Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help me please... I am going totally crazy !!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help me please... I am going totally crazy !!!

Unread postby lymphocyte » November 25th, 2006, 6:01 pm

Hello everyone !

I need help, my computer is going nuts... and i have a lot a school work to do :(

Here is my problem. I'm running Windows XP.

I had a wide list of viruses and malwares . By using several anti-malware softwares (Ad-Aware, Spybot, Zone Alarm, Spyware Doctor, AVG, symantec antivirus) I was able to eliminate some of them. However, some of them could not be removed... even after running the softwares after a safe boot.

My computer is still very very slow (compare with the usual) and I still get popups. :evil:

They tell me that something is wrong with CMFibula and PSCastor... and I also think I was infected with newdotnet and other high risk trojans.

Here is my log from HiJackThis:

-----------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 16:34:46, on 2006-11-25
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
E:\MacDisk\lsdiorw\lsdiorw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
e:\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wdfmgr.exe
E:\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
E:\iTunes\iTunesHelper.exe
E:\Acrobat 7.0\Distillr\Acrotray.exe
E:\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Patrick\Bureau\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.umontreal.ca:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {448EB527-9581-494C-9447-15646428C308} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] E:\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: HQFfKqlTVotupg - {E4AB277A-4E01-8DD0-D631-5614BBEB968F} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lsdiorw - Logiciels & Services Duhem, Paris, France - E:\MacDisk\lsdiorw\lsdiorw.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - e:\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-----------------------------------------------------------

thanks !!!!!!
lymphocyte
Active Member
 
Posts: 13
Joined: November 25th, 2006, 5:44 pm
Advertisement
Register to Remove

Unread postby bamajim » November 28th, 2006, 4:40 pm

lymphocyte

Welcome to MRU

Sorry for the delay in responding

You have a couple of programs that we need to temporarily disable so they don't interfere with our fix. You can re-enable them after we are done

A Spyware Doctor

To deactivate Spyware Doctor's OnGuard Tools
    1. From within Spyware Doctor, click the "OnGuard" button on the left side.
    2. Uncheck "Activate OnGuard".
You can reenable it once your system is clean.

B Spybot S&D TeaTimer (To Disable)
    1) Run Spybot-S&D
    2) Go to the Mode menu, and make sure "Advanced Mode" is selected
    3) On the left hand side, choose Tools -> Resident
    4) Uncheck "Resident TeaTimer" and OK any prompts
    5) Restart your computer.
After that is done

1. Go here and Download AVG Anti-Spyware
(30 day free trial version) Save it to Your Desktop
 
Double Click AVG Anti-Spyware-setup
(It will create its own folder)
Once the program starts You will be at the Status menu
    Under "Your computers Security"
    Click change status on Resident shield to inactive
    Click Update now (next to last update)
    After the update loads
    Under Automatic updates Uncheck download and install updates automatically(recommended)
    (you can always select maual updates the next day)
At the top toolbar Click Scanner Then the settings tab
    Under How to act? Set default action for detected malwareTo Quarantine
    Under how to scan All boxes should be checked
    Under Possibly unwanted software All boxes should be checked
    Under reports Select Automatically generate report after every scan
    Uncheck Only if threats were found
    Under what to scan Scan every file should be highlited
Exit AVG(But do not run it yet)

2. Please download Brute Force Uninstaller to your desktop.

  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C: ) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As" ) in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Reboot into Safe Mode
This can be done by
    Restart your PC, and after it starts, but before you see the Windows Splash screen
    Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
    Use your arrow keys and select Safe Mode and then Enter
4. Run AVG Anti-Spyware
    Click scanner
    Select Complete system scan
Once the scan finishes
    Select Apply all actions (The items found will be quarantined)
    Click save report as (Another window will open)
    Save it to your desktop
    (By default It will be saved in the AVG folder as)
    C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports
Exit AVG

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Image and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot your PC in Normal Mode->>Re run Hijackthis and post a fresh Hijackthis log.
    Double click the report-scan txt. you saved to your desktop
    It will open in Notepad
    Copy and paste that report as a reply to this thread
Your reply should include
    a fresh hijackthis log
    your report_scan.txt from AVG

thanks bamajim
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

my new hijackthis log + AVG report

Unread postby lymphocyte » December 12th, 2006, 2:01 am

You guys are great ! Your help is really appreciated!

Here is the AVG Report, followed by the HiJackThis log:

thanks !!!

