Services.exe restarts PC

[patriceroy]

Hi,

After a while, the PC I use gives me an error window about Services.exe. It restarts the PC 60 seconds after I pressed the OK button. I could execute "Shutdown -a" to avoid restarting the PC. But the programs won't work after that. Here is the Logfile.

Logfile of HijackThis v1.99.1
Scan saved at 14:31:40, on 2008-05-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Network Associates\VirusScan\mcupdate.exe
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\Répertoire temporaire 3 pour hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seminaires.uqam.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enumn /alertsn /notificationsn /systrayIconn /fln /frn /appDatan
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NGTray] "C:\Program Files\Symantec\Ghost\ngtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192632908906
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Symantec Ghost Client Agent (NGCLIENT) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

Any help would be greatly appreciated.

Thanks

[Jintan]

Welcome to HijackThis.de patriceroy,

No infection showing here. Let's get a more detailed look and then review after that.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Options, place a check next to the following:

Backup Registry Hives

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)

You can use extra posts here if needed for that.


If you have difficulty using that Run step for the Deckards scan you can use a script provided by Mosaic1 for this.

Open Notepad (Start - Run, type Notepad then press OK), and copy the following and past it into the open Notepad textbox.

Code:

Dim Wshshell, Desk
Set Wshshell = Wscript.CreateObject("Wscript.shell")
Desk = Wshshell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop") & "\"
Wshshell.run Chr(34)  & Desk  & "dss.exe" & Chr(34) & " /config"

Save this to your desktop as "dssrun.vbs"

Be sure to include the "" quotes in the name. Then click on dssrun.vbs and the Deckards display should open.

[patriceroy]

Hi again,

Here are the results of DSS. First, main.txt .

Deckard's System Scanner v20071014.68
Run by Administrateur on 2008-05-02 10:17:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-02 10:19:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\Mctray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Documents and Settings\Administrateur.R740.000\Bureau\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seminaires.uqam.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enumn /alertsn /notificationsn /systrayIconn /fln /frn /appDatan
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NGTray] "C:\Program Files\Symantec\Ghost\ngtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...OGAControl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...irector/sw.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192632908906
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Symantec Ghost Client Agent (NGCLIENT) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\winvnc.exe


--
End of file - 9114 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 sf (SFI Service) - c:\windows\system32\drivers\sf.sys <Not Verified; Sonic Focus, Inc; Sonic Focus DSP service driver>
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; McAfee Inc.; VirusScan>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S0 GhMon (GhostMountMonitor - Boot Phase Driver) - c:\windows\system32\drivers\ghmon.sys (file missing)
S0 GhPostConfig (GhostPostConfig - Boot Phase Driver) - c:\windows\system32\drivers\ghpcw2k.sys (file missing)
S2 GhPostConfig_Auto (GhostPostConfig - Auto Phase Driver) - c:\windows\system32\drivers\ghpcw2k.sys (file missing)
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel(R) iQVW32.SYS>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 winvnc (VNC Server) - "c:\program files\ultravnc\winvnc.exe" -service <Not Verified; UltraVNC; UltraVNC>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-01 13:09:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-02 and 2008-05-02 -----------------------------

2008-04-24 15:50:34 0 d-------- C:\Program Files\Apple Software Update
2008-04-24 15:50:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-11 10:51:06 1835008 --ah----- C:\Documents and Settings\Default User\ntuser.dat
2008-04-11 10:50:55 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2008-04-11 10:50:55 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-04-11 10:50:55 0 d-------- C:\Documents and Settings\Default User\Application Data\HP
2008-04-11 10:50:55 0 d-------- C:\Documents and Settings\Default User\Application Data\Help
2008-04-11 10:50:55 0 d-------- C:\Documents and Settings\Default User\Application Data\AdobeUM
2008-04-11 10:50:55 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-04-11 10:50:54 0 d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-04-11 10:50:54 0 d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-04-11 10:50:54 0 d--hs---- C:\Documents and Settings\Default User\UserData
2008-04-11 10:50:54 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-11 10:50:54 0 dr-h----- C:\Documents and Settings\Default User\Recent
2008-04-11 10:50:54 0 d--h----- C:\Documents and Settings\Default User\Modèles
2008-04-11 10:50:54 0 dr------- C:\Documents and Settings\Default User\Mes documents
2008-04-11 10:50:54 0 dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-04-11 10:50:54 0 dr------- C:\Documents and Settings\Default User\Favoris
2008-04-11 10:50:54 0 d--hs---- C:\Documents and Settings\Default User\Cookies
2008-04-11 10:50:54 0 d-------- C:\Documents and Settings\Default User\Bureau
2008-04-11 10:50:54 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-11 10:50:54 0 d-------- C:\Documents and Settings\Default User\Application Data\Talkback
2008-04-11 10:50:54 0 d-------- C:\Documents and Settings\Default User\Application Data\OfficeUpdate12
2008-04-11 10:50:54 0 d-------- C:\Documents and Settings\Default User\Application Data\MSN6
2008-04-11 10:50:54 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2008-04-11 10:50:54 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-11 10:39:28 0 d-------- C:\Program Files\QuickTime
2008-04-11 10:39:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer


-- Find3M Report ---------------------------------------------------------------

2008-04-24 15:53:34 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-04-11 10:28:22 0 d-------- C:\Program Files\MSECache
2008-03-13 10:00:09 0 d-------- C:\Program Files\Java
2008-03-13 09:51:57 0 d-------- C:\Documents and Settings\Administrateur.R740.000\Application Data\Adobe
2008-03-13 09:43:18 513492 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-03-13 09:43:18 85696 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-02-15 14:32:52 33555456 --a------ C:\VIRTPART.DAT
2008-02-15 14:32:52 4096 ---h----- C:\GVPCFG.BIN


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 22:00]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2005-03-29 23:33]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 08:43]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2008-04-04 15:06]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37]
"NGTray"="C:\Program Files\Symantec\Ghost\ngtray.exe" [2007-11-14 20:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \policies\system]
"disablecad"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^etudiant^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\etudiant\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-05-02 10:19:36 ------------

Now for extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1022.73 MiB / 649.39 MiB
Pagefile Memory (total/avail): 2461.42 MiB / 2186.65 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.75 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 110.82 GiB total, 100.32 GiB free.
D: is Fixed (FAT) - 0.97 GiB total, 0.97 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3120022A - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - Système de fichiers installable - 110.82 GiB - C:
\PARTITION1 - Étendu avec Inter. 13 étendue - 996.22 MiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Paramete rs\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessm gr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"="C:\\Program Files\\Symantec\\Ghost\\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Paramete rs\FirewallPolicy\StandardProfile\AuthorizedApplications\Lis t]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessm gr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\setup\\HPZNET01.EXE"="E:\\setup\\HPZNET01.EXE:*:Enabled :hpznet01.exe"
"E:\\setup\\hppapd.exe"="E:\\setup\\hppapd.exe:*:Enabled:hpp apd.exe"
"E:\\setup\\HPNTWKEXE.EXE"="E:\\setup\\HPNTWKEXE.EXE:*:Enabl ed:hpntwkexe.exe"
"C:\\WINDOWS\\system32\\spoolsv.exe"="C:\\WINDOWS\\system32\ \spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"="C:\\Program Files\\Symantec\\Ghost\\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrateur.R740.000\Application Data
boite=boite_01
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=R740B
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrateur.R740.000
LOGONSERVER=\\R740B
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Fichiers communs\Crystal Decisions\2.5\bin\NOTES\;C:\Program Files\Fichiers communs\Crystal Decisions\2.5\bin\NOTES\DATA\;C:\WINDOWS\system32;C:\WINDOWS ;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp
USERDOMAIN=R740B
USERNAME=Administrateur
USERPROFILE=C:\Documents and Settings\Administrateur.R740.000
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

etudiant.R740_05
Administrateur.R740.000 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Control Panel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Crystal Reports 10 --> MsiExec.exe /I{A0DB4D2C-E85B-4C23-A4F2-F1B95D3C3BE8}
FileMaker Pro 8.5 --> MsiExec.exe /I{DC4C464D-416A-4F42-B212-8B744C1BB4AE}
HijackThis 1.99.1 --> C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Extended Capabilities 6.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP LaserJet P2015 Series 1.0 --> C:\Program Files\HP\Digital Imaging\{BE4CEA63-8351-4A12-9E3A-556F8B76683A}\setup\hpzscr01.exe -datfile hppscr05.dat -forcereboot
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
Intel(R) PRO Network Connections --> MsiExec.exe /I{111A3D14-7596-43B0-92BA-418435C90672}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
McAfee Anti-Spyware Enterprise Module --> C:\Program Files\Network Associates\VirusScan\csscan.exe /UninstallMAS
McAfee VirusScan Enterprise --> MsiExec.exe /I{4DCA2739-9D16-4B55-808C-E72CD70A5BD3}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst. exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.ex e"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.ex e"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.ex e"
Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe "
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe "
Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913433) --> C:\WINDOWS\System32\MacroMed\Flash\genuinst.exe C:\WINDOWS\System32\MacroMed\Flash\KB913433.inf
Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Module de compatibilité pour Microsoft Office System 2007 --> MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Outil de mise à jour des données de fuseau horaire pour Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-040C-0000-0000000FF1CE}
Package de base Microsoft de service de chiffrement pour cartes à puce --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
SoundMAX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Symantec Ghost Console Client --> MsiExec.exe /I{4833AFDA-58D2-4631-081C-1D29C1336080}
Ultr@VNC Release 1.0.0 RC 20.3 - Win32 --> "C:\Program Files\UltraVNC\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe "
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type1505 / Error
Event Submitted/Written: 05/02/2008 10:12:31 AM
Event ID/Source: 1085 / Userenv
Event Description:
L'extension côté client Security de la stratégie de groupe n'a pas pu s'exécuter. Vérifiez si des erreurs ont été reportées plus tôt par cette extension.

