Author Topic: Ad popups, multiple IE instances, wave sound muted (Read 1172 times)

Pchink · « **on:** July 20, 2010, 08:26:09 PM »

Title says it all... thanks in advance!

Here is the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:24:11, on 2010-07-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Emsisoft\Online Armor\oasrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Emsisoft\Online Armor\oaui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Emsisoft\Online Armor\OAhlp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Louis Huppé\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Documents and Settings\Louis Huppé\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Louis Huppé\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Louis Huppé\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Louis Huppé\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Louis Huppé\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\ATI Technologies\ATI.ACE\StartUpDualCoreCenter.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\OAcat.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\oasrv.exe

--
End of file - 9512 bytes

guestolo · « **Reply #1 on:** July 20, 2010, 10:55:48 PM »

Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click on OTL.exe to run it
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Pchink · « **Reply #2 on:** July 20, 2010, 11:26:05 PM »

Hi,

Thanks for the reply! Unfortunately, when I click on the link I have an error, I don't have permission to access to the file... Do you have another link to the program ?

Edit: never mind, I managed to download it anyway, log coming soon

Pchink · « **Reply #3 on:** July 21, 2010, 07:39:38 AM »

Hi guestsolo,

The program has been running for a good 6 hours now and still hasn't finished...I'm thinking there's something wrong there...

Also, when I started it there was no Run Scan button, only a cmd window and a cursor moving in random places. I'll be at work today so if you post another solution I'll try it tonight.

Many thanks for your time!

guestolo · « **Reply #4 on:** July 21, 2010, 08:49:48 AM »

I'm not sure where you got OTL.exe downloaded from, but the link I supplied is not working at the moment
Please only try and download any tools I supply from ONLY the links I supply
I'm not quite sure what you are running

Try the following instead
Download DDS and save it to your desktop from [color="#FF0000"]here[/color]
Disable any script blocker, and then double click on dds.scr to run it
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to this topic.

Pchink · « **Reply #5 on:** July 21, 2010, 04:46:58 PM »

DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Louis Hupp‚ at 17:45:53,01 on 2010-07-21
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3071.2393 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe 4
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
svchost.exe 4
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Louis Huppé\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Louis Huppé\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Louis Huppé\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\louis huppé\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [@OnlineArmor GUI] "c:\program files\emsisoft\online armor\oaui.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dualco~1.lnk - c:\program files\ati technologies\ati.ace\StartUpDualCoreCenter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\emsisoft\online~1\oaevent.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\louish~1\applic~1\mozilla\firefox\profiles\sa9vo2md.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - plugin: c:\documents and settings\louis huppã©\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2008-4-12 16384]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-18 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-7-18 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-7-18 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-7-18 28232]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-18 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-18 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-18 60936]
R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-7-18 1283400]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2010-3-18 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S2 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-7-18 3364680]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-7-17 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2008-4-12 109056]
S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\ati technologies\ati.ace\ntglm7x.sys --> c:\program files\ati technologies\ati.ace\NTGLM7X.sys [?]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2008-4-12 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-4-12 15232]
S3 RushTopDevice2;RushTopDevice2;\??\c:\program files\ati technologies\ati.ace\rushtop.sys --> c:\program files\ati technologies\ati.ace\RushTop.sys [?]