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 00:46:04 2006-12-12

+ Résultat de l'analyse:



C:\Documents and Settings\Patrick\Cookies\patrick@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Patrick\Cookies\patrick@www.burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\Patrick\Cookies\patrick@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Patrick\Cookies\patrick@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Patrick\Cookies\patrick@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.


End of report
---------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 01:01:15, on 2006-12-12
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
E:\iTunes\iTunesHelper.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
E:\MacDisk\lsdiorw\lsdiorw.exe
E:\Acrobat 7.0\Distillr\Acrotray.exe
E:\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
E:\Gadwin Systems\PrintScreen\PrintScreen.exe
e:\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Patrick\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.umontreal.ca:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {448EB527-9581-494C-9447-15646428C308} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE"
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] E:\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [Spyware Doctor] "E:\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: HQFfKqlTVotupg - {E4AB277A-4E01-8DD0-D631-5614BBEB968F} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lsdiorw - Logiciels & Services Duhem, Paris, France - E:\MacDisk\lsdiorw\lsdiorw.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - e:\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
lymphocyte
Active Member
 
Posts: 13
Joined: November 25th, 2006, 5:44 pm

Unread postby bamajim » December 12th, 2006, 9:19 am

lymphocyte

Are you still getting the warnings?

thanks bamajim
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

Yep... still have those malware

Unread postby lymphocyte » December 12th, 2006, 6:31 pm

Hi !

Thanks again for helping me.
After doing what you told me, i did some scans on my computer and I still detect problems that cannot be removed. It seems to be related to my registry...

Here are the malware detected on my computer 2 different softwares:

SpyBot Search and Destroy:

DoubleClick: Tracking cookie (Internet Explorer: Patrick)(Cookie, nothing done)


AdSponsor: Settings (Registry key, nothing done)HKEY_USERS\S-1-5-18\Software\AdSponsor

AdSponsor: Settings (Registry key, nothing done)HKEY_USERS\.DEFAULT\Software\AdSponsor

Avenue A, Inc.: Tracking cookie (Internet Explorer: Patrick)(Cookie, nothing done)


CMFibula: Settings (Registry key, nothing done)HKEY_USERS\S-1-5-18\Software\CMIntex

CMFibula: Settings (Registry key, nothing done)HKEY_USERS\.DEFAULT\Software\CMIntex

CMFibula: User settings (Registry key, nothing done)HKEY_USERS\S-1-5-18\Software\CMFibula

CMFibula: User settings (Registry key, nothing done)HKEY_USERS\.DEFAULT\Software\CMFibula

Mediaplex: Tracking cookie (Internet Explorer: Patrick)(Cookie, nothing done)

PSCastor: User settings (Registry key, nothing done)HKEY_USERS\S-1-5-18\Software\PSDream

PSCastor: User settings (Registry key, nothing done)HKEY_USERS\.DEFAULT\Software\PSDream

PSCastor: User settings (Registry key, nothing done)HKEY_USERS\S-1-5-18\Software\PSCloner

PSCastor: User settings (Registry key, nothing done)HKEY_USERS\.DEFAULT\Software\PSCloner

PSCastor: User settings (Registry key, nothing done)HKEY_USERS\S-1-5-18\Software\PSCastor

PSCastor: User settings (Registry key, nothing done)HKEY_USERS\.DEFAULT\Software\PSCastor

--- Spybot - Search && Destroy version: 1.3 ---

So, i'm still stuck with this PSCastor and CMFibula and AdSponsor problems in my registry. I cannot removed them with SpyBot (even in safe mode).

Spyware Doctor:

It detected 3 malware that seem dangerous to me... However, since I dont have the full version of Spyware Doctor, I cannot eliminate them.

Name of infection: Known Bad Sites
File: C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\YD5O2QNN\3214357-18[1].gif
Risk Level: High

Name of infection: Trojan.Downloader.Small.DTC
File: C:\WINDOWS\System32\kr_done1
Risk Level: High

Name of infection: Virtumonde
File: C:\WINDOWS\system32\gebbcaa.dll
Risk Level: Very High

Let me know what you think about this

Thanks ;o)
lymphocyte
Active Member
 
Posts: 13
Joined: November 25th, 2006, 5:44 pm

Unread postby bamajim » December 12th, 2006, 8:27 pm

lymphocyte

Odd that AVG didn't flag any of those. Let's take a different look

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

thanks bamajim
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

ComboFix not working

Unread postby lymphocyte » December 13th, 2006, 1:46 am

Hello again !