Event Record #/Type1504 / Warning
Event Submitted/Written: 05/02/2008 10:12:31 AM
Event ID/Source: 1202 / SceCli
Event Description:
Les stratégies de sécurité ont été propagées avec avertissement.
0x428 : Une exception s'est produite dans le service lors du traitement de la commande.

Pour mieux résoudre cet événement, ouvrez une session avec un compte non-administrateurs et recherchez la rubrique "Résolution des événements 1202" sur le site http://support.microsoft.com.

Event Record #/Type1500 / Error
Event Submitted/Written: 05/02/2008 10:04:01 AM
Event ID/Source: 1085 / Userenv
Event Description:
L'extension côté client Security de la stratégie de groupe n'a pas pu s'exécuter. Vérifiez si des erreurs ont été reportées plus tôt par cette extension.

Event Record #/Type1499 / Warning
Event Submitted/Written: 05/02/2008 10:04:01 AM
Event ID/Source: 1202 / SceCli
Event Description:
Les stratégies de sécurité ont été propagées avec avertissement.
0x428 : Une exception s'est produite dans le service lors du traitement de la commande.

Pour mieux résoudre cet événement, ouvrez une session avec un compte non-administrateurs et recherchez la rubrique "Résolution des événements 1202" sur le site http://support.microsoft.com.

Event Record #/Type1494 / Warning
Event Submitted/Written: 05/01/2008 02:42:29 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type122 / Error
Event Submitted/Written: 05/01/2008 10:35:54 AM
Event ID/Source: 8032 / BROWSER
Event Description:
Le service Explorateur d'ordinateur a rencontré un nombre d'échecs trop important en essayant de retrouver la copie de sauvegarde de la liste sur le transport \Device\NetBT_Tcpip_{23F19E87-615C-468D-B258-F7B5735CD122}.
L'explorateur secondaire s'arrête.

Event Record #/Type121 / Warning
Event Submitted/Written: 05/01/2008 10:32:30 AM
Event ID/Source: 8021 / BROWSER
Event Description:
L'explorateur n'a pas pu retrouver la liste des serveurs du maître explorateur \\R740_07 sur le réseau \Device\NetBT_Tcpip_{23F19E87-615C-468D-B258-F7B5735CD122}.
La donnée est le code d'erreur.

Event Record #/Type40 / Error
Event Submitted/Written: 04/30/2008 03:02:01 PM
Event ID/Source: 8032 / BROWSER
Event Description:
Le service Explorateur d'ordinateur a rencontré un nombre d'échecs trop important en essayant de retrouver la copie de sauvegarde de la liste sur le transport \Device\NetBT_Tcpip_{23F19E87-615C-468D-B258-F7B5735CD122}.
L'explorateur secondaire s'arrête.

Event Record #/Type39 / Warning
Event Submitted/Written: 04/30/2008 02:58:37 PM
Event ID/Source: 8021 / BROWSER
Event Description:
L'explorateur n'a pas pu retrouver la liste des serveurs du maître explorateur \\R740_15 sur le réseau \Device\NetBT_Tcpip_{23F19E87-615C-468D-B258-F7B5735CD122}.
La donnée est le code d'erreur.

Event Record #/Type20 / Error
Event Submitted/Written: 04/30/2008 00:52:34 PM
Event ID/Source: 8032 / BROWSER
Event Description:
Le service Explorateur d'ordinateur a rencontré un nombre d'échecs trop important en essayant de retrouver la copie de sauvegarde de la liste sur le transport \Device\NetBT_Tcpip_{23F19E87-615C-468D-B258-F7B5735CD122}.
L'explorateur secondaire s'arrête.



-- End of Deckard's System Scanner: finished at 2008-05-02 10:19:36 ------------

Hope this helps.

Patrice Roy

[Jintan]

No malware in those views. Can you provide more exact details of the error message please. What service or file is causing issues, and/or what other error data is provided. With problems like this one, the more details of the actuall error, the easier it is to see where something has problems.

[patriceroy]

I made a screen capture of the error window. You can see it at http://www.lecompagnon.info/error/se....exe-error.gif .



As long as I don't press the OK button, everything works fine. After I press that button, nothing will work. Opened applications will stop working and I can't open any new applications even if I do shutdown -a.

Need your help more than ever.

Patrice Roy

[Jintan]

Issues between Norton Ghost and McAfee? How long have you had these two together on this computer?


