1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved system32\drivers\services.exe

Discussion in 'Malware and Virus Removal Archive' started by Mateo, 2009/01/02.

  1. 2009/01/02
    Mateo

    Mateo Inactive Thread Starter

    Joined:
    2009/01/02
    Messages:
    5
    Likes Received:
    0
    [Resolved] system32\drivers\services.exe

    Each time I switch on my laptop I have the message:

    system32\drivers\services.exe is missing

    I know that it is caused by a virus but I don't know how to correct it

    Please find my info and log files ahead

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Administrateur at 2009-01-02 22:07:51
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 41 GB (60%) free of 69 GB
    Total RAM: 511 MB (26% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:08:43, on 02/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\srvany.exe
    C:\WINDOWS\PCard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Acer\Notebook Manager\almxptray.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\documents and settings\administrateur\local settings\application data\awame.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\Siemens\Gigaset USB Stick 108\GUI.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
    C:\Program Files\trend micro\Administrateur.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\services.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\system32\services.exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe "
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S40D.tmp" /EF "HKLM "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe "
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe "
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [awame] "c:\documents and settings\administrateur\local settings\application data\awame.exe" awame
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: Moniteur Gigaset WLAN Adapter.lnk = C:\Program Files\Siemens\Gigaset USB Stick 108\GUI.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219858767735
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222088618751
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PSecret - Unknown owner - C:\WINDOWS\srvany.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 12540 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Schedule Task Weekly.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    Symantec Intrusion Prevention - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll [2008-12-27 116088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-27 2436160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-20 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-27 2436160]
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "UniKey "= []
    "SynTPLpr "=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-11-15 126976]
    "SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-11-18 561152]
    "SoundMan "=C:\WINDOWS\SOUNDMAN.EXE [2003-03-27 53248]
    "services.exe "=C:\WINDOWS\system32\services.exe [2008-04-14 109056]
    "LManager "=C:\Program Files\Launch Manager\QtZgAcer.EXE [2003-04-14 303104]
    "LaunchApp "=Alaunch []
    "ATIPTA "=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-01-24 315392]
    "ATIModeChange "=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
    "AGRSMMSG "=C:\WINDOWS\AGRSMMSG.exe [2002-10-18 87751]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "AcerNotebookManager "=C:\Program Files\Acer\Notebook Manager\almxptray.exe [2003-02-16 504832]
    "LogitechCommunicationsManager "=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
    "LogitechQuickCamRibbon "=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
    "PinnacleDriverCheck "=C:\WINDOWS\system32\PSDrvCheck.exe [2003-12-04 406016]
    "EPSON Stylus Photo R240 Series "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE [2005-04-25 98304]
    "QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
    "iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
    "ccApp "=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2008-10-17 51048]
    "osCheck "=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]
    "Adobe Photo Downloader "=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-20 68856]
    "H/PC Connection Agent "=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
    "CTFMON.EXE "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "DriverMax "= []
    "awame "=c:\documents and settings\administrateur\local settings\application data\awame.exe [2008-12-19 266240]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    Moniteur Gigaset WLAN Adapter.lnk - C:\Program Files\Siemens\Gigaset USB Stick 108\GUI.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskMgr "=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145
    "NoActiveDesktop "=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\System32\updatees.exe "= "C:\WINDOWS\system32\updatees.exe:*:Enabled:Windows Firewall Updater "
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "
    "C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
    "C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
    "C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
    "C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a92a360-8556-11dd-a51f-00042379b178}]
    shell\AutoRun\command - I:\setupSNK.exe


    ======File associations======

    .scr - open - "%1" /S "%3 "

