Windows xp Explorer problem [Solved/Closed]

Rob - Feb 2, 2012 at 04:21 AM - Latest reply: Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen
- Feb 10, 2012 at 04:26 PM
Hello,
I cleaned up my PC uninstalled unused programs and files.
Now every time I right click on my desktop it takes about 50-60 seconds before the menu appears. Suppose I select a shortcut to a word document and select open, it will then take a further minute to actually open the file. The same problem occurs if I browse windows with explorer. However if open word from the start menu and the document from recently opened file it is instantaneous. If I select open and try to browse for a different file it hangs for periods of about a minute, this is the same for all programs. Also a large number of files appear with blue text in explorer, indicating they have been compressed which I did not command.
I would greatly appreciate any advise on this matter.
See more 

36 replies

Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 2, 2012 at 05:29 AM
0
Thank you
Greetings Robert,

I suspect that your registry is somewhat clogged and that your harddisk is fragmented.

1. I suggest you download, install and run this totally free yet very efficient registry cleaner :

http://ccm.net/download/download-13339-eusing-free-registry-cleaner

You will probably find hundreds of errors. Delete them all. Have no fear the cleaner will make a back-up.

2. After the above, defragment your hardrive. The download section has a free defragmenting tool call Defraggler, which is faster than Windows'.

Let me know.
Hi Ambucias
Thanks for your help, I did as you suggested and found 1019 problems deleted them, ran the scan again found 3, deleted them, scanned a third time zero problems found.
I had already defragmented analyzed again, does not require defrag.
I still have the problem with explorer hanging.
Do you have further suggestions?
Thanks again for your help
regards

Rob
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 2, 2012 at 03:59 PM
0
Thank you
Hello Robert,

Lets check for a virus which I see as the only plausible cause left.

To help you and precribe a remedy, I must make a diagnostic and to do so, I require a system log.

1. Boot in safemode with networking.

2. Open this link and download ZHPDiag2 :

http://telechargement.zebulon.fr/telecharger-zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message. Also clicking on the "hardhat" icon allows to change the language.)

3. Save the file on your Desktop.

4. Double click on ZHPDiag.exe and follow the installation instructions.

the tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).

5. Double click on the short cut ZHPDiag on your Destktop.

6. Click on the Magnifying glass and run the analysys.

Wait for the tool to finished (maybe a long time)

7. Close ZHPDiag.


6. To transmit the report, click on this link :

http://www.speedyshare.com/

7. Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).

8. Select the file ZHPDiag.txt.

9. Click on "upload »

10. Copy the url and post it here

Best regards
Hi Ambucias

I have done as you advised!
Here is the upload link http://speedy.sh/vqPur/ZHPDiag.txt
The program didn't create all the links on the desktop, I had to run it from program files.
Thanks for your help

regards

Robert
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 3, 2012 at 03:39 PM
0
Thank you
Hi Robert,

I tried to get you log and I got the following message:

Due to some SPAM abuse, this file is not currently available. We appologize for inconvenience.

Do you know anything about the above?

I suggest you copy and paste the log here.

Regards
Hi Ambucias
I got the same message when I uploaded it to the site, I did not know why as I've had no contact.I continued with the upload and made a copy of the links then sent the link to you as requested.
Here is the log file.
I cannot paste it into the window!! Do I open it and paste the contents?

Regards
Robert
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 4, 2012 at 05:02 AM
0
Thank you
Yes paste the contents here. It's very long so that's why speedyshare is preferable.
I could not paste the entire contents I would be grateful for an alternative suggestion.
Thanks

Robert
I have uploaded the file again, hereis the link.
regards

Robert
http://speedy.sh/dtCMA/ZHPDiag.txt
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 4, 2012 at 06:00 AM
0
Thank you
Hi Robert

Speedyshare does'nt like you. You seem to be a nice guy and one of Her Majesty's loyal subject.

You could try pasting the second part of the log here (just from where you ended). Don't be alarm if you can see it straight away, I will fix it.

An alternative, if you wish is:

http://ccm.net/download/download-1703-hfs-http-file-server

I have never used it myself, but no risk, no gain.
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 4, 2012 at 06:31 AM
0
Thank you
Robert

Never mind! From the first part of the log I was able to tell that your system is indeed infected by Adware, a PUP infection which is called MetaStream, and http://w4s2.work4sure.com/c/ge/w4sgeen9.exe

(I suspect that Speedyshare filtered you log and did'nt like certain words such as "crucial.com".) Some people use speedyshare to spam or send viruses)

Your Viewpoint Media Player contains the infection and a virus will often devore your RAM.

Here is what I would like to do:

1. Download, install and run this tool:

http://ccm.net/download/download-35-ad-aware-2008-free

2. Download, install and run Malwarebyte which you can find on this site:

http://ccm.net/download/download-105-malwarebyt es-anti-malware

Ensure you make an update.

Boot your computer in safemode (if you can't don't worry)

Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.

If Malwarebyte restarts your system, launch it again to finish the Full scan.

When the scan is completed, delete all items found.

Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

Good luck and let know... see you in Tipperary
Hi Ambucias
Sorry I had an appointment, back now!
I have an FTP transfer folder I have put the log file in it.
If you still need it paste ftp.tainpottery.com in your browser
You will be prompted for a username:- pottery
and a password:- balintore

I will proceed with your instruction and let you know how I get on.
Thanks for help
regards

Rob
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 4, 2012 at 03:55 PM
0
Thank you
Greetings Rob,

I'm pretty sure that the tools I have given you will work. If you still experience difficulties after applying them, I will look at your log.

I hope that your appointment was crowned with success.

Please do let me know.

Cheers
Hi Ambucias

I have executed all the scans you advised and there are no viruses, the log for malware is in the ftp folder which I have given you the access information. Unfortunately the problem of opening files from desktop short cuts still remains. I am loath to try and repair windows from the installation CD, in the past it has never worked, not that I have had to on this machine.
Is there anything else you can suggest?

I greatly appreciate your assistance.

regards

Robert
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 6, 2012 at 05:33 AM
0
Thank you
Hi Rob,

Somehow I can't get to that file.

1. Would you please ensure that you have ZHP Fix, we will need it.

2. Please open the ZHP Diag log, make sure you copy the entire contents and paste it here in a reply.

Thanks
Rapport de ZHPDiag v1.28.315 par Nicolas Coolman, Update du 22/01/2012
Run by Tain Pottery 3 at 03/02/12 09:56:12
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Your version is update.