Navigate to the following folder:

c:\windows\minidump

And if one is there, locate in it any recent minidump(date-somenumber).dmp files created, where "date-somenumber" matches dates of any recent crashes there. If they exist, then just zip a copy of it, and send it to jintan@cfl.rr.com as an attachment. Please place "Submitted Files - Timfi" as the email Subject.

If there are none, Right click My Computer - Properties, click the Advanced tab. Under Startup and recovery click the Settings button. Check "Write an event to the system log". Also make sure it is set for now to "Small memory dump". (then OK\Apply\OK).

If nothing else this will set the stage in case another crash occurs.

----------------------------

Please Download System Repair Engineer. Use either of the Local Download buttons to download sreng2.zip

1. Extract it to it's own folder on your Desktop, then double click SREng.exe to run it.
2. Select 'Smart Scan' & tick "Verify Digital Signatures"
3. Click on the [Scan] button
4. When finished, click on the [Save Reports] button & save the log to Desktop.

Please post that log back here for review - it will be large, so use extra posts as needed.

[patriceroy]

Hi,

I'm sorry I didn't answer earlier. My son was sick and I stayed with him.

As for the minidump, the Advanced options were already activated. There is no minidump folder and no comments when it crashed again. I'll add the folder to see what happens.

I scanned the PC with System repair engineer. Here are the results.

Code:

2008-05-07,16:07:54

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <WinVNC><"C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper>  [UltraVNC]
    <HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
    <ToolBoxFX><"C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on>  [HP]
    <ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE>  [Network Associates, Inc.]
    <McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey>  [(Verified)"McAfee, Inc."]
    <Network Associates Error Reporting Service><"C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe">  [Network Associates, Inc.]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
    <QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime>  [Apple Inc.]
    <NGTray><"C:\Program Files\Symantec\Ghost\ngtray.exe">  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Acrobat Assistant 7.0><; "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe">  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "C:\Program Files\Messenger\MSMSGS.EXE" /background>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <SoundMAX><; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <SoundMAXPnP><; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <updateMgr><; "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1>  [N/A]

==================================
Startup Folders
N/A

==================================
Services
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
  <c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows CardSpace / idsvc][Stopped/Manual Start]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"><Microsoft Corporation>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe"><Macromedia>
[McAfee Framework Service / McAfeeFramework][Running/Auto Start]
  <"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart><McAfee, Inc.>
[Network Associates McShield / McShield][Running/Auto Start]
  <"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager][Running/Auto Start]
  <"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"><Microsoft Corporation>
[Symantec Ghost Client Agent / NGCLIENT][Running/Auto Start]
  <"C:\Program Files\Symantec\Ghost\ngctw32.exe"><Symantec Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[VNC Server / winvnc][Running/Auto Start]
  <"C:\Program Files\UltraVNC\WinVNC.exe" -service><UltraVNC>

==================================
Drivers
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[GhostMountMonitor - Boot Phase Driver / GhMon][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\ghmon.sys><N/A>
[GhostPostConfig - Boot Phase Driver / GhPostConfig][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\ghpcw2k.sys><N/A>
[GhostPostConfig - Auto Phase Driver / GhPostConfig_Auto][Stopped/Auto Start]
  <System32\Drivers\ghpcw2k.sys><N/A>
[MidiSyn / MidiSyn][Stopped/Manual Start]
  <system32\drivers\MidiSyn.sys><Analog Devices Inc>
[NaiAvFilter1 / NaiAvFilter1][Running/Manual Start]
  <system32\drivers\naiavf5x.sys><McAfee Inc.>
[NaiAvTdi1 / NaiAvTdi1][Running/System Start]
  <system32\drivers\mvstdi5x.sys><Network Associates, Inc.>
[Nal Service  / NAL][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\Drivers\iqvw32.sys><Intel Corporation>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[senfilt / senfilt][Running/Manual Start]
  <system32\drivers\senfilt.sys><Sensaura>
[SFI Service / sf][Running/System Start]
  <system32\drivers\sf.sys><Sonic Focus, Inc>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[EntDrv51 / EntDrv51][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EntDrv51.sys><Network Associates, Inc>