No matter in what folder I dowload and load ComboFix, it wont work. When I load ComboFix.exe, there is a command screen pupping... with text in it... but only lasting 1 sec... not giving me the time to read any of it. No log appeared in any folder. I dowloaded it multiple times...I even tried in safe mode... ComboFix.exe just dont seem to work for me :cry:

Mmmmm....
lymphocyte
Active Member
 
Posts: 13
Joined: November 25th, 2006, 5:44 pm

Unread postby bamajim » December 13th, 2006, 11:26 am

lymphocyte

Thats O.K. :)

Go HERE and Download System Repair Engine by smallfrogs
    Save it to your Desktop
    Rt Click sreng2.zip->>Extract all->>Extract it to your desktop
    Open the sreng folder
    Double click SREng->>Click Run
    At the main Window, in the left Pane,Select Smart Scan
    At the next window make sure all of the boxes are checked and Select Scan
    When the scan is complete Select Save reports
    Save it to your desktop and Close the tool
    Double Click SREngLog.txt copy and paste that log as a reply to this thread


Do not run any other options with this tool unless instructed to do so.

thanks bamajim
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

SREng Log

Unread postby lymphocyte » December 13th, 2006, 12:13 pm

Hello

Here is the log:

Thanks

2006-12-13,11:10:32

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Gadwin PrintScreen 3.1><E:\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash> [Gadwin Systems, Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Zone Labs Client><"E:\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Zone Labs, LLC]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"> [Sun Microsystems, Inc.]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<NvCplDaemon><"RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)NVIDIA Corporation]
<LVCOMS><"C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE"> [(Verified)Logitech Inc.]
<iTunesHelper><"E:\iTunes\iTunesHelper.exe"> [(Verified)Apple Computer, Inc.]
<Acrobat Assistant 7.0><"E:\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.]
<SpyHunter><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Corporation]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><E:\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<WebCheck><%SystemRoot%\System32\webcheck.dll> [(Verified)Microsoft Corporation]
<SysTray><C:\WINDOWS\System32\stobject.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\System32\NavLogon.dll> [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
<WinlogonNotify: WRNotifier><WRLogonNTF.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr> [(Verified)Microsoft Corporation]

==================================
Startup Folders
[Adobe Acrobat Speed Launcher]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk --> C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [N/A]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
<E:\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Symantec Event Manager / ccEvtMgr]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[InstallDriver Table Manager / IDriverT]
<C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe><Macrovision Corporation>
[iPod Service / iPod Service]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Lsdiorw / Lsdiorw]
<E:\MacDisk\lsdiorw\lsdiorw.exe><Logiciels & Services Duhem, Paris, France>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[SavRoam / SavRoam]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[PC Tools Spyware Doctor / SDhelper]
<e:\Spyware Doctor\sdhelp.exe><PC Tools Research Pty Ltd>
[Symantec Network Drivers Service / SNDSrvc]
<"C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
<C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[TrueVector Internet Monitor / vsmon]
<C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>