    ======List of files/folders created in the last 3 months======

    2009-01-02 22:08:14 ----D---- C:\Program Files\trend micro
    2009-01-02 22:07:51 ----D---- C:\rsit
    2008-12-29 03:01:00 ----SHD---- C:\Config.Msi
    2008-12-27 04:39:22 ----D---- C:\Program Files\Windows Sidebar
    2008-12-27 04:39:12 ----D---- C:\Program Files\Norton 360
    2008-12-20 08:33:50 ----N---- C:\WINDOWS\system32\spmsg2.dll
    2008-12-20 08:33:46 ----HD---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
    2008-12-20 08:32:42 ----D---- C:\Documents and Settings\Administrateur\Application Data\Canneverbe_Limited
    2008-12-20 08:32:24 ----D---- C:\Program Files\CDBurnerXP
    2008-12-20 08:31:13 ----D---- C:\WINDOWS\system32\XPSViewer
    2008-12-20 08:31:10 ----D---- C:\Program Files\MSBuild
    2008-12-20 08:31:08 ----D---- C:\WINDOWS\system32\en-US
    2008-12-20 08:31:03 ----D---- C:\Program Files\Reference Assemblies
    2008-12-20 08:30:12 ----N---- C:\WINDOWS\system32\prntvpt.dll
    2008-12-20 08:30:11 ----N---- C:\WINDOWS\system32\xpssvcs.dll
    2008-12-20 08:30:11 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
    2008-12-20 08:30:11 ----D---- C:\8a9341d40acc7d18a45223
    2008-12-17 23:07:58 ----D---- C:\Program Files\Microsoft Office Outlook Connector
    2008-12-13 15:18:06 ----D---- C:\WINDOWS\Minidump
    2008-12-11 03:22:42 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-11 03:22:42 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-11 03:22:42 ----A---- C:\WINDOWS\system32\java.exe
    2008-12-11 03:05:15 ----HD---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-11 03:01:52 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-11 03:01:03 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-11 03:00:47 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-09 04:00:14 ----A---- C:\WINDOWS\system32\wgapi.dll
    2008-12-09 04:00:14 ----A---- C:\WINDOWS\system32\wcapi.dll
    2008-12-09 04:00:14 ----A---- C:\WINDOWS\system32\oemres.dll
    2008-12-09 04:00:14 ----A---- C:\WINDOWS\system32\athgina.dll
    2008-12-09 04:00:13 ----A---- C:\WINDOWS\system32\athcfg11res.dll
    2008-12-09 04:00:13 ----A---- C:\WINDOWS\system32\athcfg11.dll
    2008-12-09 04:00:13 ----A---- C:\WINDOWS\system32\AegisI5.exe
    2008-12-09 04:00:13 ----A---- C:\WINDOWS\system32\acs.exe
    2008-12-09 04:00:12 ----A---- C:\WINDOWS\system32\AegisE5.dll
    2008-12-09 03:58:23 ----D---- C:\Program Files\Digital Photo Navigator 1.0
    2008-12-07 03:24:34 ----HD---- C:\WINDOWS\$NtUninstallKB943729$
    2008-12-07 03:24:19 ----D---- C:\Program Files\Microsoft Silverlight
    2008-12-05 15:40:32 ----D---- C:\Documents and Settings\Administrateur\Application Data\Snapfish
    2008-12-03 04:26:22 ----A---- C:\WINDOWS\system32\ptpusb.dll
    2008-12-03 04:26:19 ----A---- C:\WINDOWS\system32\ptpusd.dll
    2008-12-02 18:43:40 ----D---- C:\Program Files\iPod
    2008-12-02 18:43:32 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-02 18:40:55 ----D---- C:\Program Files\QuickTime
    2008-11-26 16:04:04 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-11-26 04:51:50 ----D---- C:\Downloads
    2008-11-21 00:41:08 ----D---- C:\Program Files\eMule
    2008-11-18 03:06:44 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