==================================
Browser Add-ons
[Aide pour le lien d'Adobe PDF Reader]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_05]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[&Rechercher]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_05]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[Office Update Installation Engine]
  {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_05]
  {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_05]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[Aide pour le lien d'Adobe PDF Reader]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, N/A>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_05]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll, Sun Microsystems, Inc.>
[Office Update Installation Engine]
  {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A>
[Scripting.Dictionary]
  {EE09B103-97E0-11CF-978F-00A02463E06F} <C:\WINDOWS\System32\scrrun.dll, Microsoft Corporation>
[Convertir en Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convertir en un fichier PDF existant]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convertir la cible du lien en Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convertir la cible du lien en un fichier PDF existant]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convertir la sélection en Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convertir la sélection en un fichier PDF existant]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convertir les liens sélectionnés en fichier Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convertir les liens sélectionnés en un fichier PDF existant]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[E&xporter vers Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 584 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4176]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.448]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.448]
[PID: 908 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4190]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2513]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2530]
[PID: 928 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.448]
[PID: 992 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.448]
[PID: 1104 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.448]
[PID: 1224 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.448]
[PID: 1268 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.448]
[PID: 1388 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4190]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2513]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2530]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4176]
[PID: 1468 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\HpTcpMon.dll]  [Hewlett Packard, 6.01.00.007]
    [C:\WINDOWS\system32\hpzjrd01.dll]  [Hewlett Packard, 2.01.00.004]
    [C:\WINDOWS\system32\HPTcpMUI.dll]  [Microsoft Corporation, 6.01.00.007]
    [C:\WINDOWS\system32\hptcpmib.dll]  [Hewlett Packard, 6.01.00.007]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp43e.DLL]  [Hewlett-Packard Corporation, 60.053.644.00]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll]  [Microsoft Corporation, 6.0.5824.16384 (winmain(wmbla).060911-0725)]
[PID: 1688 / Administrateur][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\Program Files\Network Associates\Common Framework\JrMac.dll]  [McAfee, Inc., 1.0.0.127]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.448]
    [C:\Program Files\Network Associates\VirusScan\shext.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES0c\ShExtRes.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
[PID: 1432 / Administrateur][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.4029]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA]  [ATI Technologies, Inc., 6.14.10.4029]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.4029]
[PID: 1600 / Administrateur][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe]  [Hewlett-Packard Co., 50.0.146.000]
[PID: 1608 / Administrateur][C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe]  [HP, 2.2.170.0]
    [c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b125ab8\mscorlib.dll]  [N/A, ]
    [c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_fr_b77a5c561934e089\mscorlib.resources.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_cfb4cde0\system.windows.forms.dll]  [N/A, ]
    [c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f60794b3\system.dll]  [N/A, ]
    [c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL]  [Microsoft Corporation, 1.1.4322.2407]
    [c:\program files\hp\toolboxfx\bin\hptools.dll]  [ , 2.2.170.0]
    [c:\program files\hp\toolboxfx\bin\appconstants.dll]  [ , 2.2.170.0]
    [c:\program files\hp\toolboxfx\bin\hpapptools.dll]  [ , 2.2.170.0]
    [c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_8672565b\system.xml.dll]  [N/A, ]
    [c:\program files\hp\toolboxfx\bin\hptoolkit.dll]  [ , 2.2.170.0]
    [c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_3977e73a\system.drawing.dll]  [N/A, ]
    [c:\program files\hp\toolboxfx\bin\enumeration.dll]  [ , 2.2.170.0]
    [c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\program files\hp\toolboxfx\bin\alerts.dll]  [ , 2.2.170.0]
    [c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\program files\hp\toolboxfx\bin\hpfaxutilities.dll]  [ , 2.2.170.0]
    [c:\program files\hp\toolboxfx\bin\namedpipechannel.dll]  [ , 2.2.170.0]
    [c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [C:\Program Files\HP\ToolBoxFX\bin\nativeutils.dll]  [N/A, ]
[PID: 1624 / Administrateur][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll]  [Network Associates, Inc., 8.0.0.1011]
    [C:\Program Files\Network Associates\VirusScan\naiwmain.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES0c\shstat.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES0c\Product.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES0c\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\RES0c\Shutilrc.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\Graphics.dll]  [Network Associates, Inc., 8.0.0.912]
[PID: 1632 / Administrateur][C:\Program Files\Network Associates\Common Framework\UdaterUI.exe]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\nailog2.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib2_71.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\naXML2_71.dll]  [N/A, ]
