# Solved: Solved: Explorer not working



## stephanphilip7 (Jun 21, 2007)

I need help.

Everytime I try to open Explorer, the software stops after just a few seconds.

Does anyone know how to solve this problem.

Thanks


----------



## Soivis (Jun 20, 2007)

are there any error messages?


----------



## stephanphilip7 (Jun 21, 2007)

No error message,

It starts to download the homepage and then Explorer closes automatically.

I have the same problem with Outlook...


----------



## Soivis (Jun 20, 2007)

have you kept up with:

1. virus protection?
2. microsoft security updates?

My initial thought is that one of these two factors is interrupting microsoft designed product.


----------



## stephanphilip7 (Jun 21, 2007)

I have Avast for virus protection and I've never had any issues with it.

However, I always have a message regarding Microsoft security upgrade when I close my computer down (I have the options to close and upgrade or to close down without the installation of the upgrade).


----------



## Soivis (Jun 20, 2007)

what do you do?


----------



## stephanphilip7 (Jun 21, 2007)

I have tried both options - with and without the upgrade.

Even when I tried with the upgrade, I still get the message everytime I want to close my computer.

I have tried to restore the system, it didn't work.

I have done a scan with Avast, nothing came up as unusual.

I am now using my company's laptop tp be able to surf the Web. However, I cannot get to my messages on my desktop. However, I can still use the other softwares (Word, Excel, Powerpoint). They all work and I have access to my documents without any issues.


----------



## Soivis (Jun 20, 2007)

have you tried disabling your virus protection to see if you can get on line? Also, have you cleared your cache of temporary internet files recently?

try clearing your temp files and see if it helps.


----------



## stephanphilip7 (Jun 21, 2007)

I just deactivated the antivirus protection.

I immediately got a message from Windows security alert saying my PC was not protected.

I also emptied my Temporary Internet Files.

I still have the same issues with explorer and Outlook.

Shall I try the Microsoft upgrade again ?

Do I know to restart my PC ?


----------



## Soivis (Jun 20, 2007)

If you can't get on line, you won't be able to download updates. Are you networked, and, if so, what type of router are you using?


----------



## stephanphilip7 (Jun 21, 2007)

Yes, I have a network.

My router seems pretty standard. Company is Netgear, model WGR614.

I have access to Explorer and Outlook from my laptop connected to the same router. The router seems to be working well.

I always use only 2 out of the 4 possible connections and my wireless has always been difficult to use. Otherwise, it is the first time that I have an issue with Explorer and Outlook.


----------



## Soivis (Jun 20, 2007)

OK...this problem happened to me at home a few weeks ago. I use linksys for networking, but the situation may be the same. I contacted Linksys and described the problem to them. They were very helpful and also, subsequently, solved the problem. I recommend that you contact netgear about potential updates to the router, and let them help you through the fix. 

My problem was that I had virus protection set too high on my networked computer along with my networking software being out of date. Let netgear help solve the problem.


----------



## stephanphilip7 (Jun 21, 2007)

Thank you!

I will try that and keep you posted.

Thanks again for your time!!!


----------



## Soivis (Jun 20, 2007)

glad to help. I hope that my idea works. good luck


----------



## stephanphilip7 (Jun 21, 2007)

Hello again,

Netgear came out clean and my connection is fine according to the Netgear tech.

Unless there is another option, I think I will have to uninstall Windows. That is a pain in the neck since I have a lot of documents on my PC.

Question: Zuma deluxe (game) was installed about a week before Outlook and Explorer stopped working. Do you think Zuma might be the source of the problems...


----------



## Soivis (Jun 20, 2007)

Try uninstalling the game and find out. Games that interface with the internet sometimes mess with configurations.


----------



## stephanphilip7 (Jun 21, 2007)

I just uninstalled the game.

No change, Outlook and Explorer are still not working...


----------



## Soivis (Jun 20, 2007)

yes...uninstall Zuma and see what happens


----------



## stephanphilip7 (Jun 21, 2007)

Zuma is uninstalled.

No change...


----------



## Soivis (Jun 20, 2007)

I am a bit confused. Uninstalling Windows is an option. Have you run any diagnostics like defrag?


----------



## Soivis (Jun 20, 2007)

do you have the original software for outlook or explorer? can you uninstall them and re-install with any ease?


----------



## stephanphilip7 (Jun 21, 2007)

I haven't tried defrag yet.

I was told by a Microsoft guy that the best option was uninstalling Windows XP.

When I asked about uninstalling the browser (Explorer) only, he replied that version 6 couldn't be uninstalled by itself. That's why I'm now on uninstalling Windows but I'm really looking for a better option.

How can defrag disk help me ?


----------



## Blackmirror (Dec 5, 2006)

Hello have you tried a system restore to before you installed the game 

start run msconfig and launch from there


----------



## stephanphilip7 (Jun 21, 2007)

Yes, I tried.

It didn't help.


----------



## Blackmirror (Dec 5, 2006)

Lets see whats on your pc

Click here to download HJTsetup.exe http://www.thespykiller.co.uk/index.php?action=tpmod;dl=get5
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------



## stephanphilip7 (Jun 21, 2007)

Hi,

Since Explorer is not working, I cannot download a software from the web.

I'm not on my desktop right now, I'm using a laptop because Explorer and Outlook are not working on my desktop.

However, I already had Hijack this installed.

Here is the log file (using USB key for tranfer):

Logfile of HijackThis v1.99.1
Scan saved at 15:21:40, on 22/06/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MediaKey\Versato.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Documents and Settings\Stéphane\Mes documents\Hyjack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.daewoointernational.ca
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [WindowEnhancer] "C:\Program Files\winex\v2\winex.EXE" /U
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MediaKey\MagicRun.exe"
O4 - HKCU\..\Run: [Tlpo] C:\Documents and Settings\Stéphane\Application Data\orco.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.daewoointernational.ca
O15 - Trusted Zone: http://w3.granddictionnaire.com
O15 - Trusted Zone: http://www.granddictionnaire.com
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5E89690-ACF2-4499-B8C0-EA4AC495F692}: NameServer = 85.255.116.164,85.255.112.112
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Let me know if you need more info.


----------



## Blackmirror (Dec 5, 2006)

I will ask someone from security to have a look at your log


----------



## cybertech (Apr 16, 2002)

Run HijackThis and click Open the *Misc Tools* section

Click Open Uninstall Manager
Save list
click on the Desktop icon or select to save the list on the desktop
then click save.

Open the file and copy/paste the contents back here in your next reply.