=============== Created Last 30 ================

2010-07-21 01:23:08   0   d-----w-   c:\program files\Trend Micro
2010-07-18 22:12:28   0   d-----w-   c:\docume~1\louish~1\applic~1\OnlineArmor
2010-07-18 22:12:28   0   d-----w-   c:\docume~1\alluse~1\applic~1\OnlineArmor
2010-07-18 22:12:13   28232   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-07-18 22:12:13   236104   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-07-18 22:12:13   22600   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-07-18 22:12:09   0   d-----w-   c:\program files\Emsisoft
2010-07-18 22:05:16   0   d-----w-   c:\docume~1\louish~1\applic~1\Avira
2010-07-18 22:04:24   0   d-----w-   c:\windows\system32\NtmsData
2010-07-18 21:59:50   60936   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-07-18 21:59:49   0   d-----w-   c:\program files\Avira
2010-07-18 21:59:49   0   d-----w-   c:\docume~1\alluse~1\applic~1\Avira
2010-07-18 00:39:16   588   ----a-w-   c:\windows\system32\settingsbkup.sfm
2010-07-18 00:39:16   588   ----a-w-   c:\windows\system32\settings.sfm
2010-07-18 00:21:29   0   d-----w-   c:\program files\Spybot - Search & Destroy
2010-07-18 00:21:29   0   d-----w-   c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-17 20:57:32   30528   ----a-w-   c:\windows\system32\BMXCtrlState-{00000005-00000000-00000000-00001102-00000004-10071102}.rfx
2010-07-17 20:57:32   30528   ----a-w-   c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000004-10071102}.rfx
2010-07-17 20:57:32   11564   ----a-w-   c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000004-10071102}.rfx
2010-07-17 20:57:11   4931577   ----a-w-   c:\windows\{00000005-00000000-00000000-00001102-00000004-10071102}.BAK
2010-07-17 20:55:59   4931577   ----a-w-   c:\windows\{00000005-00000000-00000000-00001102-00000004-10071102}.CDF
2010-07-17 20:55:46   0   d-----w-   c:\program files\common files\Creative Labs Shared
2010-07-17 19:12:01   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 20:04:10   7062   ----a-w-   c:\windows\system32\audiopid.vxd
2010-07-09 01:34:05   0   d-----w-   c:\docume~1\louish~1\applic~1\TS3Client
2010-07-09 01:33:49   0   d-----w-   c:\program files\TeamSpeak 3 Client

==================== Find3M ====================

2010-07-21 12:40:30   6291456   ---ha-w-   c:\documents and settings\louis huppé\NTUSER.DAT
2010-07-17 20:55:16   445016   ----a-w-   c:\windows\system32\wrap_oal.dll
2010-07-17 20:55:16   109144   ----a-w-   c:\windows\system32\OpenAL32.dll
2010-06-04 14:23:37   16504   ---ha-w-   c:\windows\system32\mlfcache.dat
2010-05-06 10:41:53   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-02 05:22:50   1851264   ----a-w-   c:\windows\system32\win32k.sys
2008-07-20 23:54:02   349   ----a-w-   c:\program files\INSTALL.LOG
2003-12-18 15:33:46   20102   ----a-w-   c:\program files\Readme.txt
2003-09-03 11:46:54   10960   ----a-w-   c:\program files\EULA.txt
2008-09-05 19:14:34   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 17:46:13,62 ===============