    2008-11-18 03:03:38 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
    2008-11-18 03:01:46 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
    2008-11-09 08:18:02 ----A---- C:\WINDOWS\quark.ini
    2008-11-08 11:14:36 ----N---- C:\WINDOWS\system32\SNTI386.DLL
    2008-11-08 11:14:36 ----A---- C:\WINDOWS\system32\RNBOVDD.DLL
    2008-11-08 11:14:30 ----A---- C:\WINDOWS\system32\haspvdd.dll
    2008-11-08 11:11:20 ----D---- C:\Program Files\QuarkXPress Passport
    2008-11-07 22:12:37 ----D---- C:\Program Files\Norton SystemWorks
    2008-11-07 16:11:12 ----SHD---- C:\FOUND.000
    2008-11-07 11:32:12 ----D---- C:\Program Files\CheckIt
    2008-11-07 11:25:38 ----D---- C:\Program Files\PerformanceTest
    2008-11-07 11:19:05 ----D---- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2008-11-05 15:22:48 ----D---- C:\Program Files\iTunes
    2008-11-05 15:21:28 ----D---- C:\Program Files\Bonjour
    2008-11-02 16:56:38 ----D---- C:\Program Files\Commence
    2008-10-26 16:03:46 ----D---- C:\Program Files\Larousse
    2008-10-25 03:00:23 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
    2008-10-23 16:52:08 ----D---- C:\Program Files\DECATHLON
    2008-10-22 13:56:40 ----D---- C:\Program Files\Innovative Solutions
    2008-10-22 13:41:35 ----D---- C:\WINDOWS\system32\appmgmt
    2008-10-20 23:21:37 ----N---- C:\WINDOWS\system32\E_DCINST.DLL
    2008-10-20 23:21:34 ----N---- C:\WINDOWS\system32\E_FLMAHE.DLL
    2008-10-20 23:21:34 ----A---- C:\WINDOWS\system32\E_FBCHAHE.DLL
    2008-10-20 23:21:34 ----A---- C:\WINDOWS\system32\E_FBCBAHE.DLL
    2008-10-20 23:18:38 ----D---- C:\Program Files\EPSON
    2008-10-20 10:34:06 ----D---- C:\Program Files\eBay
    2008-10-16 03:07:43 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
    2008-10-16 03:07:34 ----HD---- C:\WINDOWS\$NtUninstallKB956391$
    2008-10-16 03:07:28 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
    2008-10-16 03:04:21 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
    2008-10-16 03:04:00 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
    2008-10-14 23:59:44 ----A---- C:\WINDOWS\system32\hidserv.dll
    2008-10-10 19:23:30 ----D---- C:\Program Files\MSXML 4.0
    2008-10-10 18:49:17 ----D---- C:\Program Files\MSECache
    2008-10-10 12:41:52 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON
    2008-10-10 12:41:37 ----D---- C:\Program Files\EPSON CopyFactory
    2008-10-10 12:40:55 ----D---- C:\Documents and Settings\Administrateur\Application Data\InstallShield
    2008-10-10 12:39:48 ----N---- C:\WINDOWS\system32\escwiad.dll
    2008-10-10 12:39:47 ----N---- C:\WINDOWS\system32\escwiab.dll
    2008-10-10 12:39:47 ----N---- C:\WINDOWS\system32\escimgd.dll
    2008-10-10 12:39:47 ----N---- C:\WINDOWS\system32\esccmd.dll
    2008-10-10 12:39:47 ----A---- C:\WINDOWS\system32\esicm.dll
    2008-10-10 12:39:47 ----A---- C:\WINDOWS\system32\escimg.dll
    2008-10-10 12:39:47 ----A---- C:\WINDOWS\system32\esccm.dll
    2008-10-10 12:39:47 ----A---- C:\WINDOWS\system32\Epfb5cpl.dll
    2008-10-10 12:39:45 ----D---- C:\EPSON
    2008-10-10 12:39:45 ----A---- C:\WINDOWS\system32\esdtr.dll
