ieframe.dll


---\\ Browser Helper Objects (O2)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} . (.Unknown owner - No comment.) -- (.not file.)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Unknown owner - No comment.) -- (.not file.)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} . (.AnchorFree Inc. - No comment.) -- C:\Program Files\Hotspot Shield\hssie\HssIE.dll


---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} . (.Veoh Networks Inc - Veoh Video Finder.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll


---\\ Auto loading programs from Registry (O4)
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [PSUNMain] . (.Panda Security, S.L. - Panda Cloud Antivirus.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [VeohPlugin] . (.Veoh Networks - Veoh Web Player Beta.) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
O4 - HKCU\..\Run: [ViGlance] . (.Lee-Soft.com, Lee Matthew Chantrey - No comment.) -- C:\Program Files\ViGlance\ViGlance.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ViStart] . (.Lee-Soft.com - No comment.) -- C:\Program Files\ViStart\ViStart.exe


---\\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: E&xport to Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~2\Office12\EXCEL.exe


---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Unknown owner - No comment.) -- C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.not file.) - (.not file.)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll


---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - (.Yahoo! Inc. - YInstHelper Module.) -- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7557F5AA-D486-401D-BE55-0163FA78B5B8} (SkyFex Expert Object) - (.not file.) - https:\\skyfex.com\download\SkyFexExpert.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F84E0B64-1E86-4640-8094-5B38CEB28C1E} (SkyFex Client Object) - (.not file.) - https:\\skyfex.com\download\SkyFexClient.cab


---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage Notifications.) -- C:\WINDOWS\System32\WgaLogon.dll


---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Systray shell service object.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll


---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll


---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) . (.Unknown owner - No comment.) - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) . (.Wireless Service - ANIWZCS2 Service Launcher.) - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - Apple Mobile Device Service.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service (DVD-RAM_Service) . (.Matsushita Electric Industrial Co., Ltd. - Service of RAMAsst for Windows XP.) - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Update Service (gupdate1c98585e10db9cc) (gupdate1c98585e10db9cc) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) . (.Unknown owner - No comment.) - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) . (.AnchorFree Inc. - Hotspot Shield Helper Service.) - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) . (.Lavasoft - Ad-Aware Service Application.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NanoServiceMain (NanoServiceMain) . (.Panda Security, S.L. - Application Host Service.) - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 175.1.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) . (.HP - PML Driver.) - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Unknown owner - RichVideo Module.) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe


---\\ Windows Active Desktop Components (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home


---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Google Software Updater.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2025429265-725345543-1003Core.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2025429265-725345543-1003UA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-2025429265-725345543-1003.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-2025429265-725345543-1003.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{85CA9758-07A6-4115-AC41-A853898FBE0C}.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\WGASetup.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job


---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Unknown owner - No comment.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: YInstStarterUpgrade Class - {0291E591-EA41-4c82-8106-3DC6CE7F7664} . (.Yahoo! Inc. - YInstHelper Module.) -- C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: Adobe Shockwave Director 11.0 - {233C1507-6A77-46A4-9443-F871F945D258} . (.Adobe Systems, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Adobe\Director\SwDir.dll
O40 - ASIC: YInstStarter Class - {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} . (.Yahoo! Inc. - YInstHelper Module.) -- C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: YSearchSetting2 Class - {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} . (.Yahoo! Inc. - YInstHelper Module.) -- C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Unknown owner - No comment.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (.Unknown owner - No comment.) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Unknown owner - No comment.) -- C:\WINDOWS\INF\wmp11.inf
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r22.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx


---\\ Drivers launched at startup (O41)
O41 - Driver: meiudf (meiudf) . (.Matsushita Electric Industrial Co.,Ltd. - DVD-RAM UDF File System Driver.) - C:\WINDOWS\system32\Drivers\meiudf.sys
O41 - Driver: PSINKNC (PSINKNC) . (.Panda Security, S.L. - PSINKNC Kernel Controller for XP32.) - C:\WINDOWS\system32\DRIVERS\psinknc.sys
O41 - Driver: AVG Free AVI Loader Driver x86 (AvgLdx86) . (.Unknown owner - No comment.) - C:\WINDOWS\system32\Drivers\avgldx86.sys
O41 - Driver: AVG Free On-access Scanner Minifilter Driver x86 (AvgMfx86) . (.Unknown owner - No comment.) - C:\WINDOWS\system32\Drivers\avgmfx86.sys


