HACKTOOL.ROOTKIT

Question

Hi, I'm a new member, who just caught this 'Hacktool.Rootkit' virus. Norton Antivirus tells me it's located in C:\Windows\spoolsv32.dll, that access to the file is denied, and that it can't repair it. Below is the log I obtained after installing/running 'HijackThis'. As other symptons, I have a much slower computer, and I don't seem to be able to print anything on my usual Canon printer (be it Word, WordPad, or else...). Your help will be greatly appreciated. QUOTE Logfile of HijackThis v1.99.1 Scan saved at 16:51:39, on 20/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla	fswctrl.exe C:\WINDOWS\system32undll32.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\Program Files\Fichiers communs\AOL\1159520790\ee\AOLSoftware.exe C:\WINDOWS\system32\lexpps.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AOL 9.0\aoltray.exe C:\PROGRA~1\Webshots\webshots.scr c:\program files\fichiers communs\aol\1159520790\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe c:\program files\fichiers communs\aol\1159520790\ee\aolsoftware.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Fichiers communs\Aol\aoltpspd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm4d.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\Tété\10137272.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] 'C:\Program Files\Dell\Media Experience\PCMService.exe' O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] 'C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe O4 - HKLM\..\Run: [UpdateManager] 'C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe' /r O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [ccApp] 'C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe' O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] 'C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe' O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] 'C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe' O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [Hot_Tarts] C:\Program Files\Video1\Dialers\Hot_Tarts\Hot_Tarts.exe /dontdial O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1159520790\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.fr/computercheckup/qdiagcc.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://lausanne-webcam2.rcv.ch/activex/AxisCamControl.cab O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://www.surftotalwebcam.com/ccams/SonySncRz25View.cab O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70A9CDD0-702E-48AB-979B-B4A2E7424F41}: NameServer = 205.188.146.145 O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe   UNQUOTE   Greetings,

1972vet · Answer

I don't think you have the HackToolRootKit virus. It's not showing up in your log but not always will we see any of the telltale signs in the log either for that matter. Your log does show a couple problems though.

There is a program available that can show if you have a Rootkit problem. It can be downloaded here:
RootkitRevealer
Important Note
Rename RootKitRevealer.exe to nailsetter.exe. The reason for this is that some rootkit trojans can detect this program and hide themselves from it.

Please boot into safe mode by doing the following:

1. Restart your computer

2. When the first black screen comes up, begin tapping the F8 key repeatedly until you see the "Advanced" log on menu.
3. Select the first option, to run Windows in Safe Mode.

When you are at the logon prompt, log in as an Administrator
Once in safe mode, continue with the instructions below:

Run a scan with RootKitRevealer and while the scan runs, do nothing else with the computer. Allow the scan to complete, then reboot back to your normal user mode. If the log shows that there are items hidden from the windows API, then you should continue with the instructions below:

Go here first and download and run the sysclean package. Read the instructions carefully.

Next, please download AproposFix and save it to your desktop. Extract it but don`t run it yet.

Boot into safe mode, under your normal user name this time, (NOT THE ADMINISTRATOR ACCOUNT). See how to do this here.

Open the aproposfix folder on your desktop and doubleclick RunThis.batand follow the prompts.

When the tool is finished, please reboot back into normal mode and post a new HijackThis log, along with the entire contents of the log.txtfile in the aproposfix folder.

As an interesting aside, it seems that ONLY people who run NAV/NORTON/SYMANTEC bloatware seem to be hit by this!

oueillarou · Answer

Hi, 1972vet, thanks for your answer. I'm having a (first...?) problem following your recommended steps:upon logging in Safe Mode as an administrator, when I try to launch RootKitRevealer (duly renamed as nailsetter.exe), I get the message 'this service cannot be run in Safe Mode'........is it because I have XP Professional? What can I do next? Greetings,

1972vet · Answer

I apologize for the out dated instruction to run RootKitRevealer in safe mode. This newest version of RKR will not run in safe mode as you have discovered.

It is also not necessary to rename the application as the update has taken into account the fact that malware authors have started targeting RootkitRevealer's scan by using its executable name.

They have therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. You will notice that in the "O23" section of the HJT log the next time you save one.

