I did the scans and a couple of nasties showed up. I had not thought of scaning in safe mode. here are the logs. Thanks for your help.
Deckard's System Scanner v20070426.43
Run by Usager on 2007-05-03 at 17:56:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
7: 2007-05-03 20:57:09 UTC - RP7 - Deckard's System Scanner Restore Point
6: 2007-05-03 19:17:23 UTC - RP6 - Installed ANIWZCS2 Service
5: 2007-05-03 19:16:29 UTC - RP5 - Installed ANIO Service
4: 2007-05-03 19:14:23 UTC - RP4 - Installé AirPlus G
3: 2007-05-02 16:17:13 UTC - RP3 - Opération de restauration
-- First Restore Point --
1: 2007-05-01 20:21:59 UTC - RP1 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Usager.exe) ----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 18:07:27, on 2007-05-03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS.000\Explorer.EXE
C:\WINDOWS.000\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS.000\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Documents and Settings\Usager\Bureau\dss.exe
E:\HIJACK~1\Usager.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.fr.msn.ca/0SEFRCA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://sympatico.msn.ca/?lang=fr-ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\System32\msdxm.ocx
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....467&clcid=0x409
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by16fd.bay16....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O20 - Winlogon Notify: NavLogon - C:\WINDOWS.000\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.000\
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
-- HijackThis Fixed Entries (E:\HIJACK~1\backups\) -----------------------------
backup-20051002-112422-321 O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
backup-20051002-112422-541 O4 - HKLM\..\Run: [ms-update] scvhost.exe
backup-20051002-112422-561 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp...rch/search.html
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\WINDOWS.000\SYSTEM32\SHELL32.DLL,-153
.com - comfile - DefaultIcon - C:\WINDOWS.000\SYSTEM32\SHELL32.DLL,2
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL %1,%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*
.hlp - hlpfile - DefaultIcon - C:\WINDOWS.000\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.js - JSFile - DefaultIcon - C:\WINDOWS.000\System32\migicons.exe,8
.reg - regfile - DefaultIcon - C:\WINDOWS.000\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.vbs - VBSFile - DefaultIcon - C:\WINDOWS.000\System32\migicons.exe,7
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 ANIO (ANIO Service) - c:\windows.000\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
-- Scheduled Tasks -------------------------------------------------------------
2007-05-03 16:38:04 266 --ah----- C:\WINDOWS.000\Tasks\Rappel d'expiration de la désinstallation.job
-- Files created between 2007-04-03 and 2007-05-03 -----------------------------
2007-05-03 16:17:31 143360 --a------ C:\WINDOWS.000\System32\WlanApp.dll <Not Verified; Alpha Networks Inc.; WlanApp Dynamic Link Library>
2007-05-03 16:17:31 221184 --a------ C:\WINDOWS.000\System32\wlanapi.dll <Not Verified; Alpha Networks Inc.; WLANAPI Dynamic Link Library>
2007-05-03 16:17:30 1323095 --a------ C:\WINDOWS.000\System32\odSupp_M.dll <Not Verified; Funk Software, Inc.; Odyssey Supplicant Toolkit>
2007-05-03 16:17:29 49152 --a------ C:\WINDOWS.000\System32\AQCKGen.dll <Not Verified; Alpha Networks Inc.; AQuickKey Generator>
2007-05-03 16:17:29 368640 --a------ C:\WINDOWS.000\System32\ANIWZCS2.dll <Not Verified; Alpha Networks Inc.; ANIWZCS Dynamic Link Library>
2007-05-03 16:17:29 212992 --a------ C:\WINDOWS.000\System32\aIPH.dll <Not Verified; Alpha Networks Inc.; IPH Dynamic Link Library>
2007-05-03 16:17:28 57407 --a------ C:\WINDOWS.000\System32\ANICtl.dll <Not Verified; Alpha Networks Inc.; DevCtrl Dynamic Link Library>
2007-05-03 16:16:37 28205 --a------ C:\WINDOWS.000\System32\ANIO.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
2007-05-03 16:16:36 11904 --a------ C:\WINDOWS.000\System32\anio4.sys <Not Verified; ANI; ANIO (NDIS4) Driver>
2007-05-03 16:16:35 36864 --a------ C:\WINDOWS.000\System32\ANIOApi.dll <Not Verified; Alpha Networks Inc.; ANIO Helper DLL API library>
2007-05-03 16:16:32 0 d-------- C:\Program Files\ANI
2007-05-02 13:28:42 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-05-02 13:28:41 0 d-------- C:\Documents and Settings\Usager\Application Data\MSN6
2007-05-01 14:42:16 0 d-------- C:\Documents and Settings\Usager\.housecall6.6
2007-05-01 12:24:02 0 d-------- C:\Program Files\D-Link
2007-05-01 12:23:00 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2007-04-27 14:07:13 0 d--h----- C:\WINDOWS.000\System32\GroupPolicy
2007-04-27 11:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-04-27 11:39:30 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2007-04-27 11:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Recent