==================================
Drivers
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
<\??\E:\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[CpuIdle Pro System Driver / cpuidlep]
<C:\WINDOWS\SYSTEM32\DRIVERS\cpuidlep.SYS><N/A>
[d344bus / d344bus]
<\SystemRoot\System32\DRIVERS\d344bus.sys><>
[d344prt / d344prt]
<\SystemRoot\System32\Drivers\d344prt.sys><>
[Symantec Eraser Control driver / eeCtrl]
<\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[GEARAspiWDM / GEARAspiWDM]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[File Security Kernel Anti-Spyware Driver / ikhfile]
<\??\C:\WINDOWS\System32\drivers\ikhfile.sys><PCTools Research Pty Ltd.>
[Kernel Anti-Spyware Driver / ikhlayer]
<\??\C:\WINDOWS\System32\drivers\ikhlayer.sys><PCTools Research Pty Ltd.>
[Logitech USB Microphone / lusbaudio]
<system32\drivers\lvsound2.sys><Logitech Inc.>
[LVBulk Service / LVBulk]
<System32\DRIVERS\LVBulk.sys><Logitech Inc.>
[LVVI500A Service / LVVI500A]
<System32\DRIVERS\lvvi500a.sys><Tekom Technologies, Inc.>
[NAVENG / NAVENG]
<\??\C:\PROGRA~1\FICHIE~1\Symantec Shared\VirusDefs\20061212.019\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
<\??\C:\PROGRA~1\FICHIE~1\Symantec Shared\VirusDefs\20061212.019\navex15.sys><Symantec Corporation>
[nv / nv]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc]
<system32\drivers\pfc.sys><Padus, Inc.>
[Plextor ConvertX TV402U A/V Capture / PlextorTV402U]
<system32\drivers\TVXstream.sys><Plextor Corp.>
[PQNTDrv / PQNTDrv]
<C:\WINDOWS\SYSTEM32\DRIVERS\PQNTDrv.SYS><PowerQuest Corporation>
[Pilote de liaison parallèle directe / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
<\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT]
<\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL]
<\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[Acronis Snapshots Manager / snapman]
<\SystemRoot\System32\DRIVERS\snapman.sys><Acronis>
[Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1]
<System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[SPBBCDrv / SPBBCDrv]
<\??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[srescan / srescan]
<\SystemRoot\System32\ZoneLabs\srescan.sys><Zone Labs, LLC>
[SymEvent / SymEvent]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[PLEXTOR EZ-USB FX2 FIRMWARE LOADER (TVXLoader.sys) / TVXLoader]
<System32\Drivers\TVXLoader.sys><Plextor Corp.>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <E:\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[PCTools Site Guard]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} <E:\Spyware Doctor\tools\iesdsg.dll, PC Tools>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[PCTools Browser Monitor]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} <E:\Spyware Doctor\tools\iesdpb.dll, PC Tools>
[Java Plug-in]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[PCTools Browser Monitor]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} <E:\Spyware Doctor\tools\iesdpb.dll, PC Tools>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <E:\Microsoft Office\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[PartyPoker.com]
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} <e:\PartyPoker\PartyPoker\RunApp.exe, >
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\System32\Shdocvw.dll, Microsoft Corporation>
[&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Convert link target to Adobe PDF]
<res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert link target to existing PDF]
<res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert selected links to Adobe PDF]
<res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convert selected links to existing PDF]
<res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[Convert selection to Adobe PDF]
<res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert selection to existing PDF]
<res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert to Adobe PDF]
<res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert to existing PDF]
<res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[E&xporter vers Microsoft Excel]
<res://E:\Microsoft Office\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 676][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 728][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 756][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[C:\WINDOWS\System32\NavLogon.dll] [Symantec Corporation, 10.0.1.1000]
[PID: 800][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 812][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 980][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 1032][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 1132][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 1164][C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 103.5.4.3]
[C:\Program Files\Fichiers communs\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.4.3]
[C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.4.3]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[C:\Program Files\Fichiers communs\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 103.5.4.3]
[PID: 1220][C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 103.5.4.3]
[C:\Program Files\Fichiers communs\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.4.3]
[C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.4.3]
[C:\PROGRA~1\FICHIE~1\SYMANTEC SHARED\SPBBC\BB.DLL] [Symantec Corporation, 1,5,1,3]
[C:\PROGRA~1\FICHIE~1\SYMANTEC SHARED\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 1,5,1,3]
[C:\Program Files\Fichiers communs\Symantec Shared\ccSet.dll] [Symantec Corporation, 103.5.4.3]
[C:\PROGRA~1\FICHIE~1\SYMANTEC SHARED\CCSETEVT.DLL] [Symantec Corporation, 103.5.4.3]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 1548][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[C:\WINDOWS\System32\AdobePDF.dll] [Adobe Systems Incorporated., 7.0.0.00]
[E:\Acrobat 7.0\Distillr\adistres.dll] [Adobe Systems Incorporated., 7.0.5.2005092300]
[PID: 1624][E:\AVG Anti-Spyware 7.5\guard.exe] [Anti-Malware Development a.s., 7, 5, 0, 47]
[E:\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 1644][C:\Program Files\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 10.0.1.1000]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 1680][E:\MacDisk\lsdiorw\lsdiorw.exe] [Logiciels & Services Duhem, Paris, France, 4.0.0.333]