    2008-10-10 12:39:45 ----A---- C:\WINDOWS\system32\epcomdd.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\vdrmux.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\vdrcodec.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\RALMain.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\pvmjpg21.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\msxml4r.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\msxml4a.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\MMAviAx.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\MLPagAx.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\ltkrn13n.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\ltfil13n.DLL
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\LTCLR13n.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\Lfwmf13n.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\lftif13n.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\lftga13n.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\langserv.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\DiskIO.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\Cachex.dll
    2008-10-10 00:38:27 ----N---- C:\WINDOWS\system32\Aviprax.dll
    2008-10-10 00:38:26 ----N---- C:\WINDOWS\system32\Lfpct13n.dll
    2008-10-10 00:38:26 ----N---- C:\WINDOWS\system32\LFJ2K13n.dll
    2008-10-10 00:38:26 ----N---- C:\WINDOWS\system32\lffax13n.dll
    2008-10-10 00:38:26 ----N---- C:\WINDOWS\system32\LFCMP13n.DLL
    2008-10-10 00:38:26 ----N---- C:\WINDOWS\system32\lfbmp13n.dll
    2008-10-10 00:37:42 ----A---- C:\WINDOWS\unvise32.exe
    2008-10-10 00:36:32 ----A---- C:\WINDOWS\system32\PSDrvCheck.exe
    2008-10-10 00:36:31 ----A---- C:\WINDOWS\system32\asapi.dll
    2008-10-10 00:36:16 ----A---- C:\WINDOWS\system32\pclepim1.dll
    2008-10-10 00:36:16 ----A---- C:\WINDOWS\system32\msvcr70.dll
    2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MSVCP70.DLL
    2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MSVCI70.DLL
    2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71u.dll
    2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71KOR.DLL
    2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71JPN.DLL
    2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71ITA.DLL
    2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71FRA.DLL
    2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71ESP.DLL
    2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71ENU.DLL
    2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71DEU.DLL
    2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71CHT.DLL
    2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71CHS.DLL
    2008-10-10 00:36:15 ----A---- C:\WINDOWS\system32\MFC71.dll
    2008-10-10 00:36:14 ----A---- C:\WINDOWS\system32\PCLEGetGuid.dll
    2008-10-10 00:36:14 ----A---- C:\WINDOWS\system32\MFC70U.DLL
    2008-10-10 00:36:14 ----A---- C:\WINDOWS\system32\MFC70.DLL
    2008-10-10 00:36:14 ----A---- C:\WINDOWS\system32\atl71.dll
    2008-10-10 00:36:14 ----A---- C:\WINDOWS\system32\ATL70.DLL
    2008-10-10 00:30:47 ----D---- C:\Documents and Settings\All Users\Application Data\Pinnacle
    2008-10-10 00:30:45 ----D---- C:\Program Files\Pinnacle
    2008-10-03 23:54:08 ----D---- C:\WINDOWS\Sun
    2008-10-03 23:54:08 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun
    2008-10-03 23:53:18 ----D---- C:\Program Files\Java
    2008-10-03 23:51:43 ----D---- C:\Program Files\Fichiers communs\Java