----------



## stephanphilip7 (Jun 21, 2007)

Hi,

Here is the uninstall list:

Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
avast! Antivirus
Burn DVD 3.1 Shareware
Canon Camera Window for ZoomBrowser EX
Canon Digital Camera RS-232C TWAIN Driver
Canon Digital Camera USB WIA Driver
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Correctif Windows XP - KB873339
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885884
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
D-Helper Web Driver 
Disque de souvenirs HP
DivX 5.0.3 Bundle
Dora Sakado
DVD Pro 5.0.1 Trial Version
DVD-RAM Driver
E2give Plug-in
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
hp officejet 4100 series
Lecteur Windows Media*11
Locators Toolbar
Macromedia Flash Player
Macromedia Shockwave Player
MediaKey
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework (French)
Microsoft .NET Framework (French) v1.0.3705
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office XP Standard
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921883)
Mise à jour de sécurité pour Windows XP (KB922616)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928090)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB929969)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931768)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933566)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mp3Networks
neoDVDplus
Nero 6 Demo
Outil de suppression du ver Windows Blaster (KB833330)
Palm Desktop
Photo et imagerie HP 2.0 - All-in-One
Photo et imagerie HP 2.0 - All-in-One Pilote
Photo et imagerie HP 2.0 - hp officejet 4100 series
PowerDVD
QuickTime
RealPlayer
Same or Different
SiS 650_651_M650_M652_740
SiS 900 PCI Fast Ethernet Adapter Driver
Sony USB Driver
SoundMAX
Super DVD Copy (remove only)
Visionneuse Journal Windows Microsoft
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 


Let me know if you need more infos.


----------



## cybertech (Apr 16, 2002)

Go to Add/Remove Programs and remove these:
*E2give Plug-in
Locators Toolbar
*

Reboot and post another HJT log.


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

E2give Plug-in cannot be erased.

Locators Toolbar is now gone and was infected. When I deleted it, Avast detected a virus.

Is there another way to erase E2give Plug in ?

Thanks


----------



## cybertech (Apr 16, 2002)

Please post a new hijackthis log and we will take care of it.


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

Here is the new Hyjackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 16:38:28, on 22/06/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MediaKey\Versato.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Documents and Settings\Stéphane\Mes documents\Hyjack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.daewoointernational.ca
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [WindowEnhancer] "C:\Program Files\winex\v2\winex.EXE" /U
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MediaKey\MagicRun.exe"
O4 - HKCU\..\Run: [Tlpo] C:\Documents and Settings\Stéphane\Application Data\orco.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.daewoointernational.ca
O15 - Trusted Zone: http://w3.granddictionnaire.com
O15 - Trusted Zone: http://www.granddictionnaire.com
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5E89690-ACF2-4499-B8C0-EA4AC495F692}: NameServer = 85.255.116.164,85.255.112.112
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\Sou

Thank you!


----------



## cybertech (Apr 16, 2002)

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites: 
http://downloads.subratam.org/Fixwareout.exe 
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. 
The fix will begin; follow the prompts. 
You will be asked to reboot your computer; please do so. 
Your system may take longer than usual to load; this is normal.

*Run HJT again and put a check in the following:*

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5E89690-ACF2-4499-B8C0-EA4AC495F692}: NameServer = 85.255.116.164,85.255.112.112

*Close all applications and browser windows before you click "fix checked".*

Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .

*CAUTION!: It is possible that your Internet Service Provider requires specific settings here. Make sure you know if you need specific DNS settings here or not before you proceed to make the following changes or you may lose your internet connection. If you are sure you do not need a specific DNS address here, you may proceed.*


Double-click the *Network Connections* icon
Right-click the *Local Area Connection icon* and select *Properties*.
Hilight *Internet Protocol (TCP/IP)* and click the *Properties* button.
Be sure *Obtain DNS server address automatically* is selected. 
*OK* your way out.

Go to Start > Run and type in *cmd*

Click OK.
This will open a command prompt.
Type the following line in the command window:

*ipconfig /flushdns*

Hit Enter
Exit the command window

Now restart your machine. Post the report.txt and a new Hijackthis log.


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

Since I'm a beginner on computers, would you care to explain what means DNS settings .

Thanks


----------



## cybertech (Apr 16, 2002)

Domain Name System http://en.wikipedia.org/wiki/Domain_name_system


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

Here is the latest hjt:

Logfile of HijackThis v1.99.1
Scan saved at 10:30:04, on 23/06/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MediaKey\Versato.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Documents and Settings\Stéphane\Mes documents\Hyjack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.daewoointernational.ca
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [WindowEnhancer] "C:\Program Files\winex\v2\winex.EXE" /U
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MediaKey\MagicRun.exe"
O4 - HKCU\..\Run: [Tlpo] C:\Documents and Settings\Stéphane\Application Data\orco.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.daewoointernational.ca
O15 - Trusted Zone: http://w3.granddictionnaire.com
O15 - Trusted Zone: http://www.granddictionnaire.com
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Thank you!


----------



## cybertech (Apr 16, 2002)

Good! :up:

Please download *ATF Cleaner* by Atribune. 
*This program is for XP and Windows 2000 only*
 
Double-click *ATF-Cleaner.exe* to run the program. 
Under *Main* choose: *Select All* 
Click the *Empty Selected* button. 

Click *Exit* on the Main menu to close the program.

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
*Please copy and paste the Scan Log results in your next reply with a new hijackthis log.*

Click *Close* to exit the program.


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

When asked about the updates, I clicked on Yes and then it got installed.

But nothing else happened.

I don't get to a screen for Configurations and Preferences.

I just keep getting on the messages regarding the updates.


----------



## cybertech (Apr 16, 2002)

Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
Click Close to exit the program


----------



## stephanphilip7 (Jun 21, 2007)

Hi,

I don't see the Scanning Control Tab.

I don't see any main screens under SuperSntySpyware.

Is there another option ?


----------



## cybertech (Apr 16, 2002)

Go to add/remove programs and remove it.

*Download it again per these instructions.* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
*Please copy and paste the Scan Log results in your next reply with a new hijackthis log.*

Click *Close* to exit the program.


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

I still can't get to the main screen for the software and I'm not able to select Configurations and preferences.

Even the help of the software menu can't show up.

I have installed and uninstalled it three times without success.