[C:\WINDOWS\System32\vcl60.bpl] [Borland Software Corporation, 6.0.6.240]
[C:\WINDOWS\System32\rtl60.bpl] [Borland Software Corporation, 6.0.6.240]
[C:\WINDOWS\System32\BORLNDMM.DLL] [Borland Software Corporation, 6.0.10.157]
[C:\WINDOWS\System32\CC3260MT.DLL] [Borland Corporation, 0.0.0.0 (informal build)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 1804][C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 1848][C:\WINDOWS\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8198]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 1872][e:\Spyware Doctor\sdhelp.exe] [PC Tools Research Pty Ltd, 3.6.0.2026]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 1904][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 1920][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 10.0.1.1000]
[C:\WINDOWS\System32\CBA.DLL] [LANDesk Software Ltd., 6.12.0.137 E]
[C:\WINDOWS\System32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.137 E]
[C:\WINDOWS\System32\NTS.dll] [LANDesk Software Ltd., 6.12.0.137 E]
[C:\WINDOWS\System32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.137 E]
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 10.0.1.1000]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.0.1.1000]
[c:\program files\fichiers communs\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.4.3]
[C:\Program Files\Fichiers communs\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.4.3]
[C:\Program Files\Fichiers communs\Symantec Shared\ccDec.dll] [Symantec Corporation, 103.5.4.3]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\decsdk.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2ID.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2Zip.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2SS.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2GZIP.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2CAB.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2LHA.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2ARJ.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2TNEF.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2LZ.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2AMG.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2RAR.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2TAR.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2RTF.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\Decomposers\Dec2Text.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Fichiers communs\Symantec Shared\ccScan.dll] [Symantec Corporation, 103.5.4.3]
[C:\Program Files\Fichiers communs\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 1.4.0.11]
[C:\PROGRA~1\FICHIE~1\Symantec Shared\VirusDefs\20061212.019\ccEraser.dll] [Symantec Corporation, 106.3.3.2]
[C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] [Symantec Corporation, 3.1.13a.0]
[C:\PROGRA~1\FICHIE~1\Symantec Shared\VirusDefs\20061212.019\ecmsvr32.dll] [Symantec Corporation, 61.3.0.18]
[C:\PROGRA~1\FICHIE~1\Symantec Shared\VirusDefs\20061212.019\NAVEX32a.DLL] [Symantec Corporation, 20061.3.0.12]
[C:\PROGRA~1\FICHIE~1\Symantec Shared\VirusDefs\20061212.019\NAVENG32.DLL] [Symantec Corporation, 20061.3.0.12]
[C:\Program Files\Symantec AntiVirus\NAVAP32.DLL] [Symantec Corporation, 9.5.0.44]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.5.0.44]
[C:\Program Files\Symantec AntiVirus\IMail.dll] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Symantec AntiVirus\NotesExt.dll] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Symantec AntiVirus\vpmsece3.dll] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCEvt.dll] [Symantec Corporation, 1,5,1,3]
[PID: 2040][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 3152][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[E:\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 3, 0, 12]
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.60.5]
[E:\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 3824][C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.60.5]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 3908][C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE] [Logitech Inc., 6.0.0.1208]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[E:\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[PID: 3896][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 4028][E:\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 7.0.1.8]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[E:\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 7.0.0.59]
[E:\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 7.0.1.8]
[PID: 4060][E:\Acrobat 7.0\Distillr\Acrotray.exe] [Adobe Systems Inc., 7.0.1.2005092300]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 4068][E:\Acrobat 7.0\Distillr\Acrotray.exe] [Adobe Systems Inc., 7.0.1.2005092300]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 484][E:\Gadwin Systems\PrintScreen\PrintScreen.exe] [Gadwin Systems, Inc., 3.1]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 396][C:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 7.0.1.8]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 7.0.0.59]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 7.0.1.8]
[PID: 1024][E:\Acrobat 7.0\Acrobat\acrobat_sl.exe] [Adobe Systems Incorporated, 7.0.5.2005092300]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[PID: 2180][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[c:\program files\google\googletoolbar3.dll] [Google Inc., 4, 0, 1020, 3054]
[E:\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.5.2005092300]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 3, 0, 12]
[E:\Spyware Doctor\tools\iesdsg.dll] [PC Tools, 3.6.0.2069]
[C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.60.5]
[E:\Spyware Doctor\tools\iesdpb.dll] [PC Tools, 3.6.0.2283]
[C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 2188][C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe] [Google Inc., 1, 2, 908, 5008]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]
[C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\res_fr.dll] [Google Inc., 1, 2, 908, 5008]
[C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\swg.dll] [Google Inc., 1, 2, 908, 5008]
[PID: 2256][C:\Documents and Settings\Patrick\Bureau\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[e:\Spyware Doctor\tools\swpg.dat] [PC Tools, 3.6.0.2080]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
lymphocyte
Active Member
 