Attach.txt:`

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2008-04-11 22:21:41
System Uptime: 2010-07-21 17:39:04 (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7345
Processor: Intel Pentium III Xeon processor | CPU 1 | 3005/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 76,493 GiB free.
D: is FIXED (NTFS) - 368 GiB total, 327,927 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 279 GiB total, 133,122 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP495: 2010-04-22 19:07:54 - System Checkpoint
RP496: 2010-04-23 19:09:25 - System Checkpoint
RP497: 2010-04-24 20:18:40 - System Checkpoint
RP498: 2010-04-25 21:59:00 - System Checkpoint
RP499: 2010-04-26 23:07:38 - System Checkpoint
RP500: 2010-04-27 23:11:55 - System Checkpoint
RP501: 2010-04-29 12:20:26 - System Checkpoint
RP502: 2010-04-30 21:49:47 - System Checkpoint
RP503: 2010-05-02 15:21:08 - System Checkpoint
RP504: 2010-05-03 19:39:59 - System Checkpoint
RP505: 2010-05-05 11:27:17 - System Checkpoint
RP506: 2010-05-06 11:39:17 - System Checkpoint
RP507: 2010-05-09 19:20:12 - System Checkpoint
RP508: 2010-05-10 22:55:31 - System Checkpoint
RP509: 2010-05-11 22:58:32 - System Checkpoint
RP510: 2010-05-12 00:20:08 - Software Distribution Service 3.0
RP511: 2010-05-13 14:51:14 - System Checkpoint
RP512: 2010-05-14 16:11:01 - System Checkpoint
RP513: 2010-05-15 17:03:57 - System Checkpoint
RP514: 2010-05-16 19:30:10 - System Checkpoint
RP515: 2010-05-17 19:42:41 - System Checkpoint
RP516: 2010-05-18 21:46:06 - System Checkpoint
RP517: 2010-05-19 21:57:51 - System Checkpoint
RP518: 2010-05-20 23:04:19 - System Checkpoint
RP519: 2010-05-23 15:08:12 - System Checkpoint
RP520: 2010-05-24 23:23:50 - System Checkpoint
RP521: 2010-05-27 18:09:27 - System Checkpoint
RP522: 2010-05-29 23:54:43 - Software Distribution Service 3.0
RP523: 2010-05-31 10:12:15 - System Checkpoint
RP524: 2010-06-02 19:25:55 - System Checkpoint
RP525: 2010-06-03 20:19:54 - System Checkpoint
RP526: 2010-06-04 09:21:23 - Installé iTunes
RP527: 2010-06-06 18:19:34 - Software Distribution Service 3.0
RP528: 2010-06-08 12:58:49 - System Checkpoint
RP529: 2010-06-11 19:00:38 - System Checkpoint
RP530: 2010-06-13 20:13:00 - Software Distribution Service 3.0
RP531: 2010-06-15 19:04:08 - System Checkpoint
RP532: 2010-06-25 17:47:10 - System Checkpoint
RP533: 2010-07-02 18:17:44 - System Checkpoint
RP534: 2010-07-04 21:59:29 - System Checkpoint
RP535: 2010-07-06 13:58:06 - System Checkpoint
RP536: 2010-07-08 18:55:25 - System Checkpoint
RP537: 2010-07-10 11:58:23 - Software Distribution Service 3.0
RP538: 2010-07-11 16:03:47 - Installed Creative Audio Console
RP539: 2010-07-11 16:04:08 - Installed Creative Software AutoUpdate
RP540: 2010-07-12 17:29:07 - System Checkpoint
RP541: 2010-07-14 20:38:34 - System Checkpoint
RP542: 2010-07-17 15:12:30 - Software Distribution Service 3.0
RP543: 2010-07-17 16:55:38 - Installé Creative Audio Console
RP544: 2010-07-17 16:55:55 - Installé Creative Software AutoUpdate
RP545: 2010-07-18 18:12:17 - Online Armor installation
RP546: 2010-07-19 22:53:30 - Removed Adobe Reader 8.2.3
RP547: 2010-07-20 21:23:07 - Installed HiJackThis

==== Installed Programs ======================

7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Utilitaire de désinstallation du logiciel
ATI Catalyst Control Center
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CDDRV_Installer
CDex extraction audio
Coffret de pilotes Logitech QuickCam
Counter-Strike: Source
Creative Audio Console
Creative Software AutoUpdate
Critical Update for Windows Media Player 11 (KB959772)
Dawn of War Gold
Defense Grid: The Awakening
Digidesign Pro Tools LE 7.3.1
Digidesign Shared Plug-Ins 7.3
DualCoreCenter
ERUNT 1.1j
Free Bomb Factory Plug-Ins 7.3
Google Chrome
Guitar Pro 5.0
Guitar Pro 6
Half-Life 2
HD Tune 2.54
High Definition Audio Driver Package - KB888111
HiJackThis
HijackThis 2.0.2
Homeworld2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ID3-TagIT 3
InterLok Driver Kit
iTunes
Java DB 10.3.1.4
Java(TM) 6 Update 15
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 6
Junk Mail filter update
KhalInstallWrapper
Left 4 Dead
Left 4 Dead 2
Logitech QuickCam
Logitech Registration
Logitech SetPoint
Malwarebytes' Anti-Malware
Mass Effect
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Module de compatibilité pour Microsoft Office System 2007
Mozilla Firefox (3.6.6)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
msxml4
Nero 7 Demo
Online Armor 4.0
Plants Vs Zombies Demo
Portal
Power Tab Editor 1.7
PunkBuster Services
Quake 4(TM)
Quick Startup 2.6.0.656
QuickTime
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SimCity 4 Deluxe
Skype™ 4.2
Spybot - Search & Destroy
Steam
TeamSpeak 3 Client
Torchlight
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VDMSound
VLC media player 1.0.0
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
X-COM: Terror from the Deep
X-COM: UFO Defense
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