It is fine to run it in your normal user mode.

oueillarou · Answer

Hi, 1972vet, thanks again, your directions worked fine! I did run Sysclean since RootKitRevealer showed two hidden items, as well as the AproposFix. Here are the new HijackThis log and the AproposFix log:   Logfile of HijackThis v1.99.1 Scan saved at 14:37:10, on 22/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla	fswctrl.exe C:\WINDOWS\system32undll32.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\Program Files\Fichiers communs\AOL\1159520790\ee\AOLSoftware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe c:\program files\fichiers communs\aol\1159520790\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\fichiers communs\aol\1159520790\ee\aolsoftware.exe C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Fichiers communs\Aol\aoltpspd.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Pedro\Mes documents\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response.asp?MT=C&srch=5&prov=&utf8 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\Tété\10137272.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] 'C:\Program Files\Dell\Media Experience\PCMService.exe' O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] 'C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe O4 - HKLM\..\Run: [UpdateManager] 'C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe' /r O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [ccApp] 'C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe' O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] 'C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe' O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] 'C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe' O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [Hot_Tarts] C:\Program Files\Video1\Dialers\Hot_Tarts\Hot_Tarts.exe /dontdial O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1159520790\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://lausanne-webcam2.rcv.ch/activex/AxisCamControl.cab O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://www.surftotalwebcam.com/ccams/SonySncRz25View.cab O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70A9CDD0-702E-48AB-979B-B4A2E7424F41}: NameServer = 205.188.146.145 O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DQOLWYTGWFVQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DQOLWYTGWFVQ.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: QDWQZDRGUQL - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDWQZDRGUQL.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WVBPVVGF - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WVBPVVGF.exe O23 - Service: YVZNWZOVN - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YVZNWZOVN.exe       /--------------------------------------------------------------\ |                  Trend Micro System Cleaner                  | |              Copyright 2006, Trend Micro, Inc.               | |                   http://www.antivirus.com                   | \--------------------------------------------------------------/ 2006-10-22, 10:39:32,   Auto-clean mode specified. 2006-10-22, 10:39:32,   Running scanner 'C:\Documents and Settings\Pedro\Mes documents\TMP2\TSC.BIN'... 2006-10-22, 10:39:42,   Scanner 'C:\Documents and Settings\Pedro\Mes documents\TMP2\TSC.BIN' has finished running. 2006-10-22, 10:39:42,   TSC Log: Damage Cleanup Engine (DCE)  3.98(Build 1012) Windows XP(Build 2600: Service Pack 2) Start time : dim. oct. 22 2006 10:39:33 Load Damage Cleanup Template (DCT) 'C:\Documents and Settings\Pedro\Mes documents\TMP2	sc.ptn' (version 798) [success] Complete time : dim. oct. 22 2006 10:39:42 Execute pattern count(2960), Virus found count(0), Virus clean count(0), Clean failed count(0) 2006-10-22, 10:40:44,   An error was detected on 'C:\System Volume Information\*.*': Accès refusé. 2006-10-22, 10:57:20,   Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/22/2006 10:40:51 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 863 (137897 Patterns) (2006/10/21) (386300) Command Line: C:\Documents and Settings\Pedro\Mes documents\TMP2\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Pedro\Mes documents\TMP2 C:\Documents and Settings\Pedro\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1c609254-1b1afe28.zip (1/1 Viruses Found) 70711 files have been read. 70711 files have been checked. 62758 files have been scanned. 85850 files have been scanned. (including files in archived) 1 files containing viruses. Found 1 viruses totally. Maybe 0 viruses totally. Stop At : 10/22/2006 10:57:20 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-10-22, 10:57:20,   Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/22/2006 10:40:51 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 863 (137897 Patterns) (2006/10/21) (386300) Command Line: C:\Documents and Settings\Pedro\Mes documents\TMP2\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Pedro\Mes documents\TMP2 Success Clean [ JAVA_BYTEVER.BL](    1) from C:\Documents and Settings\Pedro\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-1c609254-1b1afe28.zip,(Dummy.class) 70711 files have been read. 70711 files have been checked. 62758 files have been scanned. 85850 files have been scanned. (including files in archived) 1 files containing viruses. Found 1 viruses totally. Maybe 0 viruses totally. Stop At : 10/22/2006 10:57:20 16 minutes 28 seconds (988.31 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-10-22, 10:57:20,   Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/22/2006 10:40:51 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 863 (137897 Patterns) (2006/10/21) (386300) Command Line: C:\Documents and Settings\Pedro\Mes documents\TMP2\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Pedro\Mes documents\TMP2 70711 files have been read. 70711 files have been checked. 62758 files have been scanned. 85850 files have been scanned. (including files in archived) 1 files containing viruses. Found 1 viruses totally. Maybe 0 viruses totally. Stop At : 10/22/2006 10:57:20 16 minutes 28 seconds (988.31 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-10-22, 10:57:20,   Scanner 'C:\Documents and Settings\Pedro\Mes documents\TMP2\VSCANTM.BIN' has finished running.   My computer runs better today, and I can print again....and I do agree with you that Norton Antivirus tends to 'dream up' stuff, sometimes..... Look forward to hearing from you.  Greetings,