Here is the lastest hjt:

Logfile of HijackThis v1.99.1
Scan saved at 13:43:06, on 23/06/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MediaKey\Versato.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Stéphane\Mes documents\Hyjack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.daewoointernational.ca
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [WindowEnhancer] "C:\Program Files\winex\v2\winex.EXE" /U
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MediaKey\MagicRun.exe"
O4 - HKCU\..\Run: [Tlpo] C:\Documents and Settings\Stéphane\Application Data\orco.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.daewoointernational.ca
O15 - Trusted Zone: http://w3.granddictionnaire.com
O15 - Trusted Zone: http://www.granddictionnaire.com
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Am I doing something wrong ???


----------



## cybertech (Apr 16, 2002)

Download and install *AVG Anti-Spyware v7.5* 

After download, double click on the file to launch the install process. 
Choose a language, click "*OK*" and then click "*Next*". 
Read the "_License Agreement_" and click "*I Agree*". 
Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "*Next*", then click "*Install*". 
After setup completes, click "*Finish*" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray. 
The main "*Status*" menu will appear. Select "_Change state_" to inactivate '*Resident Shield*' and '*Automatic Updates*'. _As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling its active protection features until your system is clean, then you can re-enable them._ 
Then right click on AVG Anti-Spyware in the system tray and *uncheck* "*Start with Windows*". 
Connect to the Internet, go back to AVG Anti-Spyware, select the "*Update*" button and click "*Start update*". 
Wait until you see the "_Update successful_" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer. 
Exit AVG Anti-Spyware when done - *DO NOT perform a scan yet*.
*Reboot your computer in SAFE MODE* using the *F8* method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". _(Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this happens press Alt + Spacebar. A menu will come open, make sure you select maximize then run the scan. If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)_

*Scan with AVG Anti-Spyware as follows*:
Click on the "*Scanner*" button and choose the "*Settings*" tab.

Under "*How to act?*", click on "*Recommended actions*" and choose "*Quarantine*" to set default action for detected malware. 
Under "*How to Scan?*", "*Possibly unwanted software*", and *What to Scan?*" leave all the default settings. 
Under "*Reports*" select "*Automatically generate report after every scan*" and *uncheck* "*Only if threats were found*". 
Click the "*Scan*" tab to return to scanning options. 
Click "*Complete System Scan*" to start. 
When the scan has finished, it should automatically be set to *Quarantine*--if not click on _Recommended Action_ and set it there. 
You will also be presented with a list of infected objects found. Click "*Apply all actions*" to place the files in Quarantine.
_*IMPORTANT!* Do not save the report before you have clicked the :*Apply all actions* button. If you do, the log that is created will indicate "*No action taken*", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button._
Click on "*Save Report*" to view all completed scans. Click on the most recent scan you just performed and select "*Save report as*" - the default file name will be in date/time format as follows: *Report-Scan-20060620-142816.txt*. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\ 
Exit AVG Anti-Spyware when done, reboot normally and post the log report in your next response.
_Note: Close all open windows, programs, and *DO NOT USE the computer while AVG Anti-Spyware is scanning*. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection._

_AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG Anti-Spyware with its real-time protection disabled. Once your system is clean you may re-enable it so you can continue using this feature for the remainder of the trial period._


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

It didn't go as well as the way it was described.

I needed to reboot my PC multiple times since Windows wouldn't start. I also had to go with the normal mode since my Windows wouldn't open up under safe mode.

The menu of the AVG software seemed different so I tried my best. Here is the info:

Trojan horse Downloader.Lemmy.S	C:\Program Files\Windows Media Player\wmplayer.exe.tmp	23/06/07 15:57:34	wmplayer.exe.tmp	48 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys1129.exe	23/06/07 15:57:36	sys1129.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys1130.exe	23/06/07 15:57:37	sys1130.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys1137.exe	23/06/07 15:57:37	sys1137.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys1139.exe	23/06/07 15:57:37	sys1139.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys1140.exe	23/06/07 15:57:37	sys1140.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys1142.exe	23/06/07 15:57:38	sys1142.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys1945.exe	23/06/07 15:57:38	sys1945.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys1948.exe	23/06/07 15:57:38	sys1948.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys1950.exe	23/06/07 15:57:38	sys1950.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys1952.exe	23/06/07 15:57:38	sys1952.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys2413.exe	23/06/07 15:57:38	sys2413.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys2414.exe	23/06/07 15:57:38	sys2414.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys2415.exe	23/06/07 15:57:38	sys2415.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys2416.exe	23/06/07 15:57:39	sys2416.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys2432.exe	23/06/07 15:57:39	sys2432.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys2433.exe	23/06/07 15:57:39	sys2433.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys2434.exe	23/06/07 15:57:39	sys2434.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys2859.exe	23/06/07 15:57:39	sys2859.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys290.exe	23/06/07 15:57:39	sys290.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys3051.exe	23/06/07 15:57:39	sys3051.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys3052.exe	23/06/07 15:57:39	sys3052.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys3054.exe	23/06/07 15:57:39	sys3054.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys3055.exe	23/06/07 15:57:39	sys3055.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys3057.exe	23/06/07 15:57:39	sys3057.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys3548.exe	23/06/07 15:57:39	sys3548.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys3549.exe	23/06/07 15:57:40	sys3549.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys3550.exe	23/06/07 15:57:40	sys3550.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys3551.exe	23/06/07 15:57:40	sys3551.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys434.exe	23/06/07 15:57:40	sys434.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys435.exe	23/06/07 15:57:40	sys435.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys755.exe	23/06/07 15:57:40	sys755.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys756.exe	23/06/07 15:57:40	sys756.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys757.exe	23/06/07 15:57:40	sys757.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys758.exe	23/06/07 15:57:40	sys758.exe	6.54 KB
Trojan horse Generic.KJL	C:\WINDOWS\sys759.exe	23/06/07 15:57:40	sys759.exe	6.54 KB
Trojan horse BackDoor.Generic.GGC	C:\WINDOWS\system32\Bpagkoqf.dll	23/06/07 15:57:40	Bpagkoqf.dll	6.5 KB
Trojan horse Generic.TAS	C:\WINDOWS\system32\latest.exe	23/06/07 15:57:40	latest.exe	56.54 KB
Trojan horse Downloader.Small.8.BE	C:\WINDOWS\system32\lsd_f3.dll	23/06/07 15:57:40	lsd_f3.dll	14 KB
Trojan horse Downloader.Small.43.AQ	C:\WINDOWS\system32\vxh8jkdq7.exe	23/06/07 15:57:41	vxh8jkdq7.exe	3 KB
Trojan horse Generic.TAS	C:\WINDOWS\system32\win32.exe	23/06/07 15:57:41	win32.exe	56.54 KB
Trojan horse Proxy.ES	C:\WINDOWS\system32\~update.exe	23/06/07 15:57:41	~update.exe	56.54 KB
Trojan horse Downloader.Generic.AJN	C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I7AZAT4P\dl[1].exe	23/06/07 15:57:41	dl[1].exe	2.91 KB
Trojan horse Downloader.Generic.AJN	C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WHSLS18Z\dl[1].exe	23/06/07 15:57:41	dl[1].exe	2.91 KB
Trojan horse Downloader.Agent.XJ	C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Y1W7230T\bobby[1].exe	23/06/07 15:57:41	bobby[1].exe	7 KB
Trojan horse Collected.6.AR	C:\WINDOWS\system32\Services\{8A95C149-5D5D-4E8F-8175-B59B32905660}\SVCHOST.DLL	23/06/07 15:57:41	SVCHOST.DLL	95.5 KB
Trojan horse WebSearch.G	C:\WINDOWS\system32\Services\{8A95C149-5D5D-4E8F-8175-B59B32905660}\SVCHOST32.DLL	23/06/07 15:57:42	SVCHOST32.DLL	53 KB
Trojan horse WebSearch.D	C:\WINDOWS\system32\Services\{A9E95792-390D-489B-AFCE-9FE52793477B}\SECURITY.DLL	23/06/07 15:57:42	SECURITY.DLL	13.5 KB
Trojan horse WebSearch.D	C:\WINDOWS\system32\Services\{CC89CCD7-B7F6-4BA2-AA9E-8FE95A2E85B2}\SECURITY.DLL	23/06/07 15:57:42	SECURITY.DLL	13.5 KB
Trojan horse WebSearch.D	C:\WINDOWS\system32\Services\{D67C083F-05C7-4CF0-A65A-31845120DD8A}\SECURITY.DLL	23/06/07 15:57:42	SECURITY.DLL	13.5 KB

