Virus Burst- Critical System Error!

Hi I am so sorry it took me sooo long! I haf big problems with rebooting, and I couldn't even do it in safe mode (everytime, after pressing f8 to access the modes menu, the keyboard got frozen!), now it seems that my computer is ok, I can even tell you it hadn't been so fast for a long time

so in the two following threads I'm sending you the two reports (sorry, the smitfraud one is in french

Thanks a big lot again, I could never have done this without a real human being explaining me step by step

 

SmitFraudFix v2.88

Rapport fait à 3:37:06,09, 15/09/2006
Executé à partir de C:\Program Files\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2be26361-58a2-4836-be57-b838f02fec3f}"="astrogeology"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\qxfgcg.dll supprimé
C:\Documents and Settings\Gilles\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Burst 6.1.lnk supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé
C:\Program Files\Media-Codec\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

Logfile of HijackThis v1.99.1
Scan saved at 04:03:35, on 15/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
C:\WINDOWS\system32\NVAREM.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\AOL 8.0b\aoltray.exe
C:\WINDOWS\System32\x10nets.exe
C:\Program Files\AOL 8.0b\waol.exe
C:\Program Files\AOL 8.0b\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GRATWEE - {4E7BD74F-2B8D-469E-D7FB-E878B587BD7D} - C:\WINDOWS\DOWNLO~1\gratwee.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
O4 - HKLM\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S /Q /R /L /A1 /B0 /C0 /D2 /E0
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Wspn] C:\Program Files\Wspn\wspn.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe\ers.exe /min
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EE044B2-D5F7-43D2-ABCA-D30FC9182443}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\WINDOWS\System32\x10nets.exe

 

I hope everybody will excuse me for the flooding

Well, everything seems to be okay now, but the reports indicates i have still lots of those annoying spywares, though those ones don't seem to harm much. Do you know a particular antivirus or anti-something program that could efficiently remove all that and prevent those to come ? (I prefer asking this to someone who knows better, so if i pay for a program, at least i'm sure to pay for the good one

Thanks a lot again I really have no idea how I would have come up without help!!

 

Hi, still more to do, go to add /remove programs and remove [bold]Errorsafe [/bold]if listed

Download Ewido Anti-Spyware http://www.ewido.net/en/download/
· Install and run ewido
· Click Scanner
· select the "Settings" tab.
· Once in the Settings screen click on "Recommended actions" and then select "Delete".
· Select "Automatically generate report after every scan"
· UnSelect "Only if threats were found"
· Click Complete System Scan and the scan will begin.
· When the scan is finished, Set all items to delete
· Click Apply all actions
· Click the Save report button.
· Save the report to your C: Drive
Reboot
Post that log and a new HiJack log


Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm
When the scan is finished, save the results from the scan!

Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.

I'll get back with you 2moro

 

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 06:01:04 15/09/2006

+ Scan result:



HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4492 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4496 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4543 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_2 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_3 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1068 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1074 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1116 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1524 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1553 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1641 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4 -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Adware.Cydoor : Cleaned.
HKU\S-1-5-21-1920702541-726577055-892046207-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\SearchUpgrader -> Adware.KeenValue : Cleaned.
HKLM\SOFTWARE\SearchUpgrader\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} -> Adware.KeenValue : Cleaned.
C:\Documents and Settings\Gilles\Mes documents\Downloads\Programs\WinFixer2005ScannerInstallFRA.exe -> Adware.Virtumonde : Cleaned.
C:\Kit Tiscali\Elements_Kit\PC1\Dialer Tiscali\InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Cleaned.
C:\Kit Tiscali\Programs\InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Cleaned.
C:\WINDOWS\Downloaded Program Files\__delete_on_reboot__g_r_a_t_w_e_e_._d_l_l_ -> Hijacker.Delf.bc : Cleaned.
[2604] C:\WINDOWS\DOWNLO~1\gratwee.dll -> Hijacker.Delf.bc : Error during cleaning.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned.
:mozilla.8:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.9:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.10:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Ad-logics : Cleaned.
:mozilla.275:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.276:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.277:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.278:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.19:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.20:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.59:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.60:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.82:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.83:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.84:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.80:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.48:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.284:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.285:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.151:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.152:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.165:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.166:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.170:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.173:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.174:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.175:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.176:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.56:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.261:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.262:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.263:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.289:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.181:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.184:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.11:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Texttbnru : Cleaned.
:mozilla.194:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.196:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.215:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.216:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.217:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.218:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.270:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.271:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Gilles\Cookies\gilles@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.13:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.279:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.280:C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