1972vet · Answer

Your Java application is out of date and causes a slight security risk as a result.
Please follow these steps to remove older version Java components

1. Close any open programs you may have running, especially your web
browser.

2. Click Start-->Control Panel-->Add or Remove Programs.
For those just reading this thread:
Depending on your OS, you may have to click Start-->Settings-->Control Panel-->Add or Remove Programs.

3. Click once on any item listing Java Runtime Environment in the name (to highlight it) then click the "Remove" or "Change/Remove" button.
Not every version of Java will begin with "Java" so be sure to read each entry in the list.
Repeat step 3 as many times as necessary to remove all versions of Java.
**If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.

4. Navigate to and delete:

C:\Program Files\ Java =this folder if found

5. Then go to this page.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications"and click the "Download" button to the right.

6. Check the box that says: "Accept License Agreement" the page will refresh and click on the link to download Windows Offline Installation with or without Multi-language. Save it to your desktop.
Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.

Download and scan with AVG Anti-Spyware v7.5
( This is Ewido 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware)

After download, double click on the file to launch the install process.
Choose a language, click "OK" and then click "Next".
Read the "License Agreement" and click "I Agree".
Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".

Go to Start > Run and type: services.msc

Press "OK".
Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
When you find the guard service, double-click on it.
In the Properties Window > General Tab that opens, click the "Stop" button.
From the drop-down menu next to "Startup Type", click on "Manual".
Now click "Apply", then "OK" and close the Services window.
Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.

Once the updates are installed do the following:
Click on the " Scanner" button and choose the " Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
Under "How to Scan?" check all (default).
Under "Possibly unwanted software" check all (default).
Under "What to Scan?" make sure "Scan every file" is selected (default).
Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

Close the application and reboot the computer into Safe mode. Once in safe mode continue with the instructions below:

Open the AVG Anti-Spyware application and click the " Scan" tab.
Click " Complete System Scan" to start.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:

Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.
If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.

When the scan has finished you will be presented with a list of infected objects found. Click " Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate " No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

Click on " Save Report" to view all completed scans. Click on the most recent scan you just performed and select " Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\

Exit AVG Anti-Spyware when finished.

Next, please run HijackThis again and check the following:
Are you using a server in Marina del Rey, CA? If not, check the box next to this entry:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\Tt\10137272.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: C:\Program Files\Video1\Dialers\Hot_Tarts\Hot_Tarts.exe /dontdial

Are you using the server in Sterling, Va.? If not, put a check in the box next to this entry:
O17 - HKLM\System\CCS\Services\Tcpip\..\{70A9CDD0-702E-48AB-979B-B4A2E7424F41}: NameServer = 205.188.146.145

Close all windows now except for the HijackThis application window then click Fix Checked.

Locate and delete the following files/folders indicated in Bold text:
C:\Documents and Settings\ Tt\10137272.dll
and reboot back to your normal user mode.
C:\Program Files\ Video1\Dialers\Hot_Tarts\Hot_Tarts.exe

Reboot the computer and post a fresh HijackThis log along with the log from your AVG Anti-spyware scan. Thanks!

oueillarou · Answer

Hi,1972vet, here are the two new logs. However, I had some difficulty understanding the end portion of your message, because a)the requests to check boxes next to entries re using a server in Marina del Rey, Ca;, or Sterling,Va., were not fulfilled, I couldn't locate the entries!! Does this apply to me, anyway, I live in France?, and b) my HijackThis window does not have aFIX CHECKED box, and c) neither the Tt\10137272.dll nor the Dialers\Hot_Tarts\Hot_Tarts.exe folders/files were present in my computer. Do I need to redo/restart something?