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

---\\ Windows Product Information
~ Langage: Anglais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ System Information
~ Processor: x86 Family 15 Model 3 Stepping 4, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 2046.1 MB (84% free)
System Restore: Activé (Enable)
System drive C: has 90 GB (60%) free of 149 GB

---\\ Logged in mode
~ Computer Name: 6LTS91J
~ User Name: Tain Pottery 3
~ All Users Names: Tain Pottery 3, SUPPORT_388945a0, HelpAssistant, Guest, ASPNET, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Tain Pottery 3\Application Data\
~ %Desktop% : C:\Documents and Settings\Tain Pottery 3\Desktop\
~ %Favorites% : C:\Documents and Settings\Tain Pottery 3\Favorites\
~ %LocalAppData% : C:\Documents and Settings\Tain Pottery 3\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Tain Pottery 3\Start Menu\
~ %Windir% : C:\windows\
~ %System% : C:\windows\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 90 Go of 149 Go)
D:\ CD-ROM drive (Not Inserted)
G:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Scan Security Center in 00mn 00s



---\\ Search Generic System Files
[MD5.12896823FB95BFB3DC9B46BCAEDC9923] - (.Microsoft Corporation - Windows Explorer.) (.14/04/08 - 00:12:19.) -- C:\windows\Explorer.exe [1033728]
[MD5.037B1E7798960E0420003D05BB577EE6] - (.Microsoft Corporation - Run a DLL as an App.) (.14/04/08 - 00:12:33.) -- C:\windows\system32\rundll32.exe [33280]
[MD5.552263502EA8C24D301A0C43FF90B3ED] - (.Microsoft Corporation - Internet Extensions for Win32.) (.04/11/11 - 19:20:51.) -- C:\windows\system32\wininet.dll [916992]
[MD5.ED0EF0A136DEC83DF69F04118870003E] - (.Microsoft Corporation - Windows NT Logon Application.) (.14/04/08 - 00:12:39.) -- C:\windows\system32\Winlogon.exe [507904]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/11 - 13:49:54.) -- C:\windows\system32\drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/08 - 19:40:30.) -- C:\windows\system32\drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/08 - 19:14:21.) -- C:\windows\system32\drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/08 - 19:40:46.) -- C:\windows\system32\drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/08 - 18:33:28.) -- C:\windows\system32\drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/08 - 17:36:06.) -- C:\windows\system32\drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) (.13/04/08 - 20:18:00.) -- C:\windows\system32\drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/08 - 19:40:58.) -- C:\windows\system32\drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/08 - 18:57:15.) -- C:\windows\system32\drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/08 - 19:19:42.) -- C:\windows\system32\drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/11 - 13:29:31.) -- C:\windows\system32\drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/08 - 19:21:00.) -- C:\windows\system32\drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/08 - 19:15:53.) -- C:\windows\system32\drivers\ntfs.sys [574976]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) (.13/04/08 - 19:40:10.) -- C:\windows\system32\drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/08 - 19:19:43.) -- C:\windows\system32\drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/08 - 19:32:52.) -- C:\windows\system32\drivers\rdpdr.sys [196224]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/08 - 19:40:28.) -- C:\windows\system32\drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.13/04/08 - 18:41:01.) -- C:\windows\system32\drivers\volsnap.sys [52352]
~ Scan Generic Processes in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 106/5161
~ Mes musiques (My Musics) : 124/320
~ Mes Favoris (My Favorites) : Non accessible (Not found)
~ Mes Documents (My Documents) : 316/8885
~ Mon Bureau (My Desktop) : 4/205
~ Menu demarrer (Programs) : 4/34
~ Scan Hidden Files in 00mn 18s



---\\ Running Processes
[MD5.67A8498C60CC77781A0A90216C87234B] - (...) -- C:\windows\system32\cs32desk.exe [41472] [PID.1948]
[MD5.CB02107DD98CEDFDD97E742C8C4C5C44] - (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files\Microsoft Office\Office10\WINWORD.EXE [10738448] [PID.1040]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE [638816] [PID.1188]
[MD5.F209365E10DAEDA9A084DC30A8096487] - (.Microsoft Corporation - Microsoft Agent Server.) -- C:\windows\msagent\AgentSvr.exe [256512] [PID.1628]
[MD5.7B2D61A81906852CE38A46D09EFEEE9D] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.1176]
~ Scan Processes Running in 00mn 01s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_30 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@viewpoint.com/VMP] - (.Unknown owner - MetaStream 3 Plugin r4.) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.5.0".) -- C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19165 (longhorn_ie8_gdr.111021-1715)) -- C:\WINDOWS\system32\ieframe.dll
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,cs32desk.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects (O2)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Orphean Key
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} . (.Sonic Solutions - Drive Letter Access Component.) -- C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} . (.F-Secure Corporation - Litmus.) -- C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
~ Scan BHO in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} . (...) -- (.not file.)
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} . (.F-Secure Corporation - Litmus.) -- C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll
O3 - Toolbar: (no name) - {1E796980-9CC5-11D1-A83F-00C04FC99D61} . (...) -- (.not file.)
~ Scan Toolbar in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [ATIPTA] . (.ATI Technologies, Inc. - ATI Desktop Control Panel.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - IAA Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
O4 - HKLM\..\Run: [zBrowser Launcher] . (.Logitech Inc. - iTouch Application.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] . (.Logitech Inc. - Logitech Launcher Application.) -- C:\WINDOWS\LOGI_MWX.exe
O4 - HKLM\..\Run: [dla] . (.Sonic Solutions - Drive Letter Access Component.) -- C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] . (.Sonic Solutions - Sonic Update Manager.) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
O4 - HKLM\..\Run: [DVDLauncher] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
O4 - HKLM\..\Run: [Disc Detector] . (.Creative Technology Ltd. - Disc Detector.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe
O4 - HKLM\..\Run: [RealTray] . (.RealNetworks, Inc. - RealPlayer.) -- C:\Program Files\Real\RealPlayer\realplay.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Computer, Inc. - No comment.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] . (.Acronis - Acronis True Image Monitor.) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] . (.Acronis - Monitor for Acronis True Image Backup Archi.) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [F-Secure Manager] . (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files\F-Secure Internet Security\Common\FSM32.exe
O4 - HKLM\..\Run: [F-Secure TNB] . (.F-Secure Corporation - TNBUtil.) -- C:\Program Files\F-Secure Internet Security\FSGUI\tnbutil.exe
O4 - HKLM\..\Run: [ToolBoxFX] . (.HP - HP ToolboxFX.) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 \s mqrt.dll
O4 - HKLM\..\Run: [CaddieSyncLauncher] . (.SkyHawke Inc. - CaddieSyncLauncher will determin if your C.) -- C:\Program Files\SkyGolf\SkyCaddie Desktop\CaddieSyncLauncher.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] . (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
O4 - HKCU\..\RunOnce: [CommCenter] . (.RVS Datentechnik GmbH, Munich - RVS CommCenter.) -- C:\Program Files\RVS\WCOM\SYSTEM\CCUI.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1644491937-583907252-725345543-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1644491937-583907252-725345543-1003\..\Run: [H/PC Connection Agent] . (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
O4 - HKUS\S-1-5-21-1644491937-583907252-725345543-1003\..\RunOnce: [CommCenter] . (.RVS Datentechnik GmbH, Munich - RVS CommCenter.) -- C:\Program Files\RVS\WCOM\SYSTEM\CCUI.exe
~ Scan Application in 00mn 00s