Here is the latest hjt:

Logfile of HijackThis v1.99.1
Scan saved at 18:00:26, on 23/06/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Stéphane\Mes documents\Hyjack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.daewoointernational.ca
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [WindowEnhancer] "C:\Program Files\winex\v2\winex.EXE" /U
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MediaKey\MagicRun.exe"
O4 - HKCU\..\Run: [Tlpo] C:\Documents and Settings\Stéphane\Application Data\orco.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.daewoointernational.ca
O15 - Trusted Zone: http://w3.granddictionnaire.com
O15 - Trusted Zone: http://www.granddictionnaire.com
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Let me know if something can still be done.

Thanks again!


----------



## cybertech (Apr 16, 2002)

Download *WinPFind3U.exe* to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on *WinPFind3U.exe* to start the program.
In the *Files Created Within* group click *30 days*
In the *Files Modified Within* group select *30 days*
In the *File String Search* group select *Non-Microsoft*

Now click the *Run Scan* button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please post the resulting log here as an attachment.


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

I'm back now.

Here is the info you requested posted as an attachment.

Thank you again.


----------



## cybertech (Apr 16, 2002)

Start *WinPFind3U*. Copy/Paste the information in the Quotebox below into the pane where it says *"Paste fix here"* and then click the Run Fix button.



> [Registry - Non-Microsoft Only]
> < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> YN -> BullsEye Network -> %ProgramFiles%\BullsEye Network\bin\bargains.exe
> YN -> DownloadWare -> %ProgramFiles%\DownloadWare\dw.exe
> ...


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.

Restart the machine and please post your hijackthis log again.


----------



## stephanphilip7 (Jun 21, 2007)

Hi

There are days like this. My laptop is dead and since this is a holliday (Quebec's'national day), I will only be able to have someone to repair it tomorrow.

I did the quote and now waiting for the scan to complete itself.

I will get back to you when my laptop is repaired or replaced.

Till then, you can write to me on my Blackberry through this address:



Thank you again for your precious help.

Stephane


----------



## cybertech (Apr 16, 2002)

It may take that a bit so let it run.

I've removed your e-mail address because you will get spammed!


----------



## stephanphilip7 (Jun 21, 2007)

Hi,

I now have access to a computer again.

Here is the info following the steps you recommended.

[Registry - Non-Microsoft Only]
[Files/Folders - Created Within 30 days]
C:\WINDOWS\popcinfo.dat moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\popcinfo.dat not found!
[File String Scan - Non-Microsoft Only]
C:\WINDOWS\msbb_kyf.dat moved successfully.
C:\WINDOWS\silent48.exe moved successfully.
C:\WINDOWS\SYSTEM32\msdjgk.dll moved successfully.
C:\WINDOWS\SYSTEM32\msfaol.dll moved successfully.
C:\WINDOWS\SYSTEM32\msnkmi.dll moved successfully.
File not found!
< End of log >
Created on 06/25/2007 12:03:44

And the hjt:

Logfile of HijackThis v1.99.1
Scan saved at 23:37:50, on 26/06/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Stéphane\Mes documents\Hyjack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.daewoointernational.ca
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [WindowEnhancer] "C:\Program Files\winex\v2\winex.EXE" /U
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MediaKey\MagicRun.exe"
O4 - HKCU\..\Run: [Tlpo] C:\Documents and Settings\Stéphane\Application Data\orco.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.daewoointernational.ca
O15 - Trusted Zone: http://w3.granddictionnaire.com
O15 - Trusted Zone: http://www.granddictionnaire.com
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Thank you again!


----------



## cybertech (Apr 16, 2002)

Download these two programs first.
Print out these instructions so you have no browser windows open when you run the programs.

Please download *ATF Cleaner* by Atribune. 
*This program is for XP and Windows 2000 only*
 
Double-click *ATF-Cleaner.exe* to run the program. 
Under *Main* choose: *Select All* 
Click the *Empty Selected* button. 

Click *Exit* on the Main menu to close the program.

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
*Please copy and paste the Scan Log results in your next reply with a new hijackthis log.*

Click *Close* to exit the program.


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

Everything just went like you described it.

The only difference was that Avast kicked in everytime the SuperAntiSpyware found a virus.

So, I'm sending you the Avast log after the scan.

