Hi,
I'm back from a weekend out of town. I scanned my computer yesterday evening, following your steps. Now my computer seems to work fine.
There's the fresh logs:
Logfile of HijackThis v1.99.1
Scan saved at 06:13:38, on 2006-09-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Charles St-Laurent\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsv1ADE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) -
http://dlm.tools.aka...vex-2.0.6.4.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1133101833812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1148946460171
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
http://game06.zylom....gamesplayer.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) -
http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) -
http://pix.futuresho...ulcontrolxp.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.h.../qdiagh.cab?326
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
And the ewido log:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 05:59:31 2006-09-25
+ Scan result:
C:\Documents and Settings\Charles St-Laurent\Mes documents\kazaa_setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Charles St-Laurent\Local Settings\Temp\gsplittm.sys -> Backdoor.Genlot.DX : Cleaned with backup (quarantined).
D:\backup\Net Buddy pro\netbdpro.exe/NetBuddy.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).
C:\Program Files\ComPlus Applications\howynyc.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Documents and Settings\Charles St-Laurent\Local Settings\Temp\Cookies\charles st-laurent@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@primediabusiness.122.2o7[1].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@primediabusiness.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Charles St-Laurent\Local Settings\Temp\Cookies\charles st-laurent@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@ads.addynamix[2].txt.bak -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@admarketplace[1].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@admarketplace[2].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@adtech[2].txt.bak -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@advertising[1].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@atdmt[2].txt.bak -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@bfast[2].txt.bak -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@bluestreak[1].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@bluestreak[2].txt.bak -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@burstnet[1].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@burstnet[3].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@www.burstnet[2].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Charles St-Laurent\Local Settings\Temp\Cookies\charles st-laurent@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\Charles St-Laurent\Local Settings\Temp\Cookies\charles st-laurent@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@doubleclick[1].txt.bak -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@as-us.falkag[1].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@fastclick[1].txt.bak -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@goldenpalace[2].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
C:\Documents and Settings\Charles St-Laurent\Local Settings\Temp\Cookies\charles st-laurent@ehg-ati.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Charles St-Laurent\Local Settings\Temp\Cookies\charles st-laurent@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@ehg-aarp.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@ehg-dig.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@counter.hitslink[2].txt.bak -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@linksynergy[2].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@linksynergy[1].txt.bak -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@mediaplex[1].txt.bak -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@qksrv[2].txt.bak -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@ads.realcastmedia[2].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@ads1.revenue[2].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@ads1.revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@ads1.revenue[3].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@ads1.revenue[3].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@revenue[2].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@h.starware[2].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@starware[2].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@www.starware[1].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@targetnet[1].txt.bak -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@media.top-banners[1].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@weborama[1].txt.bak -> TrackingCookie.Weborama : Cleaned with backup (quarantined).
C:\Program Files\SpyHunter\Backup\charles st-laurent@statse.webtrendslive[2].txt.bak -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@yadro[1].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\charles st-laurent@yadro[3].txt.dat/Documents and Settings/Charles St-Laurent/Cookies/charles st-laurent@yadro[3].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\Charles St-Laurent\Local Settings\Temp\Cookies\charles st-laurent@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{78115315-CB31-4A61-8915-A12A264E8086}\RP655\A0183045.exe -> Trojan.Agent.ye : Cleaned with backup (quarantined).
::Report end
I will test my computer deeply this evening after work but now I have to go if I don't want to be late...
I really hope the problem is solved...
DringPiece