    [C:\Program Files\Network Associates\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Network Associates\Common Framework\applib.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\cmalib.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\040C\UpdRes.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\Network Associates\Common Framework\040C\AgentRes.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  [McAfee, Inc., 3.6.0.603]
[PID: 1664 / Administrateur][C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe]  [Network Associates, Inc., 2.0.275.0]
[PID: 1660 / Administrateur][C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.50.13]
[PID: 1760 / Administrateur][C:\Program Files\Network Associates\Common Framework\McTray.exe]  [McAfee, Inc., 1.0.0.127]
    [C:\Program Files\Network Associates\Common Framework\JrMac.dll]  [McAfee, Inc., 1.0.0.127]
[PID: 1844 / Administrateur][C:\Program Files\Symantec\Ghost\ngtray.exe]  [Symantec Corporation, 11.0.2.1573]
    [C:\Program Files\Symantec\Ghost\THREAD.DLL]  [Symantec Corporation, 11.0.2.1573]
[PID: 1852 / Administrateur][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1888 / Administrateur][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3001]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.448]
[PID: 396 / SYSTEM][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\nailog2.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Network Associates\Common Framework\naXML2_71.dll]  [N/A, ]
    [C:\Program Files\Network Associates\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib2_71.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\applib.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\040C\AgentRes.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\Network Associates\Common Framework\Logging.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\InternetManager.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\naInet.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\UserSpace.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\Management.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\cmalib.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\naisign2.DLL]  [N/A, ]
    [C:\WINDOWS\system32\epoPGPSDK.dll]  [PGP Corporation, 3.5.3]
    [C:\Program Files\Network Associates\Common Framework\ScriptSubSys.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\UpdateSubSys.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\Scheduler.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\Agent.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\naSPIPE.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\ListenServer.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\TCSubSys.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.448]
    [C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll]  [McAfee, Inc., 3.6.0.603]
[PID: 492 / SYSTEM][C:\Program Files\Network Associates\VirusScan\Mcshield.exe]  [Network Associates, Inc., 8.0.0.318]
    [C:\Program Files\Network Associates\VirusScan\Res0C\McShield.DLL]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\FTL.Dll]  [Network Associates, Inc., 8.0.0.135]
    [C:\Program Files\Network Associates\VirusScan\naiann.dll]  [Network Associates, Inc., 8.0.0.308]
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.325]
    [C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Network Associates\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Network Associates\VirusScan\NaEventU.DLL]  [Network Associates, Inc., 8.0.0.342]
    [C:\Program Files\Network Associates\VirusScan\Res0C\naEvtRes.dll]  [Network Associates, Inc., 8.0.0.342]
    [C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll]  [Network Associates, Inc., 8.0.0.291]
    [C:\Program Files\Fichiers communs\Network Associates\Engine\MCSCAN32.DLL]  [McAfee, Inc., 5.2.00]
    [C:\Program Files\Network Associates\VirusScan\EntSrv.Dll]  [Network Associates, Inc, 8.0.0.448]
    [c:\WINDOWS\system32\msxml4.dll]  [Microsoft Corporation, 4.20.9848.0]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  [McAfee, Inc., 3.6.0.603]
[PID: 520 / SYSTEM][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe]  [Network Associates, Inc., 8.0.0.1004]
    [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll]  [Network Associates, Inc., 8.0.0.1011]
    [C:\Program Files\Network Associates\VirusScan\naiwmain.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\naicondl.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES0c\VsTskMgr.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll]  [McAfee, Inc., 8.0.0.155]
[PID: 572 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
[PID: 284 / SYSTEM][C:\Program Files\Symantec\Ghost\ngctw32.exe]  [Symantec Corporation, 11.0.2.1573]
    [C:\Program Files\Symantec\Ghost\THREAD.DLL]  [Symantec Corporation, 11.0.2.1573]
[PID: 1044 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1196 / SYSTEM][C:\Program Files\UltraVNC\WinVNC.exe]  [UltraVNC, 1, 0, 0, 20]
    [C:\Program Files\UltraVNC\MSRC4Plugin_NoReg.dsm]  [Sean E. Covel, 1.1.8.0]
[PID: 1300 / SYSTEM][C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\naisign2.DLL]  [N/A, ]
    [C:\WINDOWS\system32\epoPGPSDK.dll]  [PGP Corporation, 3.5.3]
    [C:\Program Files\Network Associates\Common Framework\naXML2_71.dll]  [N/A, ]
    [C:\Program Files\Network Associates\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Network Associates\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Network Associates\Common Framework\nailog2.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib2_71.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\applib.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\040C\AgentRes.dll]  [McAfee, Inc., 3.6.0.453]
    [C:\Program Files\Network Associates\Common Framework\AgentPlugin.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\NAGSHR32.DLL]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\VirusScan\VsPlugin.dll]  [Network Associates, Inc., 8.0.0.1009]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.448]
    [C:\Program Files\Network Associates\Common Framework\UpdPlug.dll]  [McAfee, Inc., 3.6.0.603]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  [McAfee, Inc., 3.6.0.603]
[PID: 2648 / SERVICE RÉSEAU][C:\WINDOWS\System32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2748 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3676 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.448]
[PID: 3840 / Administrateur][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.448]
[PID: 476 / Administrateur][C:\Documents and Settings\Administrateur.R740.000\Bureau\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Documents and Settings\Administrateur.R740.000\Bureau\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
Process Privileges Scan
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