    ======List of files/folders modified in the last 3 months======

    2009-01-02 21:33:30 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
    2009-01-02 21:33:28 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
    2009-01-02 21:33:26 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
    2009-01-02 21:31:36 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-12-29 03:02:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-12-27 19:39:30 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
    2008-12-19 03:00:40 ----A---- C:\WINDOWS\imsins.BAK
    2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-11 03:04:52 ----A---- C:\WINDOWS\win.ini
    2008-12-10 00:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-09 04:01:26 ----A---- C:\WINDOWS\system32\results.txt
    2008-11-28 02:26:12 ----A---- C:\WINDOWS\ODBC.INI
    2008-10-23 13:36:52 ----A---- C:\WINDOWS\system32\gdi32.dll
    2008-10-23 11:07:00 ----N---- C:\WINDOWS\system32\tzchange.exe
    2008-10-16 21:18:44 ----A---- C:\WINDOWS\system32\wininet.dll
    2008-10-16 21:18:42 ----N---- C:\WINDOWS\system32\occache.dll
    2008-10-16 21:18:42 ----N---- C:\WINDOWS\system32\mstime.dll
    2008-10-16 21:18:42 ----A---- C:\WINDOWS\system32\webcheck.dll
    2008-10-16 21:18:42 ----A---- C:\WINDOWS\system32\urlmon.dll
    2008-10-16 21:18:42 ----A---- C:\WINDOWS\system32\url.dll
    2008-10-16 21:18:42 ----A---- C:\WINDOWS\system32\pngfilt.dll
    2008-10-16 21:18:40 ----N---- C:\WINDOWS\system32\msrating.dll
    2008-10-16 21:18:40 ----A---- C:\WINDOWS\system32\mshtmled.dll
    2008-10-16 21:18:38 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
    2008-10-16 21:18:38 ----A---- C:\WINDOWS\system32\msfeeds.dll
    2008-10-16 21:18:36 ----N---- C:\WINDOWS\system32\jsproxy.dll
    2008-10-16 21:18:36 ----N---- C:\WINDOWS\system32\iernonce.dll
    2008-10-16 21:18:36 ----A---- C:\WINDOWS\system32\iertutil.dll
    2008-10-16 21:18:36 ----A---- C:\WINDOWS\system32\ieframe.dll
    2008-10-16 21:18:32 ----N---- C:\WINDOWS\system32\iedkcs32.dll
    2008-10-16 21:18:32 ----N---- C:\WINDOWS\system32\ieaksie.dll
    2008-10-16 21:18:32 ----N---- C:\WINDOWS\system32\ieakeng.dll
    2008-10-16 21:18:32 ----N---- C:\WINDOWS\system32\extmgr.dll
    2008-10-16 21:18:32 ----A---- C:\WINDOWS\system32\ieapfltr.dll
    2008-10-16 21:18:32 ----A---- C:\WINDOWS\system32\icardie.dll
    2008-10-16 21:18:32 ----A---- C:\WINDOWS\system32\dxtrans.dll
    2008-10-16 21:18:32 ----A---- C:\WINDOWS\system32\dxtmsft.dll
    2008-10-16 21:18:32 ----A---- C:\WINDOWS\system32\advpack.dll
    2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-10-16 14:12:20 ----N---- C:\WINDOWS\system32\ie4uinit.exe
    2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-10-16 14:11:10 ----A---- C:\WINDOWS\system32\ieudinit.exe
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
    2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
    2008-10-16 14:08:06 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-10-16 14:07:32 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
    2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
    2008-10-16 14:06:40 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
    2008-10-15 18:35:44 ----A---- C:\WINDOWS\system32\netapi32.dll
    2008-10-15 08:04:54 ----N---- C:\WINDOWS\system32\ieakui.dll
    2008-10-03 11:03:54 ----A---- C:\WINDOWS\system32\strmdll.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-02-01 43696]
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
    R2 acernbm;acernbm; C:\WINDOWS\system32\drivers\acernbm.sys [2003-01-13 6538]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-12-09 21275]
    R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CHECKIT\DIAGNO~1\BCMNTIO.sys []
    R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\System32\drivers\btserial.sys []
    R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\System32\drivers\btslbcsp.sys []
    R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
    R2 GBFSHook;GBFSHook; C:\WINDOWS\system32\drivers\GBFSHook.sys [2005-01-05 16196]
    R2 Haspnt;Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [2008-11-08 33280]
    R2 ipasintf;ipasintf; \??\C:\WINDOWS\System32\drivers\pas2k.sys []
    R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
    R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CHECKIT\DIAGNO~1\MAPMEM.sys []