Thanks again. Please let me know what could be the next steps.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/27/2007 at 08:18 PM

Application Version : 3.9.1008

Core Rules Database Version : 3143
Trace Rules Database Version: 1159

Scan type : Complete Scan
Total Scan Time : 00:53:22

Memory items scanned : 465
Memory threats detected : 0
Registry items scanned : 5258
Registry threats detected : 0
File items scanned : 61918
File threats detected : 0

HERE IS THE AVAST LOG:

22/06/07 16:08:47	Stéphane	1176	Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\WINDOWS\System32\Locators.dll" file. 
24/06/07 16:41:51	SYSTEM	1204	Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\WINDOWS\lupdtr.exe" file. 
24/06/07 16:42:14	SYSTEM	1204	Sign of "Win32:Spyware-gen. [Trj]" has been found in "C:\WINDOWS\NDNuninstall5_40.exe" file. 
24/06/07 16:42:17	SYSTEM	1204	Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\WINDOWS\NDNuninstall6_10.exe" file. 
24/06/07 16:43:21	SYSTEM	1204	Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\WINDOWS\Usgntrrt.dll" file. 
24/06/07 16:43:28	SYSTEM	1204	Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\WINDOWS\webhdll.dll" file. 
24/06/07 16:43:57	SYSTEM	1204	Sign of "Win32:Spyware-gen. [Trj]" has been found in "C:\WINDOWS\SYSTEM32\bhosave.dat" file. 
24/06/07 16:44:51	SYSTEM	1204	Sign of "Win32:Small-FU [Trj]" has been found in "C:\WINDOWS\SYSTEM32\in10b6s.dll" file. 
24/06/07 16:45:11	SYSTEM	1204	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\SYSTEM32\lsp.dll_tobedeleted" file. 
24/06/07 16:45:43	SYSTEM	1204	Sign of "Win32:Spyware-gen. [Trj]" has been found in "C:\WINDOWS\SYSTEM32\msiaih.dll" file. 
24/06/07 16:46:44	SYSTEM	1204	Sign of "Win32:Agent-CGH [Trj]" has been found in "C:\WINDOWS\SYSTEM32\setup_incred_8.exe" file. 
27/06/07 19:59:46	SYSTEM	1256	Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1344\A0289974.DLL" file. 
27/06/07 20:01:03	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292174.EXE" file. 
27/06/07 20:01:17	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292175.EXE" file. 
27/06/07 20:01:22	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292176.EXE" file. 
27/06/07 20:01:26	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292177.EXE" file. 
27/06/07 20:01:29	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292178.EXE" file. 
27/06/07 20:01:32	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292179.EXE" file. 
27/06/07 20:01:35	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292180.EXE" file. 
27/06/07 20:01:39	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292181.EXE" file. 
27/06/07 20:01:41	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292182.EXE" file. 
27/06/07 20:01:44	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292183.EXE" file. 
27/06/07 20:01:47	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292184.EXE" file. 
27/06/07 20:01:49	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292185.EXE" file. 
27/06/07 20:01:51	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292186.EXE" file. 
27/06/07 20:01:54	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292187.EXE" file. 
27/06/07 20:01:57	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292188.EXE" file. 
27/06/07 20:01:59	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292189.EXE" file. 
27/06/07 20:02:07	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292190.EXE" file. 
27/06/07 20:02:10	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292191.EXE" file. 
27/06/07 20:02:13	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292192.EXE" file. 
27/06/07 20:02:15	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292193.EXE" file. 
27/06/07 20:02:21	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292194.EXE" file. 
27/06/07 20:02:23	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292195.EXE" file. 
27/06/07 20:02:26	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292196.EXE" file. 
27/06/07 20:02:28	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292197.EXE" file. 
27/06/07 20:02:31	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292198.EXE" file. 
27/06/07 20:02:34	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292199.EXE" file. 
27/06/07 20:02:37	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292200.EXE" file. 
27/06/07 20:02:53	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292201.EXE" file. 
27/06/07 20:03:06	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292202.EXE" file. 
27/06/07 20:03:08	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292203.EXE" file. 
27/06/07 20:03:11	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292204.EXE" file. 
27/06/07 20:03:13	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292205.EXE" file. 
27/06/07 20:03:16	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292206.EXE" file. 
27/06/07 20:03:18	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292207.EXE" file. 
27/06/07 20:03:20	SYSTEM	1256	Sign of "Win32:Crypt-M [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292208.EXE" file. 
27/06/07 20:03:22	SYSTEM	1256	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292209.DLL" file. 
27/06/07 20:03:30	SYSTEM	1256	Sign of "Win32:Klone-gen [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292210.EXE" file. 
27/06/07 20:03:32	SYSTEM	1256	Sign of "Win32:Banker-ASZ [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292211.DLL" file. 
27/06/07 20:03:35	SYSTEM	1256	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292212.EXE" file. 
27/06/07 20:03:37	SYSTEM	1256	Sign of "Win32:Klone-gen [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292213.EXE" file. 
27/06/07 20:03:41	SYSTEM	1256	Sign of "Win32:Klone-gen [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292214.EXE" file. 
27/06/07 20:03:43	SYSTEM	1256	Sign of "Win32:WebSearch-E [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292215.DLL" file. 
27/06/07 20:03:46	SYSTEM	1256	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292217.DLL" file. 
27/06/07 20:03:47	SYSTEM	1256	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292218.DLL" file. 
27/06/07 20:03:49	SYSTEM	1256	Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1351\A0292219.DLL" file. 
27/06/07 20:03:57	SYSTEM	1256	Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1353\A0294305.EXE" file. 
27/06/07 20:04:01	SYSTEM	1256	Sign of "Win32:Spyware-gen. [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1353\A0294306.EXE" file. 
27/06/07 20:04:03	SYSTEM	1256	Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1353\A0294307.EXE" file. 
27/06/07 20:04:05	SYSTEM	1256	Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1353\A0294308.DLL" file. 
27/06/07 20:04:07	SYSTEM	1256	Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1353\A0294309.DLL" file. 
27/06/07 20:04:09	SYSTEM	1256	Sign of "Win32:Small-FU [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1353\A0294310.DLL" file. 
27/06/07 20:04:11	SYSTEM	1256	Sign of "Win32:Spyware-gen. [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1353\A0294311.DLL" file. 
27/06/07 20:04:13	SYSTEM	1256	Sign of "Win32:Agent-CGH [Trj]" has been found in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1353\A0294312.EXE" file.

AND NOW THE HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 20:32:06, on 27/06/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Stéphane\Mes documents\Hyjack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.daewoointernational.ca
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [WindowEnhancer] "C:\Program Files\winex\v2\winex.EXE" /U
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MediaKey\MagicRun.exe"
O4 - HKCU\..\Run: [Tlpo] C:\Documents and Settings\Stéphane\Application Data\orco.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.daewoointernational.ca
O15 - Trusted Zone: http://w3.granddictionnaire.com
O15 - Trusted Zone: http://www.granddictionnaire.com
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Thank you!