[patriceroy]

There was one question you asked that I didn't answer. We've had Ghost and McAfee on the PC for a while. But we placed a new Ghost client on the PC two weeks ago. Maybe it has something to do with the problem.

Also Windows XP SP3 is now out. Should I install it?

Patrice

[Jintan]

Yes, and no. McAfee there is using an ePolicy function I am not familiar with, though I truly know very little about the internal functions of their software. Is this a version intended for businesses instead of home users (or do you know that answer)? But yes, if you made any recent changes to one or the other of those software you are likely seeing some conflict created then.

And no, you really would never want to make any non-emergency changes like that SP upgrade until your system is working well. In fact, I would not suggest the SP3 upgrade until the more venturesome people "debug" it on their systems first. This way you will know what to do for your system. And until more of the major third party software vendors and antivirus/antispyware vendors update to SP3, you need to wait as well.

[patriceroy]

Hi,

It McAffee Entreprise that's installed.

I found some more information when Windows' error window appears and I ask for the details. First, there is these two lines of code.

szAppName : services.exe szAppVer : 5.1.2600.2180 szModName : esent.dll
szModVer : 5.1.2600.2780 offset : 0001baec

But there are also two error files: appcompt.txt and Manifest.txt. I'm adding the results below hoping they will give you more insight into the problem.

szAppName : services.exe szAppVer : 5.1.2600.2180 szModName : esent.dll
szModVer : 5.1.2600.2780 offset : 0001baec

appcompt.txt

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM">
<MATCHING_FILE NAME="advapi32.dll" SIZE="685056" CHECKSUM="0xE0189D3F" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="API avancées Windows 32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Système d'exploitation Microsoft® Windows®" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. Tous droits réservés." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xB0AF9" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/19/2004 23:08:24" UPTO_LINK_DATE="08/19/2004 23:08:24" VER_LANGUAGE="Français (France) [0x40c]" />
<MATCHING_FILE NAME="gdi32.dll" SIZE="282624" CHECKSUM="0xF15E522B" BIN_FILE_VERSION="5.1.2600.3316" BIN_PRODUCT_VERSION="5.1.2600.3316" PRODUCT_VERSION="5.1.2600.3316" FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.3316 (xpsp_sp2_gdr.080219-1316)" ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4FDEF" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.3316" UPTO_BIN_PRODUCT_VERSION="5.1.2600.3316" LINK_DATE="02/20/2008 06:51:00" UPTO_LINK_DATE="02/20/2008 06:51:00" VER_LANGUAGE="Anglais (États-Unis) [0x409]" />
<MATCHING_FILE NAME="kernel32.dll" SIZE="1049600" CHECKSUM="0xA0FE6C49" BIN_FILE_VERSION="5.1.2600.3119" BIN_PRODUCT_VERSION="5.1.2600.3119" PRODUCT_VERSION="5.1.2600.3119" FILE_DESCRIPTION="DLL du client API BASE Windows NT" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Système d'exploitation Microsoft® Windows®" FILE_VERSION="5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. Tous droits réservés." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x10FA5D" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.3119" UPTO_BIN_PRODUCT_VERSION="5.1.2600.3119" LINK_DATE="04/16/2007 15:53:11" UPTO_LINK_DATE="04/16/2007 15:53:11" VER_LANGUAGE="Français (France) [0x40c]" />
<MATCHING_FILE NAME="ntdll.dll" SIZE="733184" CHECKSUM="0xC6A3F353" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="DLL Couche NT" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Système d'exploitation Microsoft® Windows®" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. Tous droits réservés." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xC081B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/19/2004 23:09:14" UPTO_LINK_DATE="08/19/2004 23:09:14" VER_LANGUAGE="Français (France) [0x40c]" />
<MATCHING_FILE NAME="ole32.dll" SIZE="1284608" CHECKSUM="0x7793A994" BIN_FILE_VERSION="5.1.2600.2726" BIN_PRODUCT_VERSION="5.1.2600.2726" PRODUCT_VERSION="5.1.2600.2726" FILE_DESCRIPTION="Microsoft OLE pour Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Système d'exploitation Microsoft® Windows®" FILE_VERSION="5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)" ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL" LEGAL_COPYRIGHT="© Microsoft Corporation. Tous droits réservés." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x13A5B5" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2726" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2726" LINK_DATE="07/26/2005 04:39:59" UPTO_LINK_DATE="07/26/2005 04:39:59" VER_LANGUAGE="Français (France) [0x40c]" />