    R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1997-06-27 64512]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2002-10-18 1156672]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-04-01 719052]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2003-12-04 11264]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-01-20 569984]
    R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2003-03-12 30171]
    R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
    R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2002-12-13 227887]
    R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2002-11-20 17983]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
    R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
    R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
    R3 LVUVC;QuickCam Pro for Notebooks(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
    R3 mbxfilt;mbxfilt; C:\WINDOWS\system32\drivers\MbxFilt.sys [2002-12-09 5441]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090102.006\NAVENG.SYS []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090102.006\NAVEX15.SYS []
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2002-03-26 6016]
    R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\System32\DRIVERS\ozscr.sys [2002-11-08 20579]
    R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-30 5888]
    R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-02-01 279088]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
    R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\ipsdefs\20081220.001\SymIDSCo.sys []
    R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2002-11-18 263536]
    R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 w70n51;Pilote des cartes réseau Intel(R) PRO/Wireless 7100 pour Windows XP; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2006-08-02 674560]
    S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    S3 61883;Pilote d'unité 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
    S3 AR5523;Gigaset USB Stick 108; C:\WINDOWS\system32\DRIVERS\ar5523.sys [2006-02-25 343904]
    S3 Avc;Périphérique AVC; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
    S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2008-04-13 13696]
    S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2002-09-11 41728]
    S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2003-02-21 144480]
    S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-04-08 51208]
    S3 CBPMp50;CBPMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\CBPMp50.sys []
    S3 CBPSp50;CBPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\CBPSp50.sys [2006-11-28 27072]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
    S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
    S3 LEX_AS_NIC_SERVICE;LAN-Express IEEE 802.11a/b Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\Expsab2.sys [2002-12-10 218240]
    S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
    S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2008-04-13 49024]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-02-01 317616]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
    S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
    S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-01-21 36864]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-01-20 151552]
    R2 Automatic LiveUpdate Scheduler;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 GBPoll;GoBack Polling Service; C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe [2005-01-05 763496]
    R2 Irmon;Moniteur infrarouge; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
    R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 LVCOMSer;LVCOMSer; C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
    R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
    R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
    R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-31 68096]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 comHost;COM Host; C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-27 138168]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
    S3 LPDSVC;Serveur d'impression TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-30 19456]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-12-27 1245064]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------
     