2010-07-18 18:12:25, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
2010-07-18 18:12:25, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
2010-07-18 18:12:25, error: Service Control Manager [7031] - The Universal Plug and Play Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2010-07-18 17:58:52, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
2010-07-18 17:58:52, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\LOUISH~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
2010-07-18 17:58:52, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
2010-07-18 13:58:30, error: System Error [1003] - Error code 1000000a, parameter1 00ecbedc, parameter2 00000002, parameter3 00000001, parameter4 804e75b7.

==== End Of File ===========================

guestolo · « **Reply #6 on:** July 21, 2010, 09:22:27 PM »

Nothing popping out at me, can you do the following please, let's see what we see, there's a good chance this will unveil any problems

Download ComboFix from ONLY this location
[color="#0000FF"]Link [/color]
[color="#FF0000"]Save it ONLY to your Desktop[/color]

--------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Pchink · « **Reply #7 on:** July 21, 2010, 10:20:18 PM »

Hi guestsolo,

Another problem popped up. ComboFix displayed a message that I have ESET Nod antivirus active scan, even though I don't, I disabled avira and Online Armor, those were the only security programs running. I uninstalled Nod antivirus a couple of weeks ago.

Also, ComboFix did restart my machine about 3 times in a row, and now the pc's back but I have no log file, nor did the program prompted to create a log file.

I'm tempted to just give up and format the whole thing and reinstall from scratch, although I'd prefer not to do this, as I have quite a lot of documents that I don't want to loose...

Is there something else I can try ?

Thanks!

guestolo · « **Reply #8 on:** July 21, 2010, 10:25:04 PM »

Let's ensure that ESET AV is not still installed
Can you follow the following link, download the uninstaller to desktop
Then run it in safe mode as described in the following link

http://kb.eset.com/esetkb/index?page=content&id=SOLN2289

Pchink · « **Reply #9 on:** July 21, 2010, 10:36:10 PM »

I ran the uninstaller, it didn't find any installed product, pretty weird!

This is the log file, nothing really interesting in there but here is it anyway:

>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[07/21/10 23:31:45]   C:\Documents and Settings\Louis Huppé\Desktop\ESETUninstaller.exe 4.0.14.0
[07/21/10 23:31:45]   Input arguments:
[07/21/10 23:31:47]   Online (PC booted from fixed disk) mode detected.

[07/21/10 23:31:47]   WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y

[07/21/10 23:32:00]   Scanning available operating systems ...

[07/21/10 23:32:00]   Available operating systems, which AV product can be removed from:

[07/21/10 23:32:00]   [1]
[07/21/10 23:32:00]   Product Name: Microsoft Windows XP
[07/21/10 23:32:00]   Current Version: 5.1.3.2600.WinNT.x86
[07/21/10 23:32:00]   Volume: C:\
[07/21/10 23:32:00]   System Root: C:\WINDOWS
[07/21/10 23:32:00]   Program Files: C:\Program Files
[07/21/10 23:32:00]   Common application data folder: C:\Documents and Settings\All Users\Application Data
[07/21/10 23:32:00]   Common programs folder: C:\Documents and Settings\All Users\Start Menu\Programs
[07/21/10 23:32:00]   Device path folder: C:\WINDOWS\inf
[07/21/10 23:32:00]   Drives mapping:
[07/21/10 23:32:00]   Current Letter: C   Native Letter: C
[07/21/10 23:32:00]   Current Letter: D   Native Letter: D
[07/21/10 23:32:00]   Current Letter: F   Native Letter: F

[07/21/10 23:32:00]   Scanning installed AV products ...

[07/21/10 23:32:00]   No supported AV product installed!