<MATCHING_FILE NAME="oleaut32.dll" SIZE="550912" CHECKSUM="0xA3B0F4F9" BIN_FILE_VERSION="5.1.2600.3266" BIN_PRODUCT_VERSION="5.1.2600.3266" PRODUCT_VERSION="5.1.2600.3266" COMPANY_NAME="Microsoft Corporation" FILE_VERSION="5.1.2600.3266" INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1993-2001." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8A6B7" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.3266" UPTO_BIN_PRODUCT_VERSION="5.1.2600.3266" LINK_DATE="12/04/2007 18:41:36" UPTO_LINK_DATE="12/04/2007 18:41:36" VER_LANGUAGE="Anglais (États-Unis) [0x409]" />
<MATCHING_FILE NAME="shell32.dll" SIZE="8516608" CHECKSUM="0x880F3EE6" BIN_FILE_VERSION="6.0.2900.3241" BIN_PRODUCT_VERSION="6.0.2900.3241" PRODUCT_VERSION="6.00.2900.3241" FILE_DESCRIPTION="DLL commune du shell Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Système d'exploitation Microsoft® Windows®" FILE_VERSION="6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)" ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32" LEGAL_COPYRIGHT="© Microsoft Corporation. Tous droits réservés." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x82C669" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.3241" UPTO_BIN_PRODUCT_VERSION="6.0.2900.3241" LINK_DATE="10/25/2007 16:43:25" UPTO_LINK_DATE="10/25/2007 16:43:25" VER_LANGUAGE="Français (France) [0x40c]" />
<MATCHING_FILE NAME="user32.dll" SIZE="578560" CHECKSUM="0x2C7B4251" BIN_FILE_VERSION="5.1.2600.3099" BIN_PRODUCT_VERSION="5.1.2600.3099" PRODUCT_VERSION="5.1.2600.3099" FILE_DESCRIPTION="DLL client de l'API Utilisateur de Windows XP" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Système d'exploitation Microsoft® Windows®" FILE_VERSION="5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)" ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="© Microsoft Corporation. Tous droits réservés." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x92EEA" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.3099" UPTO_BIN_PRODUCT_VERSION="5.1.2600.3099" LINK_DATE="03/08/2007 15:37:50" UPTO_LINK_DATE="03/08/2007 15:37:50" VER_LANGUAGE="Français (France) [0x40c]" />
<MATCHING_FILE NAME="wininet.dll" SIZE="826368" CHECKSUM="0xA2494307" BIN_FILE_VERSION="7.0.6000.16640" BIN_PRODUCT_VERSION="7.0.6000.16640" PRODUCT_VERSION="7.00.6000.16640" FILE_DESCRIPTION="Internet Extensions for Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="7.00.6000.16640 (vista_gdr.080213-1606)" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xD1CBD" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="7.0.6000.16640" UPTO_BIN_PRODUCT_VERSION="7.0.6000.16640" LINK_DATE="03/01/2008 12:58:10" UPTO_LINK_DATE="03/01/2008 12:58:10" VER_LANGUAGE="Anglais (États-Unis) [0x409]" />
<MATCHING_FILE NAME="winsock.dll" SIZE="2864" CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103" BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10" FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows(TM) Operating System" FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL" INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket API for Windows" S16BIT_MODULE_NAME="WINSOCK" UPTO_BIN_FILE_VERSION="3.10.0.103" UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="Anglais (États-Unis) [0x409]" />
</EXE>
<EXE NAME="esent.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="esent.dll" SIZE="1097728" CHECKSUM="0xF36D61BD" BIN_FILE_VERSION="5.1.2600.2780" BIN_PRODUCT_VERSION="5.1.2600.2780" PRODUCT_VERSION="5.1.2468.0" FILE_DESCRIPTION="Moteur de stockage de base de données serveur" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2468.0 (Lab03_N(jliem).010306-1456)" ORIGINAL_FILENAME="esent.dll" INTERNAL_NAME="esent.dll" LEGAL_COPYRIGHT="Copyright (C) Microsoft Corporation. 1981-2001" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x11B558" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2780" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2780" LINK_DATE="10/20/2005 22:25:51" UPTO_LINK_DATE="10/20/2005 22:25:51" VER_LANGUAGE="Français (France) [0x40c]" />
</EXE>
</DATABASE>

Manifest.txt

Server=watson.microsoft.com
UI LCID=1036
Flags=1671504
Brand=WINDOWS
TitleName=services.exe
DigPidRegPath=HKLM\Software\Microsoft\Windows NT\CurrentVersion\DigitalProductId
ErrorText=Cette erreur s'est produite le 2008-05-02 à 11:52:57.
HeaderText=services.exe a rencontré un problème et doit être fermé.
Stage1URL=
Stage1URL=/StageOne/services_exe/5_1_2600_2180/esent_dll/5_1_2600_2780/0001baec.htm
Stage2URL=
Stage2URL=/dw/stagetwo.asp?szAppName=services.exe&szAppVer=5.1.2600.2180&s zModName=esent.dll&szModVer=5.1.2600.2780&offset=0001baec
DataFiles=C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\WERb471.dir 00\services.exe.mdmp|C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\ WERb471.dir00\appcompat.txt
Heap=C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\WERb471.dir00\se rvices.exe.hdmp
ErrorSubPath=services.exe\5.1.2600.2180\esent.dll\5.1.2600.2 780\0001baec
DirectoryDelete=C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\WERb4 71.dir00