---\\ Other User Links (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Acronis True Image Home 11.0.lnk . (.Acronis.) -- C:\Program Files\Acronis\TrueImageHome\TrueImage.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Adobe Reader 9.lnk . (.Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Basic PAYE Tools.lnk . (.HM Revenue & Customs.) -- C:\Program Files\HMRC\payetools\bpt.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Express Shipper.lnk . (.TNT Post Group (Information Systems).) -- C:\Program Files\TNT\ExpressShipper\Programs\ExpBookU.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\F-Secure Internet Security 2011.lnk . (.F-Secure Corporation.) -- C:\Program Files\F-Secure Internet Security\FSGUI\fscuif.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\HMRC 2010.lnk . (.HM Revenue & Customs.) -- C:\Program Files\HMRC\Employer CD-ROM 2010\EmployerCDROM.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\MBRCheck.lnk . (...) -- C:\Program Files\ZHPDiag\mbrcheck.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\RVS-COM Plus.lnk . (...) -- C:\Documents and Settings\All Users\Start Menu\Programs\RVS-COM Plus
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Sage 50 Accounts 2010.lnk . (...) -- C:\Program Files\Common Files\Sage SBD\SBDDesktop.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\ZHPDiag.lnk . (.Nicolas Coolman.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\ZHPFix.lnk . (.Nicolas Coolman.) -- C:\Program Files\ZHPDiag\ZHPFix.exe
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\CaddieSync.lnk . (.Skyhawke Technologies.) -- C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Eusing Free Registry Cleaner.lnk . (...) -- C:\Program Files\Eusing Free Registry Cleaner\Regcleaner.exe
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Internet Explorer (2).lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Microsoft Outlook (2).lnk . (...) -- C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Public - Shortcut (2).lnk . (...) -- \\Alexpc\public
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Remote Desktop Connection (2).lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\mstsc.exe
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to ACTINIC Box Label.doc.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\ACTINIC Box Label.doc
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to Box Label.doc.lnk . (...) -- \\6LTS91J\My Documents\Box Label.doc
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to C.A.P.S. EMAIL.doc.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\CAPS EMAILS\C.A.P.S. EMAIL.doc
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to C5 Env all enqs.doc.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\C5 Env all enqs.doc
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to CAPS EMAILS.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\CAPS EMAILS
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to CAPS Shipping Record.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\CAPS Shipping Record.xls
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to DELL 2.5 (861wq0j).lnk - Orphean Key
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to Key 2011.psd.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\Adobe\Product key\Key 2011.psd
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to Letterhead 2004.ai.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\Signatures & Letterhead\Letterhead 2004.ai
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to Main (Alexpc).lnk - Orphean Key
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to PAYE TIMEWARE5.ofm.lnk . (...) -- \\861wq0j\C\OFISFORM\FORMSLIB\PAYE TIMEWARE5.ofm (.not file.)
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to PDF's.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\PDF's
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to TILL.lnk . (...) -- \\Alexpc\FINANCIAL\Sales\Shop\TILL
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to timeware 5.exe.lnk . (.Copyright (c) 1989 - 2003 timeware Ltd.) -- C:\Program Files\NMD\timeware 5\timeware 5.exe
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to Timeware Manuals.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\Timeware Manuals
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Acronis True Image Home 11.0.lnk . (.Acronis.) -- C:\Program Files\Acronis\TrueImageHome\TrueImage.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Adobe Reader 9.lnk . (.Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Basic PAYE Tools.lnk . (.HM Revenue & Customs.) -- C:\Program Files\HMRC\payetools\bpt.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Express Shipper.lnk . (.TNT Post Group (Information Systems).) -- C:\Program Files\TNT\ExpressShipper\Programs\ExpBookU.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\F-Secure Internet Security 2011.lnk . (.F-Secure Corporation.) -- C:\Program Files\F-Secure Internet Security\FSGUI\fscuif.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\HMRC 2010.lnk . (.HM Revenue & Customs.) -- C:\Program Files\HMRC\Employer CD-ROM 2010\EmployerCDROM.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\MBRCheck.lnk . (...) -- C:\Program Files\ZHPDiag\mbrcheck.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\RVS-COM Plus.lnk . (...) -- C:\Documents and Settings\All Users\Start Menu\Programs\RVS-COM Plus
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Sage 50 Accounts 2010.lnk . (...) -- C:\Program Files\Common Files\Sage SBD\SBDDesktop.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\ZHPDiag.lnk . (.Nicolas Coolman.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\ZHPFix.lnk . (.Nicolas Coolman.) -- C:\Program Files\ZHPDiag\ZHPFix.exe
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\CaddieSync.lnk . (.Skyhawke Technologies.) -- C:\Program Files\SkyGolf\SkyCaddie Desktop\SkyCaddieDesktop.exe
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Eusing Free Registry Cleaner.lnk . (...) -- C:\Program Files\Eusing Free Registry Cleaner\Regcleaner.exe
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Internet Explorer (2).lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Microsoft Outlook (2).lnk . (...) -- C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Public - Shortcut (2).lnk . (...) -- \\Alexpc\public
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Remote Desktop Connection (2).lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\mstsc.exe
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to ACTINIC Box Label.doc.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\ACTINIC Box Label.doc
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to Box Label.doc.lnk . (...) -- \\6LTS91J\My Documents\Box Label.doc
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to C.A.P.S. EMAIL.doc.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\CAPS EMAILS\C.A.P.S. EMAIL.doc
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to C5 Env all enqs.doc.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\C5 Env all enqs.doc
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to CAPS EMAILS.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\CAPS EMAILS
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to CAPS Shipping Record.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\CAPS Shipping Record.xls
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to DELL 2.5 (861wq0j).lnk - Orphean Key
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to Key 2011.psd.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\Adobe\Product key\Key 2011.psd
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to Letterhead 2004.ai.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\Signatures & Letterhead\Letterhead 2004.ai
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to Main (Alexpc).lnk - Orphean Key
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to PAYE TIMEWARE5.ofm.lnk . (...) -- \\861wq0j\C\OFISFORM\FORMSLIB\PAYE TIMEWARE5.ofm (.not file.)
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to PDF's.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\PDF's
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to TILL.lnk . (...) -- \\Alexpc\FINANCIAL\Sales\Shop\TILL
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to timeware 5.exe.lnk . (.Copyright (c) 1989 - 2003 timeware Ltd.) -- C:\Program Files\NMD\timeware 5\timeware 5.exe
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to Timeware Manuals.lnk . (...) -- C:\Documents and Settings\Tain Pottery 3\My Documents\Timeware Manuals
~ Scan Global Startup in 00mn 26s