2007-04-27 11:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-04-27 11:39:30 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-04-27 11:39:30 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-04-27 11:39:30 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2007-04-27 11:39:30 0 d-------- C:\Documents and Settings\Administrateur\Favoris
2007-04-27 11:39:30 0 d---s---- C:\Documents and Settings\Administrateur\Cookies
2007-04-27 11:39:30 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2007-04-27 11:39:30 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2007-04-27 11:39:30 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2007-04-27 11:39:29 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-04-27 11:39:28 1572864 --ah----- C:\Documents and Settings\Administrateur\ntuser.dat
2007-04-23 18:36:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-04-18 08:36:43 0 --ahs---- C:\WINDOWS.000\System32\.exe
2007-04-13 22:26:49 0 d-------- C:\1c9452883093c1f7f8bd8448fb
2007-04-13 20:35:09 25600 --a------ C:\WINDOWS.000\System32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-04-13 20:35:09 0 d--h---c- C:\WINDOWS.000\$xpsp1hfm$
-- Find3M Report ---------------------------------------------------------------
2007-05-03 17:52:21 0 d-------- C:\Program Files\Symantec AntiVirus
2007-05-03 16:18:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-02 13:43:40 0 d-------- C:\Program Files\Fichiers communs\SERVICES
2007-05-01 12:23:00 0 d-a------ C:\Program Files\Fichiers communs
2007-03-14 23:42:07 0 d--h----- C:\Program Files\WindowsUpdate
2007-03-14 23:32:29 0 d-------- C:\Documents and Settings\Usager\Application Data\RegUpdate
2007-03-13 17:40:50 0 d-------- C:\Program Files\Microsoft.NET
2007-03-13 17:37:16 0 d-------- C:\Program Files\Fichiers communs\DESIGNER
2007-03-13 17:37:00 0 d-------- C:\Program Files\Microsoft Works
2007-03-13 17:08:16 0 d-------- C:\Program Files\Symantec
2007-03-13 14:36:28 361378 --ah----- C:\WINDOWS.000\System32\perfh00C.dat
2007-03-13 14:36:28 46064 --ah----- C:\WINDOWS.000\System32\perfc00C.dat
2007-03-13 14:19:22 0 d-------- C:\Program Files\microsoft frontpage
2007-03-13 14:11:26 0 d-------- C:\Documents and Settings\Usager\Application Data\Symantec
2007-03-13 14:11:26 0 d-------- C:\Documents and Settings\Usager\Application Data\Spybot - Search & Destroy
2007-03-13 14:11:26 0 d-------- C:\Documents and Settings\Usager\Application Data\Registry Cleaner
2007-03-13 14:11:26 0 d-------- C:\Documents and Settings\Usager\Application Data\MSNInstaller
2007-03-13 14:11:26 0 d-------- C:\Documents and Settings\Usager\Application Data\Macromedia
2007-03-13 14:11:26 0 d-------- C:\Documents and Settings\Usager\Application Data\InterTrust
2007-03-13 14:11:26 0 d-------- C:\Documents and Settings\Usager\Application Data\Adobe
2007-03-13 14:11:24 0 d-------- C:\Documents and Settings\Usager\Application Data\Identities
2007-03-13 14:10:44 248832 --ah----- C:\WINDOWS.000\System32\migicons.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
2007-03-13 14:02:20 0 d-------- C:\Program Files\Movie Maker
2007-03-13 14:01:14 0 d-------- C:\Program Files\Fichiers communs\MSSoap
2007-03-13 13:59:02 21892 --ah----- C:\WINDOWS.000\System32\emptyregdb.dat
2007-03-13 13:57:30 0 d-------- C:\Program Files\Messenger
2007-03-13 13:57:16 0 d-------- C:\Program Files\MSN Gaming Zone
2007-03-13 13:56:54 0 d-------- C:\Program Files\Windows NT
2007-03-13 13:44:18 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-03-13 13:43:30 62 --ahs---- C:\Documents and Settings\Usager\Application Data\desktop.ini
2007-03-06 11:43:32 462589 --ah----- C:\WINDOWS.000\ShellIconCache
2007-03-06 11:38:48 518 --a------ C:\AUTOEXEC.BAT
2007-03-02 18:29:14 158 --a------ C:\CONFIG.SYS
2007-03-02 18:16:42 14215 --ah----- C:\WINDOWS.000\ttfCache
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS.000\\System32\\CTFMON.EXE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoFileMenu"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoFileMenu"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"BayMgr"="DockApp.exe"
"IrMon"="IrMon.exe"
"QuickTime Task"="\"C:\\WINDOWS.000\\SYSTEM32\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Symantec Core LC"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\CCPD-LC\\symlcsvc.exe\" start"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"KB891711"="C:\\WINDOWS.000\\SYSTEM\\KB891711\\KB891711.EXE"
"KB918547"="C:\\WINDOWS.000\\SYSTEM\\KB918547\\KB918547.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\johnj315]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="johnj315"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\Usager\\3.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvccc66]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msvccc66"
"hkey"="HKLM"
"command"="svcchosst.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SystemTray"
"hkey"="HKLM"