[07/21/10 23:32:01]   Log file location: "C:\Documents and Settings\Louis Huppé\Desktop\~ESETUninstaller.log"

[07/21/10 23:32:01]   Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>

guestolo · « **Reply #10 on:** July 21, 2010, 10:45:11 PM »

Can you navigate to MyComputer>>Local disk C:>>> Take a look if ComboFix.txt actually exists
If it does, post it's contents back here

Pchink · « **Reply #11 on:** July 21, 2010, 10:47:29 PM »

There is no ComboFix.txt file under c:\, but there is one in C:\ComboFix, but it looks like an incomplete log, here is the content:

ComboFix 10-07-21.01 - Louis Huppé 2010-07-21 23:03:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3071.2579 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\Louis Huppé\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

That's all that's in the file.

guestolo · « **Reply #12 on:** July 21, 2010, 10:50:29 PM »

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Pchink · « **Reply #13 on:** July 21, 2010, 10:55:20 PM »

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Online Armor 4.0
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 15
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 6
Java DB 10.3.1.4
Out of date Java installed!
Adobe Flash Player 10.1.53.64
````````````````````````````````
Process Check:
objlist.exe by Laurent
Tall Emu Online Armor OAcat.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

guestolo · « **Reply #14 on:** July 21, 2010, 11:06:06 PM »

Delete your copy of ComboFix
Download a fresh copy and save to desktop
Reboot your computer into Safe mode
Run ComboFix in safe mode and let it run to completion

Post it's log

NOTE: If it needs to reboot your computer, back in Windows, do NOT let your AV or Firewall software interfere

Pchink · « **Reply #15 on:** July 22, 2010, 12:23:00 AM »

ComboFix 10-07-21.01 - Louis Huppé 2010-07-22 1:10.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3071.2843 [GMT -4:00]
Lancé depuis: c:\documents and settings\Louis Huppé\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\documents and settings\Louis Huppé\Recent\Thumbs.db
c:\program files\INSTALL.LOG
c:\windows\TEMP\logishrd\LVPrcInj01.dll
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((((((( Fichiers créés du 2010-06-22 au 2010-07-22 ))))))))))))))))))))))))))))))))))))
.

2010-07-22 05:10 . 2010-07-22 05:10   --------   d-sh--w-   c:\documents and settings\NetworkService\PrivacIE
2010-07-22 05:01 . 2010-07-22 05:01   --------   d-----w-   C:\rsit
2010-07-22 03:31 . 2010-07-22 03:31   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
2010-07-21 01:23 . 2010-07-21 01:23   --------   d-----w-   c:\program files\Trend Micro
2010-07-18 22:12 . 2010-07-19 14:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2010-07-18 22:12 . 2010-07-07 16:25   22600   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-07-18 22:12 . 2010-07-07 16:25   28232   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-07-18 22:12 . 2010-07-07 16:25   236104   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-07-18 22:12 . 2010-07-18 22:12   --------   d-----w-   c:\program files\Emsisoft
2010-07-18 22:04 . 2010-07-20 03:12   --------   d-----w-   c:\windows\system32\NtmsData
2010-07-18 18:21 . 2010-07-18 18:22   --------   d-----w-   c:\program files\ERUNT
2010-07-18 00:21 . 2010-07-18 17:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-18 00:21 . 2010-07-18 00:23   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-07-17 20:55 . 2010-07-17 20:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Creative
2010-07-17 20:55 . 2010-07-17 20:55   --------   d-----w-   c:\program files\Common Files\Creative Labs Shared
2010-07-17 19:12 . 2010-06-14 14:31   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 02:11 . 2010-07-14 02:14   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-11 19:41 . 2010-07-11 19:41   --------   d-sh--w-   c:\documents and settings\LocalService\PrivacIE
2010-07-11 19:41 . 2010-07-11 19:41   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2010-07-09 01:33 . 2010-07-09 01:33   --------   d-----w-   c:\program files\TeamSpeak 3 Client

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 04:02 . 2010-01-19 05:54   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-19 13:59 . 2008-04-12 04:49   --------   d-----w-   c:\program files\ESET