---\\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: &AOL Toolbar search - (.not file.) - C:\Program Files\AOL Toolbar\toolbar.dll
O8 - Extra context menu item: E&xport to Microsoft Excel . (.Microsoft Corporation - Microsoft Excel.) -- C:\Program Files\MICROS~2\Office10\EXCEL.exe
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - ActiveSync Favorite Synchronization.) -- C:\Program Files\MICROS~3\INetRepl.dll
O9 - Extra button: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - ActiveSync Favorite Synchronization.) -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} . (.Microsoft Corporation - ActiveSync Favorite Synchronization.) -- C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AOL Toolbar - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} . (...) -- C:\Program Files\Real\RealPlayer\eb_act.ico
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\Program Files\Real\RealPlayer\eb_act.ico
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\WINDOWS\system32\mswsock.dll
~ Scan Winsock in 00mn 00s



---\\ Internet Explorer Plugins (O12)
O12 - Plugin for .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
~ Scan IE Extra Buttons in 00mn 00s



---\\ 'Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ Scan IE Paramètres WEB in 00mn 00s



---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} () - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} () - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Scan Objets ActiveX in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB8B9CA-AE67-4F8D-8BA8-8146658881ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB8B9CA-AE67-4F8D-8BA8-8146658881ED}: DhcpDomain = gateway.2wire.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FB8B9CA-AE67-4F8D-8BA8-8146658881ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FB8B9CA-AE67-4F8D-8BA8-8146658881ED}: DhcpDomain = gateway.2wire.net
O17 - HKLM\System\CS3\Services\Tcpip\..\{4FB8B9CA-AE67-4F8D-8BA8-8146658881ED}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{4FB8B9CA-AE67-4F8D-8BA8-8146658881ED}: DhcpDomain = gateway.2wire.net
~ Scan Domain in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} . (.Microsoft Corporation - Microsoft SharePoint Portal Server Object M.) -- C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} . (...) --
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\system32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} . (.Microsoft Corporation - Microsoft Office XP Web Components.) -- C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\shell32.dll
~ Scan Protocole Additionnel in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\windows\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\windows\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\windows\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\windows\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\windows\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\windows\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\windows\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\windows\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\windows\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage Notifications.) -- C:\windows\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\windows\system32\wlnotify.dll
~ Scan Winlogon in 00mn 00s



---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\windows\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\windows\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Systray shell service object.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - UPNP Tray Monitor and Folder.) -- C:\WINDOWS\system32\upnpui.dll
~ Scan SSODL in 00mn 00s



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\windows\system32\browseui.dll
~ Scan STS/SSO in 00mn 00s



---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) . (.Acronis - Acronis Scheduler 2.) - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: (Ati HotKey Poller) . (...) - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) . (.Unknown owner - ATI Smart.) - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access (Creative Service for CDROM Access) . (.Creative Technology Ltd - Creative Service for CDROM Access.) - C:\WINDOWS\system32\Ctsvccda.exe
O23 - Service: Crypkey License (Crypkey License) . (.Kenonic Controls Ltd. - CrypKey NT Service.) - C:\windows\system32\crypserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) . (.F-Secure Corporation - F-Secure Anti-Virus Scanning Service.) - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FSMA (FSMA) . (.F-Secure Corporation - F-Secure Management Agent.) - C:\Program Files\F-Secure Internet Security\Common\FSMA32.exe
O23 - Service: IAA Event Monitor (IAANTMon) . (.Intel Corporation - Intel Application Accelerator RAID Monitor.) - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RVS CommCenter (RvsCC) . (.RVS Datentechnik GmbH, Munich - RVS Comm Center.) - C:\Program Files\RVS\WCOM\SYSTEM\RVSCC.exe
O23 - Service: RVS Installer (RVSINST) . (.RVS Datentechnik GmbH, Munich - RVS Installer Service.) - C:\Program Files\RVS\WCOM\SYSTEM\RVSINST.exe
O23 - Service: Sage SData Service (Sage SData Service) . (.Sage (UK) Limited - Sage SData Service.) - C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) . (...) - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
~ Scan Services in 00mn 00s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Word.) - C:\Program Files\Microsoft Office\Office10\WINWORD.exe
~ Scan Desktop Component in 00mn 00s



---\\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ Scan Keys in 00mn 00s



---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task - C:\windows\Tasks\run timeware.job
O39 - APT:Automatic Planified Task - C:\windows\Tasks\Scheduled scanning task.job
O39 - APT:Automatic Planified Task - C:\windows\Tasks\SpeedMaxPc Registration3.job
O39 - APT:Automatic Planified Task - C:\windows\Tasks\SpeedMaxPc Update3.job
O39 - APT:Automatic Planified Task - C:\windows\Tasks\Timeware backup.job
O39 - APT:Automatic Planified Task - C:\windows\Tasks\TNT.job
~ Scan Scheduled Task in 00mn 13s



---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Internet Explorer Version Update - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} . (.Microsoft Corporation - IE Per User Active Setup Uninstall Utility.) -- C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Microsoft Windows Media Player Setup Utility.) -- C:\WINDOWS\inf\unregmp2.exe
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\windows\system32\ie4uinit.exe.mui
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - IEAK branding.) -- C:\windows\system32\iedkcs32.dll
O40 - ASIC: Viewpoint Media Player - {03F998B2-0E00-11D3-A498-00104B6EB52E} . (.Viewpoint Corporation - Viewpoint Media Player for Internet Explorer.) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: Viewpoint Media Player - {1B00725B-C455-4DE6-BFB6-AD540AD427CD} . (.Viewpoint Corporation - Viewpoint Media Player for Internet Explorer.) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (...) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (...) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Microsoft Internet Explorer FTP Folder Shell Extension.) -- C:\WINDOWS\system32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (...) -- C:\WINDOWS\INF\wmp10.inf
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\windows\system32\ie4uinit.exe.mui
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- c:\windows\system32\mscories.dll
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 11.1 r102.) -- C:\WINDOWS\system32\Macromed\Flash\Flash11e.ocx
~ Scan Active Setup in 00mn 00s



---\\ Drivers launched at startup (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\windows\system32\drivers\afd.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\windows\system32\DRIVERS\cdrom.sys
O41 - Driver: (F-Secure HIPS) . (.F-Secure Corporation - HIPS 32-bit kernel module.) - C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - i8042 Port Driver.) - C:\windows\system32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\windows\system32\DRIVERS\imapi.sys
O41 - Driver: (intelppm) . (.Microsoft Corporation - Processor Device Driver.) - C:\windows\system32\DRIVERS\intelppm.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\windows\system32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Keyboard Class Driver.) - C:\windows\system32\DRIVERS\kbdclass.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Mouse Class Driver.) - C:\windows\system32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\windows\system32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\windows\system32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\windows\system32\DRIVERS\netbt.sys
O41 - Driver: (NetworkX) . (...) - C:\windows\system32\ckldrv.sys
O41 - Driver: (OMCI) . (.Dell Computer Corporation - OMCI Device Driver.) - C:\windows\sysTEM32\DRIVERS\OMCI.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\windows\system32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\windows\system32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Redbook Audio Filter Driver.) - C:\windows\system32\DRIVERS\redbook.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Serial Device Driver.) - C:\windows\system32\DRIVERS\serial.sys
O41 - Driver: (sscdbhk5) . (.Sonic Solutions - Shared Driver Component.) - C:\windows\system32\drivers\sscdbhk5.sys
O41 - Driver: (ssrtln) . (.Sonic Solutions - Shared Driver Component.) - C:\windows\system32\drivers\ssrtln.sys
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\windows\system32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\windows\system32\DRIVERS\termdd.sys
O41 - Driver: VGA Display Controller. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\windows\system32\drivers\vga.sys
~ Scan Drivers in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {2614F54E-A828-49FA-93BA-45A3F756BFAA}
O42 - Logiciel: ATI - Software Uninstall Utility - (.Unknown owner.) [HKLM] -- All ATI Software
O42 - Logiciel: ATI Control Panel - (.Unknown owner.) [HKLM] -- {0BEDBD4E-2D34-47B5-9973-57E62B29307C}
O42 - Logiciel: ATI Display Driver - (.Unknown owner.) [HKLM] -- ATI Display Driver
O42 - Logiciel: Acronis True Image Home - (.Acronis.) [HKLM] -- {E5343B27-55DF-40BD-9FCF-A643C1331E8A}
O42 - Logiciel: Actinic v9 - (.Actinic Software Ltd.) [HKLM] -- Actinic Catalog v9
O42 - Logiciel: Adobe Acrobat 5.0 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Acrobat 5.0
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Illustrator 9.0.1 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Illustrator 9.0.1
O42 - Logiciel: Adobe Photoshop 6.0 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Photoshop 6.0
O42 - Logiciel: Adobe Product/Adobe Studio Update 10/2001 - (.Unknown owner.) [HKLM] -- {73006B34-9743-4A39-AC37-38EDFCEB6DCE}
O42 - Logiciel: Adobe Reader 9.5.0 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-A95000000001}
O42 - Logiciel: Avery DesignPro - (.Unknown owner.) [HKLM] -- {2CC982C0-7EAE-11D4-ACC3-0050568AD318}
O42 - Logiciel: Basic PAYE Tools - (.HM Revenue & Customs.) [HKLM] -- Basic PAYE Tools
O42 - Logiciel: Broadcom Advanced Control Suite 2 - (.Broadcom.) [HKLM] -- InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}
O42 - Logiciel: Broadcom Gigabit Integrated Controller - (.Broadcom.) [HKLM] -- InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}
O42 - Logiciel: CP2101 USB to UART Bridge Controller - (.Unknown owner.) [HKLM] -- SLABCOMM
O42 - Logiciel: Compatibility Pack for the 2007 Office system - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-0409-0000-0000000FF1CE}
O42 - Logiciel: Dell ResourceCD - (.Unknown owner.) [HKLM] -- {D78653C3-A8FF-415F-92E6-D774E634FF2D}
O42 - Logiciel: Eusing Free Registry Cleaner - (.Unknown owner.) [HKLM] -- Eusing Free Registry Cleaner
O42 - Logiciel: ExpressShipper - (.Unknown owner.) [HKLM] -- {6243B230-C0BD-11D6-8D2B-0010A4EC891F}
O42 - Logiciel: F-Secure Internet Security 2011 - (.Unknown owner.) [HKLM] -- F-Secure Product 444
O42 - Logiciel: F-Secure PSC Prerequisites - (.F-Secure Corporation.) [HKLM] -- {B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
O42 - Logiciel: HMRC Employer CD-ROM 2009 - (.HMRC.) [HKLM] -- HMRC Employer CD-ROM 2009
O42 - Logiciel: HMRC Employer CD-ROM 2010 - Updated Edition 2.1.2 - (.HM Revenue & Customs.) [HKLM] -- HMRC Employer CD-ROM 2010
O42 - Logiciel: HP Customer Participation Program 9.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP LaserJet M1522 MFP Series 3.0 - (.HP.) [HKLM] -- {C8A37F1F-E13B-48ae-93F8-4669264969F9}
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {787D1A33-A97B-4245-87C0-7174609A540C}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows XP (KB2158563) - (.Microsoft Corporation.) [HKLM] -- KB2158563
O42 - Logiciel: Hotfix for Windows XP (KB2443685) - (.Microsoft Corporation.) [HKLM] -- KB2443685
O42 - Logiciel: Hotfix for Windows XP (KB2570791) - (.Microsoft Corporation.) [HKLM] -- KB2570791
O42 - Logiciel: Hotfix for Windows XP (KB2633952) - (.Microsoft Corporation.) [HKLM] -- KB2633952
O42 - Logiciel: Hotfix for Windows XP (KB952287) - (.Microsoft Corporation.) [HKLM] -- KB952287
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB961118) - (.Microsoft Corporation.) [HKLM] -- KB961118
O42 - Logiciel: Hotfix for Windows XP (KB970653-v3) - (.Microsoft Corporation.) [HKLM] -- KB970653-v3
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: Hotfix for Windows XP (KB976098-v2) - (.Microsoft Corporation.) [HKLM] -- KB976098-v2
O42 - Logiciel: Hotfix for Windows XP (KB979306) - (.Microsoft Corporation.) [HKLM] -- KB979306
O42 - Logiciel: Hotfix for Windows XP (KB981793) - (.Microsoft Corporation.) [HKLM] -- KB981793
O42 - Logiciel: ImgBurn - (.LIGHTNING UK!.) [HKLM] -- ImgBurn
O42 - Logiciel: Intel Application Accelerator - (.Unknown owner.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 10 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150100}
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 11 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150110}
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 6 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150060}
O42 - Logiciel: J2SE Runtime Environment 5.0 Update 9 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0150090}
O42 - Logiciel: Java 2 Runtime Environment, SE v1.4.2_03 - (.Sun Microsystems, Inc..) [HKLM] -- {7148F0A8-6813-11D6-A77B-00B0D0142030}
O42 - Logiciel: Java(TM) 6 Update 2 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160020}
O42 - Logiciel: Java(TM) 6 Update 3 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160030}
O42 - Logiciel: Java(TM) 6 Update 30 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216012FF}
O42 - Logiciel: Java(TM) 6 Update 5 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160050}
O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070}
O42 - Logiciel: Java(TM) SE Runtime Environment 6 Update 1 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160010}
O42 - Logiciel: L&H TTS3000 British English - (.Unknown owner.) [HKLM] -- LHTTSENG
O42 - Logiciel: Learn2 Player (Uninstall Only) - (.Unknown owner.) [HKLM] -- StreetPlugin
O42 - Logiciel: Lernout & Hauspie TruVoice American English TTS Engine - (.Unknown owner.) [HKLM] -- tv_enua
O42 - Logiciel: Logitech Desktop Messenger - (.Unknown owner.) [HKLM] -- {900B1197-53F5-4F46-A882-2CFFFE2EEDCB}
O42 - Logiciel: Logitech MouseWare 9.75 - (.Unknown owner.) [HKLM] -- {5809E7CF-4DCF-11D4-9875-00105ACE7734}
O42 - Logiciel: Logitech Resource Center - (.Unknown owner.) [HKLM] -- Logitech Resource Center
O42 - Logiciel: Logitech iTouch Software - (.Unknown owner.) [HKLM] -- {036AA4D4-6D32-11D4-9875-00105ACE7734}
O42 - Logiciel: MSN - (.Unknown owner.) [HKLM] -- MSNINST
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MUSICMATCH Jukebox - (.Unknown owner.) [HKLM] -- MUSICMATCH Jukebox
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Unknown owner.) [HKLM] -- Microsoft .NET Framework 1.1 (1033)
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB2656353) - (.Unknown owner.) [HKLM] -- M2656353
O42 - Logiciel: Microsoft .NET Framework 1.1 Security Update (KB979906) - (.Unknown owner.) [HKLM] -- M979906
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft ActiveSync 4.0 - (.Microsoft Corporation.) [HKLM] -- {B208806F-A231-4FA0-AB3F-5C1B8979223E}
O42 - Logiciel: Microsoft AutoRoute Express GB 2000 - (.Microsoft Corp..) [HKLM] -- Microsoft ARX GB 2000
O42 - Logiciel: Microsoft Office XP Media Content - (.Microsoft Corporation.) [HKLM] -- {90300409-6000-11D3-8CFE-0050048383C9}
O42 - Logiciel: Microsoft Office XP Professional - (.Microsoft Corporation.) [HKLM] -- {91110409-6000-11D3-8CFE-0050048383C9}
O42 - Logiciel: Microsoft Outlook Personal Folders Backup - (.Microsoft Corporation.) [HKLM] -- {C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
O42 - Logiciel: Microsoft Publisher 2002 - (.Microsoft Corporation.) [HKLM] -- {91190409-6000-11D3-8CFE-0050048383C9}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 - (.Microsoft Corporation.) [HKLM] -- {FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
O42 - Logiciel: Oozic Player - (.Unknown owner.) [HKLM] -- Oozic Player
O42 - Logiciel: PowerDVD 5.1 - (.Unknown owner.) [HKLM] -- {6811CAA0-BF12-11D4-9EA1-0050BAE317E1}
O42 - Logiciel: PowerQuest Drive Image 2002 - (.PowerQuest.) [HKLM] -- InstallShield_{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE}
O42 - Logiciel: QuickTime - (.Unknown owner.) [HKLM] -- QuickTime
O42 - Logiciel: RVS-COM Plus - (.RVS Datentechnik GmbH, München.) [HKLM] -- {8A7D7547-D864-4D2A-AB35-FDE1023CCF42}
O42 - Logiciel: RealPlayer Basic - (.Unknown owner.) [HKLM] -- RealPlayer 6.0
O42 - Logiciel: Sage 50 Accounts 2010 - (.Sage (UK) Ltd.) [HKLM] -- InstallShield_{7061F715-D782-4120-A034-2B4B4F28CC1D}
O42 - Logiciel: Sage MIS 3.01 - (.Unknown owner.) [HKLM] -- Sage MIS 3.01
O42 - Logiciel: Sage Report Designer Service Pack - (.Sage (UK) Ltd..) [HKLM] -- {808E694F-2A5F-44A7-BA82-8431B866B2C1}
O42 - Logiciel: Sage SBD Desktop Install - (.Sage (UK) Ltd..) [HKLM] -- {DABA5DDF-3EB5-4BC8-A20D-7B14C7B8F482}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2657424
O42 - Logiciel: Security Update for Microsoft Windows (KB2564958) - (.Microsoft Corporation.) [HKLM] -- KB2564958
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB2183461) - (.Microsoft Corporation.) [HKLM] -- KB2183461-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB2360131) - (.Microsoft Corporation.) [HKLM] -- KB2360131-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB2416400) - (.Microsoft Corporation.) [HKLM] -- KB2416400-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB2482017) - (.Microsoft Corporation.) [HKLM] -- KB2482017-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB2497640) - (.Microsoft Corporation.) [HKLM] -- KB2497640-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB2510531) - (.Microsoft Corporation.) [HKLM] -- KB2510531-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB2530548) - (.Microsoft Corporation.) [HKLM] -- KB2530548-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB2544521) - (.Microsoft Corporation.) [HKLM] -- KB2544521-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB2559049) - (.Microsoft Corporation.) [HKLM] -- KB2559049-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB2586448) - (.Microsoft Corporation.) [HKLM] -- KB2586448-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB2618444) - (.Microsoft Corporation.) [HKLM] -- KB2618444-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB969897) - (.Microsoft Corporation.) [HKLM] -- KB969897-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB971961) - (.Microsoft Corporation.) [HKLM] -- KB971961-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB972260) - (.Microsoft Corporation.) [HKLM] -- KB972260-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB974455) - (.Microsoft Corporation.) [HKLM] -- KB974455-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB976325) - (.Microsoft Corporation.) [HKLM] -- KB976325-IE8
O42 - Logiciel: Security Update for Windows Internet Explorer 8 (KB978207)
This site will not allow me to paste the entire contents of the file.
What problem are you having with my FTP folder? Both the files you want are there in their entirety.

regards

Robert
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 6, 2012 at 04:18 PM
0
Thank you
Hi Robert,

Some wise &$)_%#@7 had reported to Speedshare that ZHP Diag were spam. I wrote to Speedyshare and I was able to retreive your original log. Mind you, for the time you and I wasted, this, to say the least, disgracefull and somber skunk has been bannish from Speedyshare and all of his reports will be ignored.

I now have you full log and I will get back to you soon.

I trust that you have ZHP Fix.

Catch you in a while crocodile.
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 6, 2012 at 04:46 PM
0
Thank you
Dear Robert

The entire log gave me a good picture of your system and its infections.

There is not only adware but a rootkit. The rootkit prevented Malwarebyte to see the infections.

The rootkit is obvious when I saw this:

HKLM\Software\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}] =>Adware.Hotbar

Here is what I would like you to do and please follow my instructions to the letter otherwise we will be marooned up the stream without an oar.

1. Launch ZHP Fix

2. Click on the large "H" which stands for the Hospital's emergency ward

3. Copy the following items and paste them in the window. Once you have pasted, click on "GO" and close ZHP Fix. Here are the items.

P2 - FPN: [HKLM] [@viewpoint.com/VMP] - (.Unknown owner - MetaStream 3 Plugin r4.) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} () - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O40 - ASIC: Viewpoint Media Player - {03F998B2-0E00-11D3-A498-00104B6EB52E} . (.Viewpoint Corporation - Viewpoint Media Player for Internet Explorer.) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
O40 - ASIC: Viewpoint Media Player - {1B00725B-C455-4DE6-BFB6-AD540AD427CD} . (.Viewpoint Corporation - Viewpoint Media Player for Internet Explorer.) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
O42 - Logiciel: Viewpoint Media Player - (.Unknown owner.) [HKLM] -- ViewpointMediaPlayer [HKLM\Software\MetaStream]
[HKLM\Software\Viewpoint]
O43 - CFD: 11/11/05 - 14:12:04 - [7.209] ----D- C:\Program Files\Viewpoint
[HKLM\Software\MozillaPlugins\@viewpoint.com/VMP] [HKLM\Software\Classes\axmetastream.metastreamctl] [HKLM\Software\Classes\axmetastream.metastreamctl.1]
[HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary] [HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1] [HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] => Infection BT (Adware.MetaStream)
[HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer] C:\Program Files\Viewpoint

4. I shall now prescribe to you a very powerfull antidote that is able to kill and send any virus, including the rootkit to the glue factory. It is of very last resort and should not be abused of, as matter of a fact, once you have used it, I suggest you delete it from your system.

To keep your system safe, you must follow the instructions hereunder to the letter:

First step, boot your system in safe mode with networking

1. Download Combofix to your desktop.

http://www.combofix.org/download.php

2.Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

3. Double click on the ComboFix icon.

Windows will issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.

4. Accept the disclaimer and the recovery

5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.

ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.

If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.

Once you are done, report to me on how your system is behaving.

Good luck

Ambucias

P.S. After you are done, I would appreciate anothe ZHP Diag log which you put on Speedyshare. Thanks
Hi Ambucias
I followed your instructions implicitly, I have pasted the file you requested on speedyshare here is the upload link http://speedy.sh/CA6aG/ZHPDiag.txt
There is also the combofix log which I have pasted here is that upload link http://speedy.sh/aVfeS/ComboFix.txt

Unfortunately I still have the problem with explorer and my desktop links.

What should I do now?
I am extremley grateful for you help, it is very frustrating.
regards

Robert PS the log files are also in my ftp folder
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 7, 2012 at 04:04 PM
0
Thank you
Greetings again Robert,

Well I am happy to report that your system is now virus free and as clean as whisle, kind of squeaky clean.

I am also happy to see that you are using F-Secure as your antivirus. The best in the market along with Kaspersky.

As far as your desktop shortcut problem, there are least 50 items all related to your desktop and there are some applications which must be updated such as your ctf/loader.

Please open ZHP Fix and click on H

The following are redundant keys

Please copy and paste in ZHP Fix and click on Go

O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to DELL 2.5 (861wq0j).lnk - Orphean Key => Orphean Key not necessary
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to Main (Alexpc).lnk - Orphean Key => Orphean Key not necessary
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to PAYE TIMEWARE5.ofm.lnk . (...) -- \\861wq0j\C\OFISFORM\FORMSLIB\PAYE TIMEWARE5.ofm (.not file.) => Fichier absent
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to DELL 2.5 (861wq0j).lnk - Orphean Key => Orphean Key not necessary
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to Main (Alexpc).lnk - Orphean Key => Orphean Key not necessary
O4 - Global Startup: C:\Documents And Settings\Tain Pottery 3\Desktop\Shortcut to PAYE TIMEWARE5.ofm.lnk . (...) -- \\861wq0j\C\OFISFORM\FORMSLIB\PAYE TIMEWARE5.ofm (.not file.)

Do you intend to keep the application Acronis True Image. If not, I would delete it or update it. Without the update it's creating a conflict.

Acrobat Reader and Quick Time must also be updated, in other words, install the latest updates.

I suggest that you click on start, all programmes and then on Microdoft updates to get the latest.

There is an abundance of shortcuts on your desktop. You should have a maximum of 25 or 30 or it will affect speed and performance. Delete as many as you can.

Last but not least, about the CTF Loader...

Click on start and run.
Type cmd and click ok...a black window will open
Type sfc/scannow and press enter. Let it run.
Tell me the message and close.

Defragment your harddrive all let me know how your system perform.

We are almost there, so chin up
Hi Ambucias
When I ran scannow I was prompted for XP installation disc which I have inserted, according to the progrees bar it is about 50% complete, it is taking a long time, I will be patiemt.
I will keep you informed.

Thanks again

regards

Robert
Hi Ambucias
The scannow completed whilst I was out of the room, the black screan was still evident showing the path in windows C:\Documents and Settings\Tain pottery3>-
I have removed a lot of shortcuts from the desktop, I have not removed Acronis yet as I have a full back up I made before we started trying to resolve the current issue, which unfortunately still prevails. The strange thing is it performs program openig and file opening within the program as fast as when it was brand new, however browsing with explorer and opening files directly, take about a minute or more of "egg timer"

What next? Should I run the scannow again?

Thank you

regards

Robert
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 8, 2012 at 04:57 AM
0
Thank you
Robert,

The reason you were prompted is that the system found corrupted or missing files which can only be found on the disk.