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 20:14:28 23/10/2006

+ Résultat de l'analyse:

C:\RECYCLER\S-1-5-21-2883731579-1623120206-3794658622-1006\Dc533.IE5\43PFYANH\Setup[1].exe -> Adware.180Solutions : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2883731579-1623120206-3794658622-1006\Dc534.tmp -> Adware.180Solutions : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP546\A0229159.exe -> Adware.180Solutions : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP598\A0243935.exe -> Adware.180Solutions : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-2883731579-1623120206-3794658622-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP598\A0243934.dll -> Adware.Agent : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\HDPlugin1101.dll -> Adware.Gator : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2883731579-1623120206-3794658622-1006\Dc509.exe -> Adware.Trymedia : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP592\A0238049.exe -> Adware.Trymedia : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP593\A0238843.exe -> Adware.Trymedia : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP594\A0239637.exe -> Adware.Trymedia : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP595\A0240643.exe -> Adware.Trymedia : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP596\A0241438.exe -> Adware.Trymedia : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP546\A0229160.dll -> Adware.Zango : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Video1\Dialers -> Dialer.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Video1\Dialers\Hot_Tarts -> Dialer.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-2883731579-1623120206-3794658622-1006\Software\Video1\Dialers -> Dialer.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-2883731579-1623120206-3794658622-1006\Software\Video1\Dialers\Hot_Tarts -> Dialer.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP612\A0246605.dll -> Hijacker.Agent.hz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP616\A0249704.exe -> Hijacker.Small.df : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP619\A0250849.exe -> Hijacker.Small.df : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Denis\Cookies\denis@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@totalvid.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@solmeliahotels.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@122.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@aolfr.122.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@z1.adserver[1].txt -> TrackingCookie.Adserver : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\TEMP\Cookies\tété@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\TEMP\Cookies\tété@servedby.advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\TEMP\Cookies\tété@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\TEMP\Cookies\tété@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@clickbank[1].txt -> TrackingCookie.Clickbank : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@com[2].txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\TEMP\Cookies\tété@com[2].txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@com[1].txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@dpreview-cnet.com[1].txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@bilbo.counted[2].txt -> TrackingCookie.Counted : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\TEMP\Cookies\tété@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@as-us.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\TEMP\Cookies\tété@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@ehg-idg.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@ehg-simon.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@ehg-yamahacanadamusic.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@hypertracker[1].txt -> TrackingCookie.Hypertracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@ilead.itrack[1].txt -> TrackingCookie.Itrack : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@ivwbox[2].txt -> TrackingCookie.Ivwbox : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\TEMP\Cookies\tété@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@stat.onestat[2].txt -> TrackingCookie.Onestat : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@data1.perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@paycounter[2].txt -> TrackingCookie.Paycounter : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@paycounter[1].txt -> TrackingCookie.Paycounter : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@edge.ru4[2].txt -> TrackingCookie.Ru4 : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@sexlist[2].txt -> TrackingCookie.Sexlist : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter1.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter12.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter14.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter5.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter7.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\TEMP\Cookies\tété@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@spylog[1].txt -> TrackingCookie.Spylog : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@webstat[1].txt -> TrackingCookie.Web-stat : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@web-stat[2].txt -> TrackingCookie.Web-stat : Nettoyé.
C:\Documents and Settings\Denis\Cookies\denis@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\TEMP\Cookies\tété@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Documents and Settings\TEMP\Cookies\tété@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@free.wegcash[2].txt -> TrackingCookie.Wegcash : Nettoyé.
C:\Documents and Settings\Pedro\Cookies\pedro@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\Tété\Cookies\tété@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.

Fin du rapport

Greetings,

oueillarou · Answer

Here's the HijackThis log:   Logfile of HijackThis v1.99.1 Scan saved at 20:20:47, on 23/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Documents and Settings\Pedro\Mes documents\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response.asp?MT=C&srch=5&prov=&utf8 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\Tété\10137272.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] 'C:\Program Files\Dell\Media Experience\PCMService.exe' O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] 'C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe O4 - HKLM\..\Run: [UpdateManager] 'C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe' /r O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [ccApp] 'C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe' O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] 'C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe' O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] 'C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe' O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [Hot_Tarts] C:\Program Files\Video1\Dialers\Hot_Tarts\Hot_Tarts.exe /dontdial O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1159520790\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe' O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin
pjpi150_09.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin
pjpi150_09.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://lausanne-webcam2.rcv.ch/activex/AxisCamControl.cab O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://www.surftotalwebcam.com/ccams/SonySncRz25View.cab O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DQOLWYTGWFVQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DQOLWYTGWFVQ.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: QDWQZDRGUQL - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDWQZDRGUQL.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WVBPVVGF - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WVBPVVGF.exe O23 - Service: YVZNWZOVN - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YVZNWZOVN.exe     Greetings,