 

Logfile of HijackThis v1.99.1
Scan saved at 09:11:04, on 15/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Error Safe\ers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AOL 8.0b\waol.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\AOL 8.0b\aoltray.exe
C:\Program Files\AOL 8.0b\shellmon.exe
C:\Program Files\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GRATWEE - {4E7BD74F-2B8D-469E-D7FB-E878B587BD7D} - C:\WINDOWS\DOWNLO~1\gratwee.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
O4 - HKLM\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S /Q /R /L /A1 /B0 /C0 /D2 /E0
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Wspn] C:\Program Files\Wspn\wspn.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe\ers.exe /min
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\WINDOWS\System32\x10nets.exe

 

Panda ActiveScan report?

My Computer -> Tools -> Folder Options -> View tab -> Select Show Hidden Files and Folders.


Run a scan with hijackthis and place a check beside the following

O2 - BHO: GRATWEE - {4E7BD74F-2B8D-469E-D7FB-E878B587BD7D} - C:\WINDOWS\DOWNLO~1\gratwee.dll (file missing)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe\ers.exe /min
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe

Make sure all other windows are closed and click Fix Checked


=================================

Reboot into safe mode

Search for and delete the following Files and folders in bold

C:\Program Files\[bold]Error Safe[/bold]\

[bold]nvsc32.exe [/bold] <-Find by Start -> Search

Reboot to normal mode

========================================

Post a hjackthis log with the panda report

 

sorry i thought i had posted the panda one :



Incident Status Location

Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\PROGRA~1\ERRORS~1\flfxr15.dll
Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt[.fe.lea.lycos.fr/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gilles\Application Data\Mozilla\Firefox\Profiles\qotfd1ol.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Gilles\Cookies\gilles@247realmedia[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Gilles\Cookies\gilles@xiti[1].txt

 

DownLoad http://www.downloads.subratam.org/KillBox.zip

Copy these instructions to Notepad for safe mode.

Restart your computer into safe mode now. (keep tapping F8 on startup)

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the X button after you enter each file. It will ask for confimation to delete the file. Click Yes.

Note:

It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files.


C:\PROGRA~1\ERRORS~1\flfxr15.dll
C:\WINDOWS\system32\cd_clint.dll
C:\PROGRA~1\ERRORS~1\
C:\Program Files\Error Safe

Post a new hijackthis log

 

Logfile of HijackThis v1.99.1
Scan saved at 17:58:06, on 15/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security

Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\AOL 8.0b\aoltray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D

-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-

B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON

Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-

C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON

Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} -

(no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C}

- C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1

\WinDVR\WINSCH~1.EXE
O4 - HKLM\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S /Q

/R /L /A1 /B0 /C0 /D2 /E0
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers

communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26

"EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36

"EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus

CX3600"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1

\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe

SILENT
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Wspn] C:\Program Files\Wspn\wspn.exe
O4 - HKLM\..\Run: [RealTray] C:\Program

Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program

Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program

Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep

0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0

-u
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware

4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1

\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Gilles\LOCALS~1

\Temp\2006915175220_mcinfo.exe /insfin
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL

8.0b\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk =

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar -

res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Version de la page actuelle

disponible dans le cache Google - res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-

B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-

B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-

A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-

A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-

00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-

11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)

- http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class)

- https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo

Class) - https://www-

secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/m

cinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo

Upload Tool) -

http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom

MDDK ActiveX Control) - http://accueil.ava.serveur-

ava.com/stkid_data/ocx/mDKid.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267