----------



## cybertech (Apr 16, 2002)

You have two anti-virus programs running, which will cause trouble. Uninstall one of them.

*Run HJT again and put a check in the following:*

O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [WindowEnhancer] "C:\Program Files\winex\v2\winex.EXE" /U
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKCU\..\Run: [Tlpo] C:\Documents and Settings\Stéphane\Application Data\orco.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/z...ploader_v5.cab

*Close all applications and browser windows before you click "fix checked".*

Please *download* the *OTMoveIt by OldTimer*.

 *Save* it to your *desktop*.
 Please double-click *OTMoveIt.exe* to run it.
*Copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):

*C:\Program Files\winex
C:\Program Files\TV Media
C:\Program Files\se
C:\WINDOWS\System32\SahAgent.exe
c:\temp\msbb.exe
C:\Program Files\DownloadWare
C:\Program Files\BullsEye Network
C:\Documents and Settings\Stéphane\Application Data\orco.exe
C:\PROGRA~1\SYSTEM~1*

 Return to OTMoveIt, right click on the *"Paste List of Files/Folders to be moved"* window and choose *Paste*.
Click the red *Moveit!* button.
Close *OTMoveIt*
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

Post your hijackthis log again after.


----------



## stephanphilip7 (Jun 21, 2007)

Hello!

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 17:50:18, on 28/06/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Documents and Settings\Stéphane\Mes documents\Hyjack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.daewoointernational.ca
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MediaKey\MagicRun.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.daewoointernational.ca
O15 - Trusted Zone: http://w3.granddictionnaire.com
O15 - Trusted Zone: http://www.granddictionnaire.com
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Thank you again!


----------



## cybertech (Apr 16, 2002)

Remove one of these: AVG7 or Avast4

After that let me know if you still have any problems.


----------



## stephanphilip7 (Jun 21, 2007)

Hi,


I have removed Avast4.

Internet Explorer is still not working. It closes automatically after a few seconds.

Let me know if we can do something else.


----------



## cybertech (Apr 16, 2002)

See if this helps: http://windowsxp.mvps.org/IEFIX.htm


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

I have tried IEFIX. Unfortunately, Explorer and Outlook are still not functionning. Everything closes after a few seconds.

Any other ideas.

Here is the hjt:

Logfile of HijackThis v1.99.1
Scan saved at 11:53:13, on 30/06/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MediaKey\OSD.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Documents and Settings\Stéphane\Mes documents\Hyjack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.daewoointernational.ca
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MediaKey\MagicRun.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.daewoointernational.ca
O15 - Trusted Zone: http://w3.granddictionnaire.com
O15 - Trusted Zone: http://www.granddictionnaire.com
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Thank you again for your help.


----------



## cybertech (Apr 16, 2002)

Go to add/remove programs and remove Security iGuard

*Click here* to download *Dr.Web CureIt* and save it to your desktop.

Doubleclick the *drweb-cureit.exe* file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the *green arrow* at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:








If so, click it and then click the next icon right below and select *Move incurable* as you'll see in next image:








This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click *file* and choose *save report list*
Save the report to your desktop. The report will be called *DrWeb.csv*
Close Dr.Web Cureit.
*Reboot* your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new Hijack This log.


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

Security iGuard is not listed under add/delete programs.

It doesn't appear in the programs files list

Do I try Dr.Web without removing Security iGuard ?

Thanks


----------



## stephanphilip7 (Jun 21, 2007)

Hi

Security iGuard is still on the computer.

Here is the log from dr.Web and the hjt:

DR.WEB:
silent48.exe;C:\Documents and Settings\Stéphane\Desktop\WinPFind3u\MovedFiles\WINDOWS;Adware.EliteBar;Quarantaine.;
backup-20070628-171202-450.dll;C:\Documents and Settings\Stéphane\Mes documents\Hyjack this\backups;Program.PopcapLoader;Quarantaine.;
NDNuninstall5_20.exe;C:\WINDOWS;Adware.NewDotNet;Quarantaine.;
NDNuninstall6_22.exe;C:\WINDOWS;Adware.NewDotNet;Quarantaine.;
popcaploader.dll;C:\WINDOWS\Downloaded Program Files;Program.PopcapLoader;Quarantaine.;
zlbw.dll;C:\WINDOWS\system32;Trojan.Proxy.1715;Supprimé.;

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 17:50:14, on 01/07/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\MediaKey\OSD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Documents and Settings\Stéphane\Mes documents\Hyjack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.daewoointernational.ca
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MediaKey\MagicRun.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.daewoointernational.ca
O15 - Trusted Zone: http://w3.granddictionnaire.com
O15 - Trusted Zone: http://www.granddictionnaire.com
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


----------



## cybertech (Apr 16, 2002)

*Run HJT again and put a check in the following:*

O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe

*Close all applications and browser windows before you click "fix checked".*

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".

Delete this folder:
C:\Program Files\Security iGuard


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

I can't open Windows Explorer. It closes after a few seconds.

Is it possible to erase the iGuard program from the run command and is it possible to make the changes you recommend from somewhere else than Windows Explorer.

Thanks


----------



## cybertech (Apr 16, 2002)

Please double-click *OTMoveIt.exe* to run it.
*Copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):

*C:\Program Files\Security iGuard*

 Return to OTMoveIt, right click on the *"Paste List of Files/Folders to be moved"* window and choose *Paste*.
Click the red *Moveit!* button.
Close *OTMoveIt*
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

Then run Malware Removal and see if that helps.
http://www.users.muohio.edu/pestroja/spyware/


----------



## stephanphilip7 (Jun 21, 2007)

Hi,

I will try that tonight when I will be back and let you know.

Thank you again for your precious help.


----------



## stephanphilip7 (Jun 21, 2007)

Hi,


Security iGuard is finally deleted. Thanks.

Malware removal didn't find any malware on my system.

Explorer and Outlook are still not working.

I still get a security upgrade from Windows (KB933566). Everytime I open the computer, it is asking me to upgrade Windows. If I say yes, it is always the same number even when the system is telling me the upgrade was completed.


Any other recommendations..


Thank you


----------



## cybertech (Apr 16, 2002)

KB933566 is an update for IE7 which it does not appear you are using. If you Google that, KB933566, it appears to have caused problems with Outlook as well. I would remove it from add/remove programs and see if that fixes your Outlook.


----------



## stephanphilip7 (Jun 21, 2007)

Hi!