"command"="SysTray.Exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vptray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
-- End of Deckard's System Scanner: finished at 2007-05-03 at 18:08:49 ---------
Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professionnel (build 2600)
Architecture: X86; Language: French
CPU 0: Processeur Intel Pentium II
Percentage of Memory in Use: 85%
Physical Memory (total/avail): 127.48 MiB / 18.55 MiB
Pagefile Memory (total/avail): 307.04 MiB / 111.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1975.02 MiB
C: is Fixed (NTFS) - 11.1 GiB total, 7.73 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is enabled.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Usager\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=DELL
ComSpec=C:\WINDOWS.000\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Usager
LOGONSERVER=\\DELL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS.000\system32;C:\WINDOWS.000;C:\WINDOWS.000\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=060a
ProgramFiles=C:\Program Files
PROMPT=$p$g
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS.000
TEMP=C:\DOCUME~1\Usager\LOCALS~1\Temp
TMP=C:\DOCUME~1\Usager\LOCALS~1\Temp
USERDOMAIN=DELL
USERNAME=Usager
USERPROFILE=C:\Documents and Settings\Usager
winbootdir=C:\WINDOWS.000
windir=C:\WINDOWS.000
-- User Profiles ---------------------------------------------------------------
Usager
(admin)
Administrateur
(admin)
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS.000\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS.000\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\98\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\98\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS.000\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
AirPlus G --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1036
ANIO Service --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
AnswerWorks Runtime --> C:\WINDOWS.000\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Correctif Windows XP - KB842773 --> C:\WINDOWS.000\$NtUninstallKB842773$\spuninst\spuninst.exe
HijackThis 1.99.1 --> E:\HIJACK~1\HijackThis.exe /uninstall
hp psc 700 series --> "C:\Program Files\Hewlett-Packard\hp psc 700 series\Uninstall\hpourn07.exe" /Path="C:\Program Files\Hewlett-Packard\hp psc 700 series" /Uninstall="hp psc 700 series"
Internet Explorer Q916281 --> C:\WINDOWS.000\ieuninst.exe C:\WINDOWS.000\INF\Q916281.inf
IS Scan --> C:\WINDOWS.000\uninst.exe -fC:\Bjscan\DeIsL1.isu
Latitude Dock Quick Install for Windows 9x --> C:\WINDOWS.000\IsUninst.exe -f"C:\WINDOWS.000\Quick Install\Uninst.isu"
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft VGX Q833989 --> C:\WINDOWS.000\vgxuninst.exe C:\WINDOWS.000\INF\Q833989.inf
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Outlook Express Q837009 --> C:\WINDOWS.000\oeuninst.exe C:\WINDOWS.000\INF\Q837009.inf
Package du correctif Windows XP [voir Q329115 pour plus de détails] --> C:\WINDOWS.000\$NtUninstallQ329115$\spuninst\spuninst.exe
Softex BayManager --> C:\WINDOWS.000\IsUn040c.exe -f"C:\Program Files\Softex\BayManager\Win98\Uninst.isu" -c"C:\Program Files\Softex\BayManager\Win98\Uninstal.dll
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
Symantec Technical Support Web Controls --> MsiExec.exe /X{5FCDE341-328B-434B-9F21-AF5BADB57852}
Synaptics TouchPad --> C:\WINDOWS.000\uninst.exe -f"C:\Program Files\Synaptics\DeIsL1.isu" -c"C:\Program Files\Synaptics\SynTP\SynISDLL.dll
Xircom Ethernet + Modem 56 --> APUNINST.EXE C:\XIRCOM\CBEM\APUNINST.UNI
-- End of Deckard's System Scanner: finished at 2007-05-03 at 18:08:49 ---------
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 17:41:20 2007-05-03
+ Scan result:
C:\Documents and Settings\Usager\Local Settings\Temp\rcuninst.exe -> Adware.ManReg : Ignored.
C:\Documents and Settings\Usager\Mes documents\BRASSERIE St-Antoine-Abbé\setup_rcxp.exe -> Adware.ManReg : Ignored.
C:\Documents and Settings\Usager\Mes documents\setup_rcxp.exe -> Adware.ManReg : Ignored.
C:\WINDOWS.000\SYSTEM32\svcchosst.exe -> Backdoor.SdBot.bhl : Cleaned with backup (quarantined).
C:\Documents and Settings\Usager\3.exe -> Proxy.Slaper.e : Cleaned with backup (quarantined).
C:\Documents and Settings\Usager\Cookies\usager@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@dealtime[3].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@searchportal.information[2].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@feedback.search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@fr.ca.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@ie.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@search.msn[4].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@search.msn[5].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@ssl-hints.netflame[3].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@m.webtrends[3].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Usager\Cookies\usager@m.webtrends[4].txt -> TrackingCookie.Webtrends : Cleaned.
::Report end