---\\ Software installed (O42)
O42 - Logiciel: 3DVIA player 4.1 - (.Virtools.)
O42 - Logiciel: ANIO Service - (.Unknown owner.)
O42 - Logiciel: ANIWZCS2 Service - (.Unknown owner.)
O42 - Logiciel: AVI to DVD Converter - (.ImTOO.)
O42 - Logiciel: Ad-Aware - (.Lavasoft.)
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..)
O42 - Logiciel: Adobe After Effects CS4 - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe After Effects CS4 Presets - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Anchor Service CS4 - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Asset Services CS3 - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Bridge Start Meeting - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Color Common Settings - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Common File Installer - (.Adobe System Incorporated.)
O42 - Logiciel: Adobe Device Central CS3 - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Dynamiclink Support - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe ExtendScript Toolkit 2 - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Help Center 2.0 - (.Adobe Systems.)
O42 - Logiciel: Adobe Help Viewer CS3 - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Linguistics CS3 - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Photoshop Elements 4.0 - (.Adobe Systems Inc..)
O42 - Logiciel: Adobe Premiere Elements 2.0 - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Premiere Elements 7.0 - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Premiere Elements 7.0 Templates - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Premiere Pro CS3 - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Premiere Pro CS3 Functional Content - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Premiere Pro CS3 Third Party Content - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..)
O42 - Logiciel: Adobe Type Support CS4 - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe Update Manager CS4 - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe XMP DVA Panels CS3 - (.Adobe Systems Incorporated.)
O42 - Logiciel: Adobe XMP Panels CS4 - (.Adobe Systems Incorporated.)
O42 - Logiciel: AdobeColorCommonSetRGB - (.Adobe Systems Incorporated.)
O42 - Logiciel: AnalogX AutoTune - (.Unknown owner.)
O42 - Logiciel: Apple Application Support - (.Apple Inc..)
O42 - Logiciel: Apple Software Update - (.Apple Inc..)
O42 - Logiciel: Audacity 1.2.6 - (.Unknown owner.)
O42 - Logiciel: Audacity 1.3.9 (Unicode) - (.Audacity Team.)
O42 - Logiciel: Avatar - (.Crew Creative.)
O42 - Logiciel: AviSynth 2.5 - (.Unknown owner.)
O42 - Logiciel: Bonjour - (.Apple Inc..)
O42 - Logiciel: CCleaner - (.Piriform.)
O42 - Logiciel: Cheat Engine 5.5 - (.Dark Byte.)
O42 - Logiciel: CoffeeCup Free DHTML Menu Builder - (.Unknown owner.)
O42 - Logiciel: EA Download Manager - (.Electronic Arts, Inc..)
O42 - Logiciel: Eureqa - (.Eureqa Software.)
O42 - Logiciel: Flatcast 5.0 - (.1 mal 1 Software GmbH.)
O42 - Logiciel: FoxyTunes for Firefox - (.Unknown owner.)
O42 - Logiciel: Game Maker 7.0 - (.Unknown owner.)
O42 - Logiciel: Google Earth - (.Google.)
O42 - Logiciel: Google Gmail Notifier - (.Google Inc..)
O42 - Logiciel: Google Updater - (.Google Inc..)
O42 - Logiciel: HP PSC & OfficeJet 4.7 - (.HP.)
O42 - Logiciel: Hotfix for Windows Internet Explorer 7 (KB947864) - (.Microsoft Corporation.)
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.)
O42 - Logiciel: Hotfix for Windows XP (KB979306) - (.Microsoft Corporation.)
O42 - Logiciel: Hotspot Shield 1.22 - (.Unknown owner.)
O42 - Logiciel: Java(TM) 6 Update 13 - (.Sun Microsystems, Inc..)
O42 - Logiciel: Java(TM) 6 Update 4 - (.Sun Microsystems, Inc..)
O42 - Logiciel: Java(TM) 6 Update 5 - (.Sun Microsystems, Inc..)
O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..)
O42 - Logiciel: K-Lite Mega Codec Pack 4.5.3 - (.Unknown owner.)
O42 - Logiciel: LibUSB-Win32-0.1.12.1 - (.LibUSB-Win32.)
O42 - Logiciel: LimeWire 5.4.6 - (.Lime Wire, LLC.)
O42 - Logiciel: MSN - (.Unknown owner.)
O42 - Logiciel: MSVCRT - (.Microsoft.)
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.)
O42 - Logiciel: MSXML 6 Service Pack 2 (KB973686) - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Unknown owner.)
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB953297) - (.Unknown owner.)
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.)
O42 - Logiciel: Microsoft Office Access MUI (English) 2007 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Office Click-to-Run 2010 (Beta) - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Office Excel MUI (English) 2007 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Office Home and Business 2010 (Beta) - English - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Office Live Add-in 1.3 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Office Outlook MUI (English) 2007 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Office PowerPoint MUI (English) 2007 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.)
O42 - Logiciel: Microsoft Office Publisher MUI (English) 2007 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Office Word MUI (English) 2007 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.)
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.)
O42 - Logiciel: Mozilla Firefox (3.6) - (.Mozilla.)