Explorer and Outlook are now WORKING FINE!!!

Thank you again for your help.

One last question: My task manager has been deactivated. Do you know a way to bring it back on ?

P.S. I just made a contribution to this site. Thank you!!!!!!!!!!!!!!!!!!!!


----------



## cybertech (Apr 16, 2002)

Great!!!

Did you remove the update?

Please explain more about task manager. What exactly happens?


----------



## stephanphilip7 (Jun 21, 2007)

Hi,

I removed the update and it seems it was the problem since Outlook and Explorer are now working well.

For the task manager, it is saying that it has been deactivated by the administrator when I click on ctrl-alt-del. That is the way it was before the issues with Explorer and Outlook.

I was just wondering if anything could be done. I don't use it much but it could be useful.

Thanks


----------



## cybertech (Apr 16, 2002)

Download ComboFix from *Here* or *Here* to your Desktop. 

Double click *combofix.exe * and follow the prompts.
When finished, it shall produce a log for you. Post that log and a *HiJackthis* log in your next reply
*Note: Do not mouseclick combofix's window while its running. That may cause it to stall*


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

I'm back from vacation.

Here is the first log (Combofix):

"Stphane" - 2007-07-16 8:54:16 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\STPHAN~1\Desktop.\internet explorer.lnk
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\cup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\heart.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\plates.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\accessories\tray.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\back_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backchalk.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\cancel.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\cancelup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\career.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\career_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\close.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\closeup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\continue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\continueover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\download_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\easy.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\easy_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\hard.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\hard_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\help.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\help_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\highscores.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\letsplay.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\medium.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\medium_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\off.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\off_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\on_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\pause.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\pauseover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quitgame.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\quitover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\resumegame.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\submit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\submitup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\tryagain.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\career.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\customer.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\endless.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\global.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\config\powerups.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cook\cook.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cook\cook.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cook\stove.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\arrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\click.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\click2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\grab.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\cursor\open.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\idle.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\idle.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\lower.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\lower.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\upper.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\flo\upper.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\fonts\arial.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\chair.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\chair.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\textedit.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\hiscore\title.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\playfirst_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\credits.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\game.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\help.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\style.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\angersmoke.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\chairflags.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\chairflags.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\check.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\checkmark.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\clock.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\closed.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\closingtime.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\coinflip.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\coinflip.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\dollar.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\expert.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\expertscore.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\foodpoof.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\fork_timer.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\heartgrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\jar.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\jar.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\level.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\level_career.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\score.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\sound.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\staroff.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\staron.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tablenumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\traynumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80\dinerdash.exe
C:\WINDOWS\hosts
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\tool1.exe
C:\WINDOWS\tool2.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_IESPRT
-------\iesprt

((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))

2007-07-16 08:39	51,200	--a------	C:\WINDOWS\nircmd.exe
2007-07-10 12:33	<REP>	d--------	C:\Program Files\EuroTalk
2007-07-10 09:52	<REP>	d--------	C:\DOCUME~1\STPHAN~1\APPLIC~1\EuroTalk
2007-07-09 10:37	<REP>	d--------	C:\WINDOWS\system32\fr-fr
2007-07-09 10:37	<REP>	d--------	C:\WINDOWS\Offline Web Pages
2007-07-09 10:32	<REP>	d--------	C:\WINDOWS\network diagnostic
2007-07-09 09:43	<REP>	d--------	C:\Program Files\brighter child
2007-07-03 15:33	<REP>	d--------	C:\Program Files\Kazaa
2007-07-03 11:17	<REP>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
2007-07-02 21:16	<REP>	d--------	C:\Program Files\Malware Removal Tool
2007-07-01 15:36	<REP>	d--------	C:\DOCUME~1\STPHAN~1\DoctorWeb
2007-06-27 19:20	<REP>	d--------	C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-27 14:33	10	--a------	C:\WINDOWS\popcinfo.dat
2007-06-23 13:35	<REP>	d--------	C:\DOCUME~1\STPHAN~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-23 10:42	<REP>	d--------	C:\Program Files\SUPERAntiSpyware
2007-06-23 10:42	<REP>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-23 09:38	5,155	--a------	C:\dnsbak.reg

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 23:37:24	--------	d-----w	C:\Program Files\HT Burn DVD 3.1 Shareware
2007-07-01 19:20:17	56,994	----a-w	C:\WINDOWS\system32\perfc00C.dat
2007-07-01 19:20:17	430,180	----a-w	C:\WINDOWS\system32\perfh00C.dat
2007-07-01 19:19:33	--------	d-----w	C:\Program Files\Windows NT
2007-06-22 18:06:47	--------	d-----w	C:\Program Files\Oberon Media
2007-06-20 02:41:13	--------	d-----w	C:\Program Files\B's Recorder GOLD5
2007-06-20 02:40:33	--------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-05-16 15:13:53	683,520	----a-w	C:\WINDOWS\system32\inetcomm.dll
2007-05-14 16:54:07	17,928	----a-w	C:\DOCUME~1\STPHAN~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-25 14:22:35	144,896	----a-w	C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:18	2,854,400	----a-w	C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36	33,624	----a-w	C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54	1,710,936	----a-w	C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48	549,720	----a-w	C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42	325,976	----a-w	C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36	203,096	----a-w	C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28	92,504	----a-w	C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20	53,080	----a-w	C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20	43,352	----a-w	C:\WINDOWS\system32\wups2.dll
2005-03-10 22:04:12	836	----a-w	C:\DOCUME~1\STPHAN~1\APPLIC~1\ViewerApp.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81C3A}	REG_SZ ]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81ABC}	REG_SZ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-08-29 11:55]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 12:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-01 14:38]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-23 14:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"Versato"="C:\Program Files\MediaKey\MagicRun.exe" [2002-02-22 10:30]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 12:55]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"=0 (0x0)
"NoDispBackgroundPage"=1 (0x1)
"NoDispAppearancePage"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=0 (0x0)
"Btn_Search"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{203B1C4D9-BC71-8916-38AD-9DEA5D213614}"="C:\WINDOWS\System32\bre.dll" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

Contents of the 'Scheduled Tasks' folder
2007-07-15 17:30:00 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1084296600.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-16 09:15:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-16 9:20:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-16 09:19

--- E O F ---

Thank you


----------



## stephanphilip7 (Jun 21, 2007)

And the latest Hyjack this log:

Logfile of HijackThis v1.99.1
Scan saved at 09:25:26, on 16/07/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Stéphane\Mes documents\Hyjack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MediaKey\MagicRun.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.daewoointernational.ca
O15 - Trusted Zone: http://w3.granddictionnaire.com
O15 - Trusted Zone: http://www.granddictionnaire.com
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Thank you


----------



## cybertech (Apr 16, 2002)

*Run HJT again and put a check in the following:*

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/z...ploader_v5.cab

*Close all applications and browser windows before you click "fix checked".*

Please *download* the *OTMoveIt by OldTimer*.