2010-07-18 22:25 . 2008-05-04 17:11   --------   d-----w-   c:\program files\MagicISO
2010-07-18 00:25 . 2010-04-02 15:50   --------   d-----w-   c:\program files\Guitar Pro 6
2010-07-17 21:02 . 2008-04-12 04:21   --------   d-----w-   c:\program files\Messenger Plus! Live
2010-07-17 20:55 . 2008-04-12 02:42   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-07-17 20:55 . 2008-05-19 03:27   445016   ----a-w-   c:\windows\system32\wrap_oal.dll
2010-07-17 20:55 . 2008-05-19 03:27   109144   ----a-w-   c:\windows\system32\OpenAL32.dll
2010-07-11 20:02 . 2008-05-19 03:27   --------   d-----w-   c:\program files\Creative
2010-07-11 19:59 . 2008-04-12 04:17   --------   dcsh--w-   c:\program files\Common Files\WindowsLiveInstaller
2010-07-11 19:59 . 2010-06-04 13:20   --------   d-----w-   c:\program files\QuickTime
2010-07-11 19:59 . 2008-12-01 00:14   --------   d-----r-   c:\program files\Skype
2010-07-11 19:59 . 2008-06-01 22:14   --------   d-----w-   c:\program files\MSN Webcam Recorder
2010-07-11 19:59 . 2008-07-03 03:31   --------   d-----w-   c:\program files\Winamp
2010-06-14 14:31 . 2008-04-12 02:17   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-07 09:51 . 2008-05-03 03:17   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-06-04 15:11 . 2010-06-04 15:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\WindSolutions
2010-06-04 14:23 . 2010-06-04 14:23   16504   ---ha-w-   c:\windows\system32\mlfcache.dat
2010-06-04 13:30 . 2009-03-12 20:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2010-06-04 13:22 . 2010-06-04 13:21   --------   d-----w-   c:\program files\iTunes
2010-06-04 13:22 . 2010-06-04 13:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-04 13:21 . 2010-06-04 13:21   --------   d-----w-   c:\program files\iPod
2010-06-04 13:21 . 2009-03-12 20:05   --------   d-----w-   c:\program files\Common Files\Apple
2010-06-04 13:21 . 2010-06-04 13:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-04 13:19 . 2010-06-04 13:18   --------   d-----w-   c:\program files\Apple Software Update
2010-06-04 13:17 . 2010-06-04 13:17   --------   d-----w-   c:\program files\Bonjour
2010-05-06 10:41 . 2007-07-27 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2007-07-27 12:00   1851264   ----a-w-   c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-01-19 06:49   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-01-19 06:49   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-04-28 19:45 . 2010-04-28 19:45   73000   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2003-12-18 15:33 . 2008-07-20 23:54   20102   ----a-w-   c:\program files\Readme.txt
2003-09-03 11:46 . 2008-07-20 23:54   10960   ----a-w-   c:\program files\EULA.txt
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Louis Huppé\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-28 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"SkyTel"="SkyTel.EXE" [2008-04-07 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16859136]
"SoundMan"="SOUNDMAN.EXE" [2008-04-07 86016]
"AlcWzrd"="ALCWZRD.EXE" [2008-04-07 2808832]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42   72208   ----a-w-   c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI4"=diomidi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Steam\\steamapps\\common\\x-com terror from the deep\\runme.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Steam\\steamapps\\common\\dawn of war gold\\W40k.exe"=
"d:\\Steam\\steamapps\\common\\dawn of war gold\\W40kWA.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"d:\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"d:\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"d:\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"d:\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"d:\\Steam\\steamapps\\u_p\\counter-strike source\\hl2.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2008-04-12 16384]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-18 236104]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-18 22600]
S1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-07-18 28232]