    Mateo,
    #1
  2. 2009/01/04
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Mateo :)

    Please scan with HijackThis and place a check next to the following entries.

    F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\services.exe
    O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\system32\services.exe
    O4 - HKCU\..\Run: [awame] "c:\documents and settings\administrateur\local settings\application data\awame.exe" awame


    Click Fix Checked then close HijackThis when it completes.

    Delete the following file if present.

    c:\documents and settings\administrateur\local settings\application data\awame.exe

    The local settings folder is a hidden folder, so the easiest method of getting to the application data folder is to copy the bolded line below, click Start>Run and paste the line into the Run dialog and hit Enter.

    "c:\documents and settings\administrateur\local settings\application data "


    Access to your Task Manager is blocked too, so lets take care of that. Highlight and copy the contents of the code box below.
    Code:
    reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /f
exit
cls
    Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own.


    Now, lets get an online viris scan. Please do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


    Post the Kaspersky log here.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2009/01/04
    Mateo

    Mateo Inactive Thread Starter

    Joined:
    2009/01/02
    Messages:
    5
    Likes Received:
    0
    Thanks a lot noahdfear.

    Please find enclosed the Kaspersky report
    I have not found the first line you talk about:

    F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\services.exe

    So I have'nt fix it - How can I remove these threats?

    Sorry for my english, I am french :)

    KASPERSKY ONLINE SCANNER 7 REPORT
    Monday, January 5, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Sunday, January 04, 2009 21:25:33
    Records in database: 1559986
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    G:\

    Scan statistics:
    Files scanned: 91909
    Threat name: 3
    Infected objects: 3
    Suspicious objects: 0
    Duration of the scan: 01:56:00


    File name / Threat name / Threats count
    C:\System Volume Information\_restore{1C86BA18-1FFD-42CE-99FB-DC25C3D6DB0E}\RP88\A0029220.exe Infected: not-a-virus:AdWare.Win32.Agent.hlh 1
    C:\System Volume Information\_restore{1C86BA18-1FFD-42CE-99FB-DC25C3D6DB0E}\RP128\A0051635.exe Infected: Backdoor.Win32.Agent.ree 1
    C:\System Volume Information\_restore{1C86BA18-1FFD-42CE-99FB-DC25C3D6DB0E}\RP136\A0056124.exe Infected: Trojan-Downloader.Win32.Small.adsk 1

    The selected area was scanned.
     
    Mateo,
    #3
  5. 2009/01/04
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Those infections are in System Restore points. We'll take care of those once we finish fixing. ;)

    Please do a scan with HijackThis and save the log, then post it here.
     
    noahdfear,
    #4
  6. 2009/01/04
    Mateo

    Mateo Inactive Thread Starter

    Joined:
    2009/01/02
    Messages:
    5
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 04:54:37, on 05/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\srvany.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\PCard.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Acer\Notebook Manager\almxptray.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\trend micro\hijackthis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe "
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S40D.tmp" /EF "HKLM "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe "
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe "
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: Moniteur Gigaset WLAN Adapter.lnk = C:\Program Files\Siemens\Gigaset USB Stick 108\GUI.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219858767735
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222088618751
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PSecret - Unknown owner - C:\WINDOWS\srvany.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 12430 bytes
     
    Mateo,
    #5
  7. 2009/01/04
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    That log looks good Mateo. Are you still getting the error message on startup?
     
    noahdfear,
    #6
  8. 2009/01/05
    Mateo

    Mateo Inactive Thread Starter

    Joined:
    2009/01/02
    Messages:
    5
    Likes Received:
    0
    Hi
    No error message at startup now! great... but:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Monday, January 5, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Monday, January 05, 2009 06:13:40
    Records in database: 1562036
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    G:\

    Scan statistics:
    Files scanned: 93943
    Threat name: 3
    Infected objects: 3
    Suspicious objects: 0
    Duration of the scan: 02:05:53


    File name / Threat name / Threats count
    C:\System Volume Information\_restore{1C86BA18-1FFD-42CE-99FB-DC25C3D6DB0E}\RP88\A0029220.exe Infected: not-a-virus:AdWare.Win32.Agent.hlh 1
    C:\System Volume Information\_restore{1C86BA18-1FFD-42CE-99FB-DC25C3D6DB0E}\RP128\A0051635.exe Infected: Backdoor.Win32.Agent.ree 1
    C:\System Volume Information\_restore{1C86BA18-1FFD-42CE-99FB-DC25C3D6DB0E}\RP136\A0056124.exe Infected: Trojan-Downloader.Win32.Small.adsk 1

    The selected area was scanned.
     
    Mateo,
    #7
  9. 2009/01/05
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Great!

    Delete RSIT.exe and the C:\rsit folder.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.
    Reboot


    If you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

    Clear past system restore points and create a new one.
    Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply to turn System Restore back on. Click OK, then OK to close the System Properties dialog.

    Verify a new restore point was created.
    Click Start>All Programs>Accessories>System Tools>System Restore
    Select 'Restore my computer to an earlier time', then click next.
    You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.


    Your computer is now clean! Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    http://www.windowsbbs.com/showthread.php?t=67958

    Surf safe! :)
     
    noahdfear,
    #8
  10. 2009/01/06
    Mateo

    Mateo Inactive Thread Starter

    Joined:
    2009/01/02
    Messages:
    5
    Likes Received:
    0
    Thanks a lot Dave
    Now Kaspersky doesn't find any problem
    I really appreciate your help and how clear was your explanations
    I will follow strictly Geri's post :eek::)

    Mateo
     
    Mateo,
    #9
  11. 2009/01/06
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You're very welcome. Glad I could help. :)
     
    noahdfear,
    #10

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...