 *Save* it to your *desktop*.
 Please double-click *OTMoveIt.exe* to run it.
*Copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):

*C:\WINDOWS\System32\bre.dll
C:\WINDOWS\popcinfo.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap*

 Return to OTMoveIt, right click on the *"Paste List of Files/Folders to be moved"* window and choose *Paste*.
Click the red *Moveit!* button.
Close *OTMoveIt*
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

Run SUPERAntiSpyware and post the resulting log.

Let me know if you are still having problems.


----------



## stephanphilip7 (Jun 21, 2007)

Hi!

Here is the log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/16/2007 at 05:48 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 00:56:13

Memory items scanned : 382
Memory threats detected : 0
Registry items scanned : 5218
Registry threats detected : 16
File items scanned : 47588
File threats detected : 31

Locators Toolbar
HKLM\Software\Classes\CLSID\{E720B458-B65A-438C-9FF3-B1DF65D7DB3E}
HKCR\CLSID\{E720B458-B65A-438C-9FF3-B1DF65D7DB3E}
HKCR\CLSID\{E720B458-B65A-438C-9FF3-B1DF65D7DB3E}
HKCR\CLSID\{E720B458-B65A-438C-9FF3-B1DF65D7DB3E}\InprocServer32
HKCR\CLSID\{E720B458-B65A-438C-9FF3-B1DF65D7DB3E}\InprocServer32#ThreadingModel
HKCR\CLSID\{E720B458-B65A-438C-9FF3-B1DF65D7DB3E}\ProgID
HKCR\CLSID\{E720B458-B65A-438C-9FF3-B1DF65D7DB3E}\Programmable
HKCR\CLSID\{E720B458-B65A-438C-9FF3-B1DF65D7DB3E}\TypeLib
HKCR\CLSID\{E720B458-B65A-438C-9FF3-B1DF65D7DB3E}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\LOCATORS.DLL

Trojan.MSCDAux
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}

Adware.Search-Exe
HKU\S-1-5-21-3830934678-2840788071-666795772-1006\Software\Microsoft\Internet Explorer\Explorer Bars\{002F4E27-B273-4FA5-ADFC-1FB9ED210B37}

Adware.Tracking Cookie
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][2].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][2].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][2].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][2].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][2].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][3].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][2].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][2].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][2].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][2].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][2].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][2].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt
C:\Documents and Settings\Stéphane\Cookies\sté[email protected][1].txt

Trojan.NewDotNet
HKU\.DEFAULT\Software\New.net
HKU\S-1-5-18\Software\New.net
C:\DOCUMENTS AND SETTINGS\STéPHANE\DOCTORWEB\QUARANTINE\NDNUNINSTALL5_20.EXE
C:\DOCUMENTS AND SETTINGS\STéPHANE\DOCTORWEB\QUARANTINE\NDNUNINSTALL6_22.EXE

Adware.MediaMotor
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor#UninstallString

Adware.IST/ISTBar (Slotch Bar)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Trojan.TaskDir
C:\SYSTEM VOLUME INFORMATION\_RESTORE{662A7DEE-F1D1-430C-BB67-62F7635994E5}\RP1364\A0303021.DLL

Thank you


----------



## stephanphilip7 (Jun 21, 2007)

Hi


By the way, I now have access to the task manager.

Thanks again.

I still have an issue. I need to start my PC with the debug mode. Otherwise. it takes a long time to get to the Windows screen and when it does, my mouse isn't working anymore.

If I unplug the mouse to plug it again, my PC automatically reboots...

My mouse is always plugged in the USB port.

Thanks


----------



## cybertech (Apr 16, 2002)

Please post your hijackthis log again.

Do you have a differrent mouse to use?
Have you tried a different USB port?


----------



## stephanphilip7 (Jun 21, 2007)

Hi, here is the hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 13:55:30, on 19/07/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Documents and Settings\Stéphane\Mes documents\Hyjack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MediaKey\MagicRun.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.daewoointernational.ca
O15 - Trusted Zone: http://w3.granddictionnaire.com
O15 - Trusted Zone: http://www.granddictionnaire.com
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Mouse seems OK but I have encounter two issues.

1- my PC only starts if I choose reboot mode. It won't start on the regular mode.

2- My wife's computer got this message (written in white on a blue screen):

UNMOUNTABLE BOOT VOLUME

STOP: 0x000000FD (0x81E7F5B8, 0xC0000006, 0c00000000, 0x00000000)

Do you know what it could mean ?????

Thank you again!


----------



## cybertech (Apr 16, 2002)

Click Start - Run, type in MSCONFIG, then click OK - "Startup" tab. Remove the checkmark from:

*QuickTime Task* qttask.exe

*TkBellExe* realsched.exe
(Note: The above 2 entries pertain to *QuickTime* and *RealPlayer*. Every time you open and use either of them, they'll re-enable themselves in the startup list, so you'll need to go back and disable them)

*MsnMsgr* MsnMsgr.Exe

*Microsoft Office.lnk* OSA.EXE

Click Apply - OK afterwards, then reboot. When the SCU window appears during reboot, ignore the message. Place a checkmark in the window, then click OK.

How old are these machines?

I have no idea on the BSOD error codes. You may want to post that in the hardware forum.


----------



## stephanphilip7 (Jun 21, 2007)

Hi!


My PC just started without any problems.

Thanks again!!!

I will get on the hardware forum for my wife's computer.

Thanks. You have been of great help!!!!!!!!!!!!


----------



## cybertech (Apr 16, 2002)

Great! 

You can and should remove all of the tools I requested you to download and/or folders associated with them now. It is pointless for them to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

The *OTMoveIt by OldTimer* has a *CleanUp!* option you can use to remove most of the fixes and associated files and folders if you want to use that. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. Also remove OTMoveIt.

SUPERAntiSpyware is a trial version so you can keep that until the trial is over and then uninstall.

It's a good idea to Flush your System Restore after removing malware: 
Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405

Here are some additional links for you to check out to help you with your computer security.

Secunia software inspector & update checker

Good free tools and advice on how to tighten your security settings.

Security Help Tools

You're welcome!


----------