1972vet · Answer

Quote: I had some difficulty understanding the end portion of your message, because a)the requests to check boxes next to entries re using a server in Marina del Rey, Ca;, or Sterling,Va., were not fulfilled, I couldn't locate the entries!! Does this apply to me, anyway, I live in France?, and... b) my HijackThis window does not have aFIX CHECKED box, and c) neither the Tt\10137272.dll nor the Dialers\Hot_Tarts\Hot_Tarts.exe folders/files were present in my computer. Do I need to redo/restart something? My my...how to answer this one lol.After you run your HijackThis application to scan and save a log, click the log closed and you are left with the HijackThis application window remaining open. Look to the bottom left and locate the button labeled Fix checked. That is the button you need to click after you've located the entries that I noted.Since you are in France, you would most definately want to check the boxes next to the entries that I noted for you that indicate a server in Marina del Rey Ca. and Sterling Va...and the entries for the Tt\10137272.dll and Hot_Tarts.exe are plainly visible on my screen when I look at the log you posted. If you cannot locate them in your log you will not be able to remove them from your computer.Please post back when you've located them in your log. Thanks!

oueillarou · Answer

Sorryyyy!!!  I was going 'too fast', i.e. I was saving the log (which shows no boxes) and ignoring the post-scan HijackThis window, which has all the goodies you were mentioning......I don't know, it must be the time-zone difference (Ha!Ha!)...... Please bear with me! Now that I've done things again the proper way, here's the latest log:   Logfile of HijackThis v1.99.1 Scan saved at 13:36:42, on 24/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Pedro\Mes documents\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response.asp?MT=C&srch=5&prov=&utf8 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [PCMService] 'C:\Program Files\Dell\Media Experience\PCMService.exe' O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] 'C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe' O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe O4 - HKLM\..\Run: [UpdateManager] 'C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe' /r O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [ccApp] 'C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe' O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Dell AIO Printer A920] 'C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe' O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] 'C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe' O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1159520790\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe' O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://lausanne-webcam2.rcv.ch/activex/AxisCamControl.cab O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://www.surftotalwebcam.com/ccams/SonySncRz25View.cab O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DQOLWYTGWFVQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DQOLWYTGWFVQ.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: QDWQZDRGUQL - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDWQZDRGUQL.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WVBPVVGF - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WVBPVVGF.exe O23 - Service: YVZNWZOVN - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YVZNWZOVN.exe   Greetings,

1972vet · Answer

That log looks clean. How's it running now?

oueillarou · Answer

Hi, 1972vet, everything looks perfect now, my computer perfo is far,far better than before....I really owe you one!!!! Just one last question: my Internet access provider software keeps telling me that I should update the Sun Java files. Weren't they disabled at some point? What should I do now? Again, tons of thanks from this side of the pond! Greetings,

1972vet · Answer

You've already updated the Java to v9. There is no newer update. You're good to go. You can tell your ISP software to take a hike if you like because I have no idea why it would give you such a warning message.

oueillarou · Answer

THANKS !   (and bye for now...)

1972vet · Answer

You can delete the AproposFix utility we used.

Now that your system is clean, let's create a new restore point.
Please click "Start > Programs > Accessories > System Tools > System Restore"
In the new window, check the 'Create a restore point' in the right pane and click "Next".
In the "Restore point description" textbox, name your restore point to something you will easily recognize. I recommend something like yyyymmdd_Clean (ex. 20060101_Clean)
Click "Create" and reboot your computer.

In the future, there are some things you can do to prevent spyware infections:

Install the following freeware programs:
SpywareGuard
Spywareblaster

Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

If you do not have a firewall, here are a couple freeware firewalls you can install:
Kerio Personal Firewall
Zone Alarm

Stay updated with the most recent Windows patches using
Microsoft's Windows Update.

Using an alternate browser can reduce your chance of certain infections installing themselves. We recommend installing Mozilla Firefox from http://www.mozilla.org

If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

Run CCleaner often
or Disk Cleanup ("Start > Programs > Accessories > System Tools > Disk Cleanup" ) and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files

So how did I get infected in the first place?
Regards, and Happy Surfing!

oueillarou · Answer

Great advice! I've done it all, and I feel more protected, to the (small)  price of a daily chore.... The site 'So how did I get infected...' is both enlightening and distressing...will we ever win? On a very personal basis: USCG guys are the best!!!! I know what I'm talking about, my retired boss was one, and his son still is (I believe).......thanks again for all your time. Greetings,                   Pedro

Virus & Spyware

HACKTOOL.ROOTKIT

Was this post helpful?