S2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [2010-07-18 1283400]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-03-18 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-03-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-07-17 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-03-18 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-03-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-03-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-03-18 100952]
S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2010-03-18 18904]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-03-18 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-03-18 566360]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2008-04-12 109056]
S3 DualCoreCenter;DualCoreCenter;\??\c:\program files\ATI Technologies\ATI.ACE\NTGLM7X.sys --> c:\program files\ATI Technologies\ATI.ACE\NTGLM7X.sys [?]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2008-04-12 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-04-12 15232]
S3 RushTopDevice2;RushTopDevice2;\??\c:\program files\ATI Technologies\ATI.ACE\RushTop.sys --> c:\program files\ATI Technologies\ATI.ACE\RushTop.sys [?]
S3 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-18 3364680]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-05-04 717296]
.
Contenu du dossier 'Tâches planifiées'

2010-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Louis Huppé\Application Data\Mozilla\Firefox\Profiles\sa9vo2md.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-DualCoreCenter_is1 - c:\program files\ATI Technologies\ATI.ACE\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-22 01:16
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,83,9d,00,5e,95,18,4a,a1,9c,7f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,83,9d,00,5e,95,18,4a,a1,9c,7f,\

[HKEY_USERS\S-1-5-21-1547161642-1336601894-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:11,d6,c5,cc,e5,0b,1a,6b,5c,d8,99,9e,24,0f,cb,8c,5a,3a,07,90,fc,74,3a,
50,63,d6,4e,da,f1,31,f1,75,d1,80,d8,a3,d0,33,1a,32,8a,91,94,36,2d,16,64,8e,\
"??"=hex:ab,67,17,8e,06,b6,50,b2,6f,3c,b5,de,17,fd,8a,58

[HKEY_USERS\S-1-5-21-1547161642-1336601894-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:75,51,ca,8c,79,fe,f8,f7,43,92,77,04,42,07,84,a2,74,14,a5,fd,bd,
7f,77,f7,09,81,f7,b0,a4,56,e4,20,62,2b,e5,9d,cd,74,52,ab,d3,0c,ea,e9,bf,1f,\
"rkeysecu"=hex:7e,41,58,24,fb,73,06,8b,b2,cb,c4,3e,0b,a2,d5,88
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(248)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(460)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Heure de fin: 2010-07-22 01:17:39
ComboFix-quarantined-files.txt 2010-07-22 05:17

Avant-CF: 82 636 857 344 bytes free
Après-CF: 82 619 482 112 bytes free

- - End Of File - - 307EE621EF6A7851732E14AF381290FD

guestolo · « **Reply #16 on:** July 23, 2010, 08:29:33 PM »

Sorry for the delay, can you let me know how things are now running please

Pchink · « **Reply #17 on:** July 23, 2010, 08:57:15 PM »

Hi guestsolo,

No problem, I checked on other forums and it has been found that I'm infected with the Whistler bootkit (I ran Bootkit remover from esage labs), so I'm currently in the process of removing this infection.

Thanks again for your help!

TheTechGuide Forum

News:

Author Topic: Ad popups, multiple IE instances, wave sound muted (Read 1172 times)

Pchink

Ad popups, multiple IE instances, wave sound muted

guestolo

Ad popups, multiple IE instances, wave sound muted

Pchink

Ad popups, multiple IE instances, wave sound muted

Pchink

Ad popups, multiple IE instances, wave sound muted

guestolo

Ad popups, multiple IE instances, wave sound muted

Pchink

Ad popups, multiple IE instances, wave sound muted

guestolo

Ad popups, multiple IE instances, wave sound muted

Pchink

Ad popups, multiple IE instances, wave sound muted

guestolo

Ad popups, multiple IE instances, wave sound muted

Pchink

Ad popups, multiple IE instances, wave sound muted

guestolo

Ad popups, multiple IE instances, wave sound muted

Pchink

Ad popups, multiple IE instances, wave sound muted

guestolo

Ad popups, multiple IE instances, wave sound muted

Pchink

Ad popups, multiple IE instances, wave sound muted

guestolo

Ad popups, multiple IE instances, wave sound muted

Pchink

Ad popups, multiple IE instances, wave sound muted

guestolo

Ad popups, multiple IE instances, wave sound muted

Pchink

Ad popups, multiple IE instances, wave sound muted