Posts: 13
Joined: November 25th, 2006, 5:44 pm

Unread postby bamajim » December 13th, 2006, 1:23 pm

lymphocyte

Still nothing to indicate what those scanners found. Let's look at 2 more things. We ill do them one at a time

Please download F-Secure Blacklight (blbeta.exe)
    and Save to your Desktop
    Double click the file to run it
    It will create the "fsbl-xxxxxxx.log" on your desktop.
    The log will have a list of all items found. Do not choose to rename any yet! I want to see the log first because legitimate items can also be present...like "wbemtest.exe".
    Exit Blacklight and post the contents of the log in your next reply.

thanks bamajim
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

Unread postby lymphocyte » December 13th, 2006, 2:05 pm

Here is the log:

12/13/06 12:48:53 [Info]: BlackLight Engine 1.0.47 initialized
12/13/06 12:48:53 [Info]: OS: 5.1 build 2600 (Service Pack 1)
12/13/06 12:48:54 [Note]: 7019 4
12/13/06 12:48:54 [Note]: 7005 0
12/13/06 12:49:02 [Note]: 7006 0
12/13/06 12:49:02 [Note]: 7011 3152
12/13/06 12:49:02 [Note]: 7026 0
12/13/06 12:49:03 [Note]: 7026 0
12/13/06 12:49:49 [Note]: FSRAW library version 1.7.1020
12/13/06 12:51:16 [Note]: 4020 17259 327680
12/13/06 12:51:16 [Note]: 4022 17259
12/13/06 12:59:50 [Note]: 7007 0

For my own curiosity, do you know what is PSCastor and CMFibula ? Are they files? malwares?
lymphocyte
Active Member
 
Posts: 13
Joined: November 25th, 2006, 5:44 pm

Unread postby bamajim » December 13th, 2006, 3:32 pm

lymphocyte

Still nothing.

To answer your question yes they are files, they are considered malware files. They are part of an Alcan worm infection.
However in the scans you've posted I don't see any sign of those being "Active".
The scan results could be flaging empty Registry entries. The reason I wanted the last scan was to make sure we didn't have something hidden that keeps reloading the infection. We may be chasing a false positive.

Let's look here:

Download WinPFind.zip
Save it to your Desktop
    Rt click WindPFind.zip and select extract ALL
    and extract it to your C:\ Drive.

    This will create a folder called WinPFind in the C:\ directory
    Inside c:\WinPFind folder is a file called WinPFind tools. Double-click on this file to launch the program.
    Once it is launched, click on the Start Scan button and wait for it to finish.
    This program will scan large amounts of files on your computer for known patterns
    so please be patient while it works as it can take a while, upwards to 30 minutes or more.

    When it is done, it will show the results of the scan.

    Close the program
    It will save a WindPFind.txt log in the WindPFind folder
    Double Click that and copy and paste it as a reply

Note: It is important to note that not all files found with this program are necessarily bad.

Please DO NOT DELETE ANY FILES UNTIL INSTRUCTED TO DO SO

thanks bamajim
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

Its me again :op

Unread postby lymphocyte » December 13th, 2006, 3:59 pm

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 2006-12-13 14:44:37
WinPFind v1.5.0 Folder = C:\Documents and Settings\Patrick\Bureau\WinPFind\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 2006-12-12 23:43:10 381398 C:\combofix.exe ( )

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 2003-12-27 14:43:24 68608 C:\WINDOWS\daemon.dll ()