O42 - Logiciel: Musicnotes Software Suite 1.1 - (.Musicnotes Inc..)
O42 - Logiciel: MyDVD - (.Unknown owner.)
O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.)
O42 - Logiciel: Nero OEM - (.Unknown owner.)
O42 - Logiciel: Notepad++ - (.Unknown owner.)
O42 - Logiciel: Opera 10.10 - (.Opera Software ASA.)
O42 - Logiciel: Pack Vista Inspirat 2 1.0 - (.Bricomix.)
O42 - Logiciel: Panda Cloud Antivirus - (.Panda Security.)
O42 - Logiciel: Pixel Bender Toolkit - (.Adobe Systems Incorporated.)
O42 - Logiciel: Poke - (.Unknown owner.)
O42 - Logiciel: PowerCinema NE for Everio - (.Unknown owner.)
O42 - Logiciel: PowerDVD - (.Unknown owner.)
O42 - Logiciel: Pyware iPAS - (.Pygraphics.)
O42 - Logiciel: Qantas A380 Screensaver - (.Unknown owner.)
O42 - Logiciel: QuickFreedom 1.1.1 - (.Dancool999.)
O42 - Logiciel: QuickTime - (.Apple Inc..)
O42 - Logiciel: RealPlayer - (.RealNetworks.)
O42 - Logiciel: Recuva (remove only) - (.Unknown owner.)
O42 - Logiciel: SHOUTcast Source DSP 1.9.0 (remove only) - (.Unknown owner.)
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB938127) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB942615) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB944533) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB950759) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB953838) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB969897) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB971961) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB972260) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB974455) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB976325) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB978207) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB970430) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB971468) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB972270) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB973904) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB974318) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB974392) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB975560) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB975713) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB977165) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB977914) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB978037) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB978251) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB978262) - (.Microsoft Corporation.)
O42 - Logiciel: Security Update for Windows XP (KB978706) - (.Microsoft Corporation.)
O42 - Logiciel: SmartSound Quicktracks for Premiere - (.SmartSound Software Inc.)
O42 - Logiciel: SmartSound Quicktracks for Premiere Elements - (.SmartSound Software Inc.)
O42 - Logiciel: Songbird 1.0.0 (20081124) - (.Unknown owner.)
O42 - Logiciel: Songsmith - (.Microsoft Research.)
O42 - Logiciel: Sprint Now Saver - (.Unknown owner.)
O42 - Logiciel: SteadyHand - (.Unknown owner.)
O42 - Logiciel: StuffPlug 3 - (.iAvatars.com.)
O42 - Logiciel: Suite Shared Configuration CS4 - (.Adobe Systems Incorporated.)
O42 - Logiciel: System Requirements Lab - (.Unknown owner.)
O42 - Logiciel: Trapcode Shine Premiere Pro - (.Unknown owner.)
O42 - Logiciel: Tunatic - (.Unknown owner.)
O42 - Logiciel: Tweak UI - (.Unknown owner.)
O42 - Logiciel: UberIcon 1.0.4 - (.Punk Software.)
O42 - Logiciel: UltraMixer 2.3.6 - (.UltraMixer Digital Audio Solutions.)
O42 - Logiciel: Uninstall 1.0.0.1 - (.Unknown owner.)
O42 - Logiciel: Update for Windows Internet Explorer 8 (KB968220) - (.Microsoft Corporation.)
O42 - Logiciel: Update for Windows Internet Explorer 8 (KB976662) - (.Microsoft Corporation.)
O42 - Logiciel: Update for Windows Internet Explorer 8 (KB976749) - (.Microsoft Corporation.)
O42 - Logiciel: Update for Windows XP (KB955759) - (.Microsoft Corporation.)
O42 - Logiciel: Update for Windows XP (KB971737) - (.Microsoft Corporation.)
O42 - Logiciel: VIA Platform Device Manager - (.VIA Technologies, Inc..)
O42 - Logiciel: ViGlance - (.Lee-Soft.com.)
O42 - Logiciel: ViStart - (.Lee-Soft.com.)
O42 - Logiciel: WinRAR archiver - (.Unknown owner.)
O42 - Logiciel: Winamp - (.Nullsoft, Inc.)
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.)
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.)
O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.)
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.)
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.)
O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.)
O42 - Logiciel: Windows Live Sign-in Assistant - (.Microsoft Corporation.)
O42 - Logiciel: Windows Live Upload Tool - (.Microsoft Corporation.)
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.)
O42 - Logiciel: Windows Media Format 11 runtime - (.Unknown owner.)
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.)
O42 - Logiciel: Windows Media Player 11 - (.Unknown owner.)
O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.)
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.)
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.)
O42 - Logiciel: Yahoo! Install Manager - (.Unknown owner.)
O42 - Logiciel: Zune Desktop Theme - (.Microsoft Corporation.)
O42 - Logiciel: webcamXP Lite - (.moonware studio / darkwet.net.)