Thank you for your feedback and patience.
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 8, 2012 at 06:01 AM
0
Thank you
Hi Rob,

No no need for scannow. Your system is clean so it may just be a matter of performance.

If you have not updated your Windows latetely, I suggest you do it.

1. Click on run again, cmd and type chkdsk (to check your disk)

2. Download, install and run

http://ccm.net/download/download-1403-ccleaner-portable

3. I believe your have Eusing Free Registry cleaner. Please run and delete all the items found.

4. I find this defragmenting tool more efficient that the Window tool. Please run it.

http://ccm.net/download/download-10129-defraggler

5. Let me know if there is any improvement
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 8, 2012 at 06:02 AM
P.S. Signing out for 10 hours
Hi Ambrucius
I have carried out all your instructions, it would appear our efforts to resolve the problem have had no effect, when I use explorer to command any action there is about a 50 second delay before anything happens. If I navigate "my computer" from another networked PC there is no problem and the commands are executed almost instantaneously, so the problem must lie within "windows explorer" on the host machine, would you agree?

Thank you

regards Robert
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 9, 2012 at 06:08 AM
0
Thank you
Dear Crobart,

Not Ambrucius but Ambucias!;-)

Well this is a sticky wicket indeed. 50 seconds to open a file is very long and life is very short.

You are no doubt correct, the issue resides with Windows Explorer. I suggest that you run sfc/scannow again and have your Windows CD's ready.

Let me know and if need be, I will ask a friend (Sundar) for advice. My expertise resides with managing the trojan horses slaughter house.

Chin up, we will get this fix.

Ambucias, alias Jules
Hi Ambucias aka Jules
Sorry about the typo it is a name I have never encountered before I am curious as to its origin? Ancient Greek perhaps?
The first time I ran sfc/scannow I got amessage telling me files were missing because it took a long time I missed the conclusion but there was no message or acknowledgement any changes had taken place, so I ran it again did not get the same message it still took a long time with no message indicating it had been successful or otherwise.

Thank you for all your endeavour and advice.

regards

Rob
Hi Again

I forgot to mention when I ran chkdsk I was informed there was empty space allocated as occupied, I was instructed to run chkdsk/f which I did to correct the situation. Also the drive was only 1% fragmented ran defraggler it is now 0% fragmented.

Thanks again

Regards

Rob
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 9, 2012 at 04:50 PM
0
Thank you
Greetings Robert, mate

Ambucias, in mythology is one took sides with Lucifer. He leads all of hell's orchestras and commands 30 legions; totally the opposite of myself.

In which part of UK are you?

If we get through this successfully, what are my chances to get invited, for Her Majesty's diamond jubilee, to the Trooping the Colour ceremony and her garden party which will follow ? Do you have any contacts?

So the situation is that it still takes you 50 seconds on Big Ben to open a programme or a file from the desktop. Can I assume that it is similar if you go through that start, all programmes menu?

It is very bizarre that the problem does not occur with a remote computer.

I will wait for the above answer and while you are at it, could you please send me another ZHP Diag. I would to see if anything has changed, not a virus, but if I can detect anything that cause a slowdown.

If I can't find anything, in the morning, eastern Canada time, I will contact Sundar for his opinion.

It's a pleasure corresponding with you.

Catch you later
Hi Ambucias
Although I was born in Fulham, London I have resided the last 20 years in Tain. This is a very small town in the Scottish Highlands, 40 miles north of inverness, I am a potter by trade. Sorry don't really have any connections with HRH apart from when I pay my tax HMRC, but by all means look me up if you are in the UK I would be delighted entertain you my wife is a fine cook.
I can't quite believe it, I have just been on the sick PC and it appears to be functioning completely normally. The last things I did yesterday was run sfc/scannow the only difference being that another PC which is on the network and not used very often was turned on.
I will say the overall performance has improved in terms of speed by about 30% so hats off to you Jules your endeavour has been highly productive. There is however one small concern, because things appeared to have been resolved, I automaticaly created a restore point, which happened far too quickly, I don't believe it has been created.
When I first started having problems I tried a system restore, the machine went through the motions
but was not successful, is there any way to check if system restore is working?

Thanks again for all your hard work do you still want a ZHPdiag. also which of the many diagnostics we installed should I remove from my machine?

Where abouts in Canada do you reside, my son (23) is visiting his girlfriend in Toronto in march.

Thanks

Rob
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 10, 2012 at 05:21 AM
0
Thank you
Hip pip pip! Hooray!
Hip pip pip! Hooray!
Hip pip pip! Hooray!

Dear Robert

It doesn't take long for a restore point to be created. If you go to all programmes, tools, system restore and then check retore to a previous date and time a window with a calendar will open. If you click on the date in bold caracters, in the right pane you should see the details of the point you created. The only way to check if it will work is to perform the restore which I would not recommend at this time.

I had never thought about another computer on the network, I'm glad you got the flash.

A potter you say. Not only is it your trade, you are an artist you have all of my respect and admiration. It's nice to know that there still some artisans that make a living off their art and fine pottery that isn't cheap factory made in China.

Do you think that Scotland will ever separate from the UK? I hope not!

I was born in Montreal but now live in Shawinigan, Quebec. Shawinigan is a native word which means "Battle on the cliff". Toronto is a good 8 hour drive from here. I'm a retired officer from the army and ex teacher of History.

God save the Queen

Good luck to you.
Jules
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 10, 2012 at 05:43 AM
I forgot...

Yes you may remove all of the disgnostic tools. ZHP Diag is removed from the add/remove programmes utility in the control panel.
Robert Hudson 1 Posts Friday February 10, 2012Registration date February 10, 2012 Last seen - Feb 10, 2012 at 10:22 AM
Hi Jules
Thanks again for your invaluale instruction, I found your new location from the email I was sent.
You can see my pottery at my web site www.tainpottery.co.uk we have been established for 17 years.
I am 61 years young, play a lot of golf enjoy good wine(but not too much) and have been with my wife for over 40 years. I have 3 children the eldest is 23 has a masters degree in engineering and is a trainee patent attourney in London, my daughter is 18 in her first year at Glagow Uni reading English and my youngest boy is 17 does't know which way or where he is going.
I am lucky to live in such a beautiful location just a couple of miles from work, where we manage to earn a modest living from the Summer visitors.
You must find what you are doing now in stark contrast to the military?
Did you not want to go back to teaching?

OH by the way I have joined your membership

Thanks once again for all your help and encouragement

reagards

Rob
Ambucias 53232 Posts Monday February 1, 2010Registration date July 17, 2018 Last seen - Feb 10, 2012 at 04:26 PM
0
Thank you
Robert,

I sent you a private message.

This thread will now be closed to writables.

My very best regards