Checking %System% folder...
PEC2 2002-12-31 07:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 2005-06-09 15:32:28 692736 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks)
PECompact2 2005-06-09 15:32:28 692736 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks)
WSUD 2002-12-31 07:00:00 1166336 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
WSUD 2002-12-31 07:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 2002-12-31 07:00:00 658944 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 2002-12-31 07:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
2006-12-13 01:46:00 S 2048 C:\WINDOWS\bootstat.dat ()
2006-11-29 17:21:52 H 54156 C:\WINDOWS\QTFont.qfn ()
2006-12-13 01:46:06 S 64 C:\WINDOWS\CSC\00000001 ()
2006-12-10 15:34:16 S 64 C:\WINDOWS\CSC\00000002 ()
2006-11-30 15:26:24 S 64 C:\WINDOWS\CSC\csc1.tmp ()
2006-12-01 12:37:34 H 0 C:\WINDOWS\inf\oem15.inf ()
2006-12-01 12:39:26 H 0 C:\WINDOWS\inf\oem16.inf ()
2006-12-01 12:39:26 H 0 C:\WINDOWS\LastGood\INF\oem16.inf ()
2006-12-01 12:39:26 H 0 C:\WINDOWS\LastGood\INF\oem16.PNF ()
2006-11-23 15:53:50 HS 608217 C:\WINDOWS\system32\behjl.bak2 ()
2006-11-23 17:41:22 HS 599233 C:\WINDOWS\system32\behjl.ini ()
2006-11-17 16:30:02 HS 40973 C:\WINDOWS\system32\gebbcaa.dll ()
2006-12-13 01:47:12 H 48877 C:\WINDOWS\system32\vsconfig.xml ()
2006-10-20 15:12:56 H 4212 C:\WINDOWS\system32\zllictbl.dat ()
2006-12-13 14:54:22 H 1024 C:\WINDOWS\system32\config\default.LOG ()
2006-12-13 01:59:18 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
2006-12-13 01:59:36 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
2006-12-13 14:55:20 H 1024 C:\WINDOWS\system32\config\software.LOG ()
2006-12-13 12:59:58 H 1024 C:\WINDOWS\system32\config\system.LOG ()
2006-11-27 18:12:24 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\2b878efc-5b57-4604-8df2-ba4ce874ea76 ()
2006-11-27 18:12:24 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
2006-11-04 09:44:18 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e7ba8931-4e57-4608-8aa3-015da90495e5 ()
2006-11-04 09:44:20 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
2006-12-01 12:37:48 RHS 13698 C:\WINDOWS\system32\Restore\filelist.xml ()
2006-12-13 01:46:08 H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
2002-12-31 07:00:00 583680 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
2002-12-31 07:00:00 132096 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
2002-12-31 07:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
2002-12-31 07:00:00 293888 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
2002-12-31 07:00:00 126464 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
2002-12-31 07:00:00 66560 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
2005-11-10 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
2002-12-31 07:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
2002-12-31 07:00:00 567296 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
2002-12-31 07:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
2002-12-31 07:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
2005-12-09 21:06:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl ()
2002-12-31 07:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
2002-12-31 07:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
2002-12-31 07:00:00 112640 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
2006-08-15 13:36:12 24064 C:\WINDOWS\SYSTEM32\prefscpl.cpl (RealNetworks, Inc.)
2002-12-31 07:00:00 274944 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
2002-12-31 07:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
2002-12-31 07:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
2005-05-26 04:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
2002-12-31 07:00:00 69120 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
2002-12-31 07:00:00 583680 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
2002-12-31 07:00:00 132096 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
2002-12-31 07:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
2002-12-31 07:00:00 293888 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
2002-12-31 07:00:00 126464 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
2002-12-31 07:00:00 66560 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
2002-12-31 07:00:00 189952 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
2002-12-31 07:00:00 567296 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
2002-12-31 07:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
2002-12-31 07:00:00 260096 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
2002-12-31 07:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
2002-12-31 07:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
2002-12-31 07:00:00 112640 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
2002-12-31 07:00:00 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
2002-12-31 07:00:00 274944 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
2002-12-31 07:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
2002-12-31 07:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{00000161-9980-0010-8000-00AA00389B71} - - CodeBase = http://codecs.microsoft.com/codecs/i386/msaud.cab
{3334504D-9980-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/ ... p43dmo.CAB
{33564D57-9980-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/ ... mv9dmo.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get/fl ... wflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
2006-12-13 11:05:30 2069 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk ()
2006-01-22 06:37:48 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
2006-01-22 06:24:10 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
2006-04-19 01:26:18 H 16 C:\Documents and Settings\All Users\Application Data\obtf3 ()