.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup

Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mc

gdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader

Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat

Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program

Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware

Development a.s. - C:\Program Files\ewido anti-spyware 4.0

\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

Symantec Corporation - C:\Program Files\Norton

AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental)

(rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d

-f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec

Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

Symantec Corporation - C:\Program Files\Fichiers communs\Symantec

Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Program Files\Fichiers communs\Symantec Shared\Security

Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -

America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 -

C:\WINDOWS\System32\x10nets.exe

 

I just removed McAffee for a test, and it seems I have less problems while booting my computer... This program is a real shit do you know of better antiviruses escept photoshop?


Also, I had lots of problems with rebooting these days, and I didn't succeed in starting in safe mode, everytime I try, the keyboard gets frozen so I can't choose any option and I have to reboot once again

I also tried to reinstall windows, and didn''t succeed : when I run the cd while using windows, it says the version on the cd is earlier than the one I have now so it's not possible but I should reboot and start from the cd itself instead of windows, but when I do this it doesn't work either. I also tried to format the hard drive and it didn't work either...

Do you think all this is related to the already existing problem? Do you have an idea of what I should do, even if windows is going to run properly now, I might need an advice if I want to re-install later..

 

First rescan with hijackthis and make sure Wordwrap is not selected in notepad, i can't read the log like that.
get AVg free anit-virus.

 

I'm not sure what you mean by wordwrap, I guess it's "automatic reaturn to the line below if the sentence is larger than the window...


Logfile of HijackThis v1.99.1
Scan saved at 19:12:50, on 15/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
C:\WINDOWS\system32\NVAREM.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\x10nets.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AOL 8.0b\aoltray.exe
C:\Program Files\AOL 8.0b\waol.exe
C:\Program Files\AOL 8.0b\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
O4 - HKLM\..\Run: [NVIDIA Remote Control Panel] NVAREM.EXE /S /Q /R /L /A1 /B0 /C0 /D2 /E0
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Wspn] C:\Program Files\Wspn\wspn.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.fr.aol.com/molbin/shared/mcinsctl/fr/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.fr.aol.com/molbin/shared/mcgdmgr/fr/1,0,0,21/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EE044B2-D5F7-43D2-ABCA-D30FC9182443}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\WINDOWS\System32\x10nets.exe

 

In notepad, Format-> Wordwrap. It's fine now.

Your log is clean. As for antivirus,, make sure you have only one installed so if you install AVG, unistall Norton. What are things like now?

 

Thanks a lot, evertything seems to be completely ok now!!!
I still have those problems though :

1 / I still can go in safe mode, as my keyboard freezes when I try, but there's nothing I can do about it excepted buying another keyboard : I read in a french forum that It's because it's a usb connected keyboard...

2/ When I try to boot from a cd (like AVGantivirus rescue disk or even my windows restore cd), it just doesn't work and start windows normally (I type F11, then I have the menu with the blue square asking me from which drive I want to start, I select the cd and then Windows starts normally)

 

hello all ~ I simply wanted to say thank you for this information about roguescanfix. I ran it, with baited breath, & it is the only thing that worked. After hours of trying various products & other "tricks", this ereased my problem w/one fail swoop try. thank you ~ all of you ~ that post openly & honestly about products or sites that work. each one of you is greatly appreciated. debbie

 

Your welcome~ ^^; Anytime. ))

 

I have something id like to add.

I recently got this damn thing but I think it was an updated version. At first my IE could not go to any other page than the virus page itself and i got other "warnings" in the taskbar.

Lavasoft Ad-aware got rid of everything, including the processes, except this little bastard in the taskbar:



And it had the same standard issue "system detected virus activities blah blah blah..."

After some thorough investigation I found the culprit was vcehaeb.dll (in system32) To delete it i had to kill all instances of explorer.exe (process explorer; a wonderful alternative to task manager, told me explorer was handling the dll) Then I ran a simple progam (Mplay32) and used the file-->open dialog to locate and destroy the little bastard.

No more pop-up in the notifications area