---\\ Contents of the Common Files folders (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\Absolute GIF Optimizer
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Ahead
O43 - CFD:Common File Directory ----D- C:\Program Files\AnalogX
O43 - CFD:Common File Directory ----D- C:\Program Files\ANI
O43 - CFD:Common File Directory ----D- C:\Program Files\AoA Audio Extractor
O43 - CFD:Common File Directory ----D- C:\Program Files\Apple Software Update
O43 - CFD:Common File Directory ----D- C:\Program Files\Audacity
O43 - CFD:Common File Directory ----D- C:\Program Files\Audacity 1.3 Beta (Unicode)
O43 - CFD:Common File Directory ----D- C:\Program Files\Avatar Desktop App
O43 - CFD:Common File Directory ----D- C:\Program Files\AVG
O43 - CFD:Common File Directory ----D- C:\Program Files\Avi2Dvd
O43 - CFD:Common File Directory ----D- C:\Program Files\AviSynth 2.5
O43 - CFD:Common File Directory ----D- C:\Program Files\Bonjour
O43 - CFD:Common File Directory ----D- C:\Program Files\Boris FX, Inc
O43 - CFD:Common File Directory ----D- C:\Program Files\CCleaner
O43 - CFD:Common File Directory ----D- C:\Program Files\Cheat Engine
O43 - CFD:Common File Directory ----D- C:\Program Files\CoffeeCup Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files
O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications
O43 - CFD:Common File Directory ----D- C:\Program Files\Cucusoft
O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink
O43 - CFD:Common File Directory ----D- C:\Program Files\CyberLink DVD Solution
O43 - CFD:Common File Directory ----D- C:\Program Files\D-Link
O43 - CFD:Common File Directory ----D- C:\Program Files\DreamRender
O43 - CFD:Common File Directory ----D- C:\Program Files\DVD-RAM
O43 - CFD:Common File Directory ----D- C:\Program Files\DVDCAM
O43 - CFD:Common File Directory ----D- C:\Program Files\DynaPel
O43 - CFD:Common File Directory ----D- C:\Program Files\Electronic Arts
O43 - CFD:Common File Directory ----D- C:\Program Files\Eureqa Software
O43 - CFD:Common File Directory ----D- C:\Program Files\EvilLyrics
O43 - CFD:Common File Directory ----D- C:\Program Files\FaceMorpher Lite
O43 - CFD:Common File Directory ----D- C:\Program Files\Game_Maker7
O43 - CFD:Common File Directory ----D- C:\Program Files\Google
O43 - CFD:Common File Directory ----D- C:\Program Files\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\Hotspot Shield
O43 - CFD:Common File Directory ----D- C:\Program Files\HP
O43 - CFD:Common File Directory ----D- C:\Program Files\iCall
O43 - CFD:Common File Directory ----D- C:\Program Files\ImTOO
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallJammer Registry
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\iPhone Configuration Utility
O43 - CFD:Common File Directory ----D- C:\Program Files\iPod
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD:Common File Directory ----D- C:\Program Files\Lavasoft
O43 - CFD:Common File Directory ----D- C:\Program Files\LibUSB-Win32
O43 - CFD:Common File Directory ----D- C:\Program Files\LimeWire
O43 - CFD:Common File Directory ----D- C:\Program Files\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft ActiveSync
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Application Virtualization Client
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD:Common File Directory ----D- C:\Program Files\microsoft frontpage
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office Outlook Connector
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio 8
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft WSE
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
O43 - CFD:Common File Directory ----D- C:\Program Files\Movie Maker
O43 - CFD:Common File Directory ----D- C:\Program Files\Mozilla Firefox
O43 - CFD:Common File Directory ----D- C:\Program Files\Mp3Tagger
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN
O43 - CFD:Common File Directory ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 6.0
O43 - CFD:Common File Directory ----D- C:\Program Files\mufin
O43 - CFD:Common File Directory ----D- C:\Program Files\Musicnotes
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\NewBlue
O43 - CFD:Common File Directory ----D- C:\Program Files\Notepad++
O43 - CFD:Common File Directory ----D- C:\Program Files\Online Services
O43 - CFD:Common File Directory ----D- C:\Program Files\OpenOffice.org 1.9.79
O43 - CFD:Common File Directory ----D- C:\Program Files\Opera
O43 - CFD:Common File Directory ----D- C:\Program Files\Opera 10.10 Beta
O43 - CFD:Common File Directory ---AD- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\Panasonic
O43 - CFD:Common File Directory ----D- C:\Program Files\Panda Security
O43 - CFD:Common File Directory ----D- C:\Program Files\PeerCast
O43 - CFD:Common File Directory ----D- C:\Program Files\Poke
O43 - CFD:Common File Directory ----D- C:\Program Files\Procaster
O43 - CFD:Common File Directory ----D- C:\Program Files\Project64 1.6
O43 - CFD:Common File Directory ----D- C:\Program Files\Pyware iPAS
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickFreedom
O43 - CFD:Common File Directory ----D- C:\Program Files\QuickTime
O43 - CFD:Common File Directory ----D- C:\Program Files\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Realtek
O43 - CFD:Common File Directory ----D- C:\Program Files\Recuva
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Safari
O43 - CFD:Common File Directory ----D- C:\Program Files\Screaming Bee
O43 - CFD:Common File Directory ----D- C:\Program Files\SHOUTcast
O43 - CFD:Common File Directory ----D- C:\Program Files\SmartSound Software
O43 - CFD:Common File Directory ----D- C:\Program Files\Songbird
O43 - CFD:Common File Directory ----D- C:\Program Files\Sonic
O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD:Common File Directory ----D- C:\Program Files\Stardock
O43 - CFD:Common File Directory ----D- C:\Program Files\StuffPlug3
O43 - CFD:Common File Directory ----D- C:\Program Files\SystemRequirementsLab
O43 - CFD:Common File Directory ----D- C:\Program Files\Trapcode
O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
O43 - CFD:Common File Directory ----D- C:\Program Files\Tunatic
O43 - CFD:Common File Directory ----D- C:\Program Files\UberIcon
O43 - CFD:Common File Directory ----D- C:\Program Files\ubroadcast player
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Uplink Demo
O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent
O43 - CFD:Common File Directory ----D- C:\Program Files\Veoh Networks
O43 - CFD:Common File Directory ----D- C:\Program Files\VIA
O43 - CFD:Common File Directory ----D- C:\Program Files\ViGlance
O43 - CFD:Common File Directory ----D- C:\Program Files\Virtools
O43 - CFD:Common File Directory ----D- C:\Program Files\ViStart
O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp
O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp Detect
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Desktop Search
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Connect 2
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\xerox
O43 - CFD:Common File Directory ----D- C:\Program Files\Yahoo!
O43 - CFD:Common File Directory --H-D- C:\Program Files\Zero G Registry
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe AIR
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Ahead
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Apple
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\AVSMedia
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\CNC
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Designer
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Download Manager
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DVDVideoSoft
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\L&H
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\LogiShrd
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Logitech
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Macrovision Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\MSSoap
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\NSV
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PACE Anti-Piracy
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Panasonic
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Real
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Symantec Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD:Common File Directory -SH-D- C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\xing shared


---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.1880E066EFBFAF75266270481B52DDDE] - 2/24/2010 - 6:21:55 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\TZLog.log
O44 - LFC:[MD5.C10BB68B414DD8BFD8D30438FE110290] - 2/27/2010 - 1:14:00 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\FNTCACHE.DAT
O44 - LFC:[MD5.4AD4539AB6E6A01576193AD78C18B239] - 2/27/2010 - 4:53:47 PM --HA- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\mlfcache.dat
O44 - LFC:[MD5.BE64243EC1F3B6EE84FEF78017A4D51E] - 3/1/2010 - 9:34:37 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\NeroDigital.ini
O44 - LFC:[MD5.13001EB0A58B4DE96126B16AB15FD8CC] - 3/4/2010 - 12:39:03 AM ---A- . (.Real Networks, Inc - Real Networks C/C++ Runtime Library.) -- C:\WINDOWS\System32\pncrt.dll
O44 - LFC:[MD5.33833B3EDA1B07EBD367FA9B38B23E60] - 3/4/2010 - 12:39:43 AM ---A- . (.RealNetworks, Inc. - 16 bit DirectX helper DLL.) -- C:\WINDOWS\System32\pndx5016.dll
O44 - LFC:[MD5.B74E422BC81236042529DC8A42A18423] - 3/4/2010 - 12:39:44 AM ---A- . (.RealNetworks, Inc. - 32 bit DirectX helper DLL.) -- C:\WINDOWS\System32\pndx5032.dll
O44 - LFC:[MD5.AB5A181962FCFAD41B32C1F6CCCD58F8] - 3/4/2010 - 12:39:50 AM ---A- . (.RealNetworks, Inc. - Real Player(tm) ActiveX Control.) -- C:\WINDOWS\System32\rmoc3260.dll
O44 - LFC:[MD5.8A8627FF21C7FF5B8ABD9D36BB82D60A] - 3/5/2010 - 11:45:43 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\d3d9caps.dat
O44 - LFC:[MD5.999AD012F63F3DC316B1593EF042FD50] - 3/6/2010 - 12:06:05 AM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\ntbtlog.txt
O44 - LFC:[MD5.00000000000000000000000000000000] - 3/6/2010 - 12:14:25 AM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\Sti_Trace.log
O44 - LFC:[MD5.00000000000000000000000000000000] - 3/8/2010 - 11:05:34 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\SchedLgU.Txt
O44 - LFC:[MD5.FFA02AFDDA21AAD2C6E15A6A2E8EE1D2] - 3/9/2010 - 4:00:01 PM ---A- . (.Unknown owner - No comment.) -- C:\aaw7boot.log
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 3/9/2010 - 4:00:05 PM -S-A- . (.Unknown owner - No comment.) -- C:\WINDOWS\bootstat.dat
O44 - LFC:[MD5.5DE8670353F689BF0ACDFB258DDD41CB] - 3/9/2010 - 4:00:07 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\wpa.dbl
O44 - LFC:[MD5.AEE9262F1C3766881DD8227B3EB46CBF] - 3/9/2010 - 4:00:20 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ANIWZCSUSERNAME{7FCAB66C-71DA-4286-827D-E7667515E8B0}
O44 - LFC:[MD5.00000000000000000000000000000000] - 3/9/2010 - 4:00:25 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\wiaservc.log
O44 - LFC:[MD5.00000000000000000000000000000000] - 3/9/2010 - 4:00:28 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\wiadebug.log
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/9/2010 - 4:01:05 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\0.log
O44 - LFC:[MD5.D6A16FC2392A6049B476A36DEF0AB066] - 3/9/2010 - 4:01:21 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\nvapps.xml
O44 - LFC:[MD5.00000000000000000000000000000000] - 3/9/2010 - 4:12:25 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\WindowsUpdate.log


---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll


---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Microsoft® Remote Desktop Help Session Manager.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\LimeWire\LimeWire.exe" [Enabled] .(.Lime Wire, LLC - LimeWire.) -- C:\Program Files\LimeWire\LimeWire.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Opera\Opera.exe" [Disabled] .(.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Opera.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Groove.) -- C:\Program Files\Microsoft Office\Office12\GROOVE.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office OneNote.) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Adobe\Adobe Premiere Elements 2.0\Adobe Premiere Elements.exe" [Enabled] .(.Unknown owner - No comment.) -- C:\Program Files\Adobe\Adobe Premiere Elements 2.0\Adobe Premiere Elements.exe
O47 - AAKE:Key Export SP - "C:\Program Files\PeerCast\PeerCast.exe" [Enabled] .(.Unknown owner - No comment.) -- C:\Program Files\PeerCast\PeerCast.exe
O47 - AAKE:Key Export SP - "C:\Program Files\SHOUTcast\sc_serv.exe" [Enabled] .(.Unknown owner - No comment.) (.not file.) -- C:\Program Files\SHOUTcast\sc_serv.exe
O47 - AAKE:Key Export SP - "..." [Enabled] .(.Unknown owner - No comment.) (.not file.) -- C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\YoYoGames\yoyo61.exe" [Enabled] .(.YoYo Games Ltd - YoYo Games Player.) (.not file.) -- C:\Documents and Settings\All Users\Application Data\YoYoGames\yoyo61.exe
O47 - AAKE:Key Export SP - "E:\Program Files\LimeWire\LimeWire.exe" [Enabled] .(.Unknown owner - No comment.) (.not file.) -- E:\Program Files\LimeWire\LimeWire.exe
O47 - AAKE:Key Export SP - "E:\Program Files\WebcamXP\wLite\wLite.exe" [Enabled] .(.Moonware / Darkwet - webcamXP.) (.not file.) -- E:\Program Files\WebcamXP\wLite\wLite.exe
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dplaysvr.exe" [Enabled] .(.Microsoft Corporation - Microsoft DirectPlay Helper.) (.not file.) -- C:\WINDOWS\system32\dplaysvr.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\User\Local Settings\Temp\Rar$EX00.594\WorldOfPong.exe" [Enabled] .(.Unknown owner - No comment.) (.not file.) -- C:\Documents and Settings\User\Local Settings\Temp\Rar$EX00.594\WorldOfPong.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Electronic Arts\EADM\Core.exe" [Enabled] .(.Electronic Arts - EA Download Manager.) (.not file.) -- C:\Program Files\Electronic Arts\EADM\Core.exe
O47 - AAKE:Key Export SP - "..." [Enabled] .(.Unknown owner - No comment.) (.not file.) -- C:\Documents and Settings\User\Local Settings\Temp\Rar$EX00.578\WW\Warp-World.exe
O47 - AAKE:Key Export SP - "C:\Program Files\iCall\iCall.exe" [Enabled] .(.Unknown owner - iCall Internet Phone.) (.not file.) -- C:\Program Files\iCall\iCall.exe
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dpvsetup.exe" [Enabled] .(.Microsoft Corporation - Microsoft DirectPlay Voice Test.) (.not file.) -- C:\WINDOWS\system32\dpvsetup.exe
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\rundll32.exe" [Enabled] .(.Unknown owner - No comment.) (.not file.) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\YoYoGames\yoyo70.exe" [Enabled] .(.YoYo Games Ltd - YoYo Games Player.) (.not file.) -- C:\Documents and Settings\All Users\Application Data\YoYoGames\yoyo70.exe
O47 - AAKE:Key Export SP - "E:\Program Files\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe" [Enabled] .(.Unknown owner - No comment.) (.not file.) -- E:\Program Files\Adobe\Adobe Premiere Pro CS3\Adobe Premiere Pro.exe
O47 - AAKE:Key Export SP - "..." [Enabled] .(.Unknown owner - No comment.) (.not file.) -- C:\Documents and Settings\User\Local Settings\Temp\gm_ttt_55704\Online Engine Server.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\User\Local Settings\Temp\gm_ttt_52843\Server.exe" [Enabled] .(.Unknown owner - No comment.) (.not file.) -- C:\Documents and Settings\User\Local Settings\Temp\gm_ttt_52843\Server.exe
O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe" [Enabled] .(.BitTorrent, Inc. - µTorrent.) (.not file.) -- C:\Program Files\uTorrent\uTorrent.exe
O47 - AAKE:Key Export SP - "C:\Program Files\avgupd.exe" [Enabled] .(.Unknown owner - No comment.) (.not file.) -- C:\Program Files\avgupd.exe
O47 - AAKE:Key Export SP - "C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe" [Enabled] .(.CyberLink Corp. - CyberLink PowerCinema Main Program.) (.not file.) -- C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe
O47 - AAKE:Key Export SP - "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [Enabled] .(.CyberLink Corp. - CyberLink PowerCinema Resident Program.) (.not file.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
O47 - AAKE:Key Export SP - "C:\Program Files\CyberLink\PowerDirector Express\PDX.exe" [Enabled] .(.CyberLink Corp. - PowerDirector.) (.not file.) -- C:\Program Files\CyberLink\PowerDirector Express\PDX.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Java\jre6\bin\java.exe" [Enabled] .(.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) (.not file.) -- C:\Program Files\Java\jre6\bin\java.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe" [Enabled] .(.Apple Inc. - Bonjour Service.) (.not file.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\User\Local Settings\Temp\Rar$EX00.609\WorldOfPong.exe" [Enabled] .(.Unknown owner - No comment.) (.not file.) -- C:\Documents and Settings\User\Local Settings\Temp\Rar$EX00.609\WorldOfPong.
0
I posted a message already but I did not see it so I may as well post again (I guess it didn't come through).

Thanks for your help. I believe the iTunes problem is caused by me running my computer in debugging mode. I never had driver problems and iTunes worked perfectly fine before getting the virus.

Anyway, I did the scan (note that I also have a 1 TB LaCie external hard drive and my computer is slightly old). The French was fine as I'm from Montreal, Canada :D but here's the log (it's long):

EDIT: It took too long to post so I just saved it as a .txt and put it here:

http://www.mediafire.com/?jwn2jjmknmk

Thanks again.
0

Didn't find the answer you are looking for?

Ask a question
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,163
Mar 9, 2010 at 05:21 PM
Hello Tyler,

I presently live in Shawinigan but I was born and lived in Montreal almost all of my life.

I looked over your log and could not spot the process that could prevent you from running Hyjackthis, however, I could write a long story on the reasons your system got infected so bad.

Let start with the smallest, the link Mediafire is infested with pop-ups of all kinds which may lead to malicious sites. I would not recommended to my worst ennemy for he may infect me back.

You also have Limewire and through my own experience and that of many, there are a lot of hackers who love to create and sow malware in files to download.

The worst is that your system is way over protected which leads to no protection at all.

You have or remnants there of Lavasoft (a very questionable software), Panda, Hotspot Shield, Symantec, AVG. If you are not running them, they are in the system and they are not compatible. It is a wonder your system, being so confused did not commit suicide.

With all due respect, I have some homework for which I recommend. Before applying any antimalware fix to your system, which may not work because of all this confusion, please delete all of your antivirus applications, or remnants thereof not only in the programme files but also from the registry. (Symantec is well known to leave "dong" all over the registry) except the main one which I think is Panda.

Next, please use the following tool to clean the registry, it is entirely free, gratis.

https://www.eusing.com/free_registry_cleaner/registry_cleaner.htm

It will no doubt find at least 100 errors, you may uncheck the items which you do not want to repair, but rest assure, Eusing always make a back-up.

The above is important to do in order for this last step to work.

Download Malwarebyte to your desktop:

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/

DO NOT RUN IT!

First, rename it to Explorer.exe (This is just to outwit any trojan that may in your system if any)

Install Malwarebyte and update it.

Plug in all of your removable disk, pendrive, etc. Request a FULL scan, have a beer, and watch a hockey game, because in your case I suspect the scan to last 2 hours.

Once the scan is over, see the results in the log and praise the Lord for small mercies and Kioskea. Defrag your disk.

Once you are sure the computer is cleaned and working normally, just to be on the safe side
•Turn off system restore and wait 30 seconds,
•Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

Please, I spent a long time on this, I would appreciate your feedback after you have completed your homework.

Good luck

P.S. This registry key has got to go, it is a sure sign of infection:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Unknown owner - No comment.) -- (.not file.)

(BHO = Browser Helper Object) From the sites you visited and downloaded from.
0
Thanks for so much for the response.

I did as asked. First after running the registry program, it discovered and repaired 1865 errors! Then I renamed the virus scanner explorer.exe and installed it. It took about 2 hours and found 10 Trojans and successfully deleted them all. At the end, it asked to fully remove them, I needed to do a system restart.

This is where the problem happened...

Previously, my computer would start as normal and then freeze at the loading bar of XP splash screen and restart. This time, after doing scans, it loads as if normals but it NEVER stops loading. It just keeps loading and loading (I left it for 30 minutes) and decided this was enough and restarted. I tried again and the same thing happened. Normally, it loads for ten seconds maximum, this time it was never ending!

So I had to rerun in debugging mode which loaded fine.

Any ideas?

Once again thanks so much for your help so far.
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,163
Mar 11, 2010 at 05:04 AM
Hello Ty,

Of course I have ideas! I'm from Mtl remember!

At least, we are beginning to ahead in the game and may win on the Trojans at the finish line.

It may be very useful for us to know the names of the trojans that were found.

Did you remove all of the extra antiviruses programmes I told you about?

Four things for today:

1. Remove Malwarebyte from your system as it may conflict with Panda.
2. Click on start/run/type chkdsk and click okay. See if check disk recovers files.
3. Try to stop unnecessary applications from loading at start-up and from running in the background. How, you may ask.

Download this small utility and run it, it is called Startuplite:
https://www.malwarebytes.com/mwb-download/

4. Defragment your disk.

After the above three, please inform me on the Win loading status

Finally, did you delete all of the 1825 registry errors without discrimination? I hope that you did not delete the back-up of the registry for we may need to recover some entries, we never know.

Cheers
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,163
Mar 11, 2010 at 12:47 PM
Hello Ty,

Me again, I forgot in my previous... We may be not rich, but ideas we have!

Patience is a vertu, but if your machine takes for ever to load, like more than 45 minutes, try in safe mode.

If it does boot but takes always as long, after you performed the tasks in my previous message, then we might be in the obligation to apply some horse medicine, the one I keep in safe locker.

If you really can't boot even in safe mode, try booting from your XP disk, which should give the option to repair.

Hope to hear from you soon.
0
Ok, this is interesting.

Firstly, I uninstalled Malaware and I did chkdsk, it found no problems but did delete some file. I'm not sure which it just sort of deleted it. I stopped any unnecessary programs from start up as well and tried restarting.

Just so you know, yesterday it loaded forever and after three times, I gave us and ran in debugging mode. Today, I ran straight into debugging mode to try this. So after I restarted for the first time, I prayed for the best, and...

It did the same as before! The loading bar froze right away, showed the blue screen of death, and crashed. How is this possible? I haven't touched or changed anything since last night. How can my computer magically regain the virus again?

On another note though, safe mode works fine.
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,163
Mar 11, 2010 at 05:08 PM
Hello Ty,

It is supper time, I have a visitor, let me think and I shall get back to you in the morning! It is a promise.

I shall furnish you with my horse medicine.

Thank you for your patience.

Jules
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,163
Mar 13, 2010 at 05:46 AM
Hello Ty,

I moved from downtown Mtl to Shawinigan last September. I had enough!

I just thought of another precaution for you.

Should you download files in the future, download on your desktop, or if you receive attachements, before opening it, give them this test. I suggest you keep the link in your favorite. It is very effective in detecting any virus, worm, trojan, adware, etc. It free! You only need to upload the file for complete analysis.

Here is the link:

https://www.virustotal.com/gui/

Take care

Jules
0