Checking files in %USERPROFILE%\Startup folder...
2006-01-22 06:37:48 HS 84 C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
2006-01-22 06:24:10 HS 62 C:\Documents and Settings\Patrick\Application Data\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://us.rd.yahoo.com/customize/ie/def ... earch.html
\\Search Page -
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
\\Default_Search_URL - http://www.google.com/ie
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://rds.ca/
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = E:\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - PCTools Site Guard = E:\Spyware Doctor\tools\iesdsg.dll (PC Tools)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar3.dll (Google Inc.)
\{B56A7D7D-6927-48C8-A975-17DF180C71AC} - PCTools Browser Monitor = E:\Spyware Doctor\tools\iesdpb.dll (PC Tools)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{182EC0BE-5110-49C8-A062-BEB1D02A220B} - Adobe PDF = E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Astuce du jour = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation)
\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar3.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Liens = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar3.dll (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Console Java (Sun)
\\NEXTID - 8197
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =
\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8194 = PartyPoker.com
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8195 =
\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8196 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Console Java (Sun) = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Console Java (Sun) = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - ButtonText: Spyware Doctor =
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Recherche =
\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - ButtonText: PartyPoker.com = e:\PartyPoker\PartyPoker\RunApp.exe ()
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Extension Affichage Panorama du Panneau de configuration = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Extensions de l'environnement de compression de fichiers = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Menu contextuel de cryptage = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Extension icône HyperTerminal = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Barre des tâches et menu Démarrer = ()
\\{87D62D94-71B3-4b9a-9489-5FE6850DC73E} - Avi Properties Handler = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Comptes d'utilisateurs = ()
\\{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} - Context Menu Shell Extension = C:\PROGRA~1\TAGREN~1\TRshell.dll (Softpointer LTD)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{BDA77241-42F6-11d0-85E2-00AA001FE28C} - LDVP Shell Extensions = C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\\{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - Adobe.Acrobat.ContextMenu = E:\Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.)
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\System32\nvshell.dll ()
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\System32\nvshell.dll ()
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\System32\nvshell.dll ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = E:\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{52B87208-9CCF-42C9-B88E-069281105805} - Trojan Remover Shell Extension = ()
\\{7C9D5882-CB4A-4090-96C8-430BFE8B795B} - Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\Spy Sweeper\SSCtxMnu.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\Adobe.Acrobat.ContextMenu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = E:\Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.)
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = E:\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\TagRename_ContextMenu - {7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = C:\PROGRA~1\TAGREN~1\TRshell.dll (Softpointer LTD)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
\SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\Spy Sweeper\SSCtxMnu.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = E:\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\System32\nvshell.dll ()
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\Spy Sweeper\SSCtxMnu.dll ()
\TagRename_ContextMenu - {7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = C:\PROGRA~1\TAGREN~1\TRshell.dll (Softpointer LTD)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = E:\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Zone Labs Client - E:\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
NvCplDaemon - C:\WINDOWS\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
LVCOMS - C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE (Logitech Inc.)
iTunesHelper - E:\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
Acrobat Assistant 7.0 - E:\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
SpyHunter - Reg Data missing or invalid ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Gadwin PrintScreen 3.1 - E:\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = E:\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\NavLogon - C:\WINDOWS\System32\NavLogon.dll = (Symantec Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
\WRNotifier - WRLogonNTF.dll = ()

>>> DNS Name Servers <<<
{24DFA115-9579-41A9-AEE6-1FCF95FC7BF3} - ()
{35BBE09B-61F7-4809-AE9A-4885C14CACD2} - (Carte réseau 1394)
{F2EC727E-405F-4930-BD50-1CAD5EB0C877} - (Carte réseau Fast Ethernet PCI Realtek RTL8139 Family)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
lymphocyte
Active Member
 
Posts: 13
Joined: November 25th, 2006, 5:44 pm

Unread postby bamajim » December 13th, 2006, 5:16 pm

lymphocyte

That gave us a little more to go on

1. We need to make sure we can see hidden files and folders

To enable the viewing of Hidden and System files follow these steps:
    Right click on Start and select Explore.
    Select the Tools menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Click Yes To confirm
    Press the Apply button and then the OK button.
2. Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

3. Please download the Killbox.
    1)Save it to the desktop and run it.
    2) Select "Delete on Reboot", and then select "All files".
    3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

      C:\WINDOWS\system32\behjl.bak2
      C:\WINDOWS\system32\behjl.ini
      C:\WINDOWS\system32\vsconfig.xml

    4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
    5) Click the red-and-white "Delete File" button.  Click "Yes" at the Delete on Reboot prompt.  Click "No" at the Pending Operations prompt.

Reboot your PC->>Post the results of the C:\Vundofix.txt log and a fresh Hiajckthis log

thanks bamajim
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

Unread postby lymphocyte » December 13th, 2006, 7:29 pm

Hello again

VundoFix did not found anything.

Here is the new HiJackThis log after using KillBox

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 17:54:44, on 2006-12-13
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
E:\MacDisk\lsdiorw\lsdiorw.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
e:\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wdfmgr.exe
E:\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
E:\iTunes\iTunesHelper.exe
E:\Acrobat 7.0\Distillr\Acrotray.exe
E:\Acrobat 7.0\Distillr\Acrotray.exe
E:\Gadwin Systems\PrintScreen\PrintScreen.exe
E:\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Patrick\Bureau\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.umontreal.ca:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\Spyware Doctor\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE"
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] E:\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lsdiorw - Logiciels & Services Duhem, Paris, France - E:\MacDisk\lsdiorw\lsdiorw.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - e:\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
lymphocyte
Active Member
 
Posts: 13
Joined: November 25th, 2006, 5:44 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 324 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware