# Solved: "your privacy is in danger" plz help!



## feverish (Jul 4, 2007)

hey can you please help me i got some kind of virus or spyware and i keep getting pop-ups, saying i need to download an antispyware software + my desktop is a big ugly thing saying your privacy is in danger + my comp is getting real slow its annoying
here is my HJT file ;thanks so much for helping me!

Logfile of HijackThis v1.99.1
Scan saved at 00:01:20, on 06/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\WINDOWS\ddesupport.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?deb1611fd58344acb9ea8c9e26e76c74
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?deb1611fd58344acb9ea8c9e26e76c74
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127788577339
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8A18A94-35CC-4686-B607-4E3744FA9284}: NameServer = 67.69.184.7 67.69.184.159
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msole - {3985D087-E523-44B1-82A6-756E937B440B} - C:\WINDOWS\msole.dll
O21 - SSODL: msdde - {52E05A98-6689-4C9C-A55E-4F723BBB9C6A} - C:\WINDOWS\msdde.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe


----------



## MFDnNC (Sep 7, 2004)

You have AntiVir and AVast - remove one - you only want one active AV on a system
========
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download *SmitfraudFix* (by *S!Ri*)
Extract the content (a *folder* named *SmitfraudFix*) to your Desktop.

Next, please reboot your computer in *Safe Mode* by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the *SmitfraudFix* folder again and double-click *smitfraudfix.cmd*
Select option #2 - *Clean* by typing *2* and press "*Enter*" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing *Y* and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if *wininet.dll* is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing *Y* and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at *C:\rapport.txt*

Warning: running option #2 on a non infected computer will remove your Desktop background.
=================

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
·	It will ask if you want to update the program definitions, click Yes.
·	Under Configuration and Preferences, click the Preferences button.
·	Click the Scanning Control tab.
·	Under Scanner Options make sure the following are checked:
o	Close browsers before scanning
o	Scan for tracking cookies
o	Terminate memory threats before quarantining.
o	Please leave the others unchecked.
o	Click the Close button to leave the control center screen.
·	On the main screen, under Scan for Harmful Software click Scan your computer.
·	On the left check C:\Fixed Drive.
·	On the right, under Complete Scan, choose Perform Complete Scan.
·	Click Next to start the scan. Please be patient while it scans your computer.
·	After the scan is complete a summary box will appear. Click OK.
·	Make sure everything in the white box has a check next to it, then click Next.
·	It will quarantine what it found and if it asks if you want to reboot, click Yes.
·	To retrieve the removal information for me please do the following:
o	After reboot, double-click the SUPERAntispyware icon on your desktop.
o	Click Preferences. Click the Statistics/Logs tab.
o	Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o	It will open in your default text editor (such as Notepad/Wordpad).
o	Please highlight everything in the notepad, then right-click and choose copy.
·	Click close and close again to exit the program.
·	Please paste that information here for me *with a new HijackThis log*.

This will take some time!!!!!!!!


----------



## feverish (Jul 4, 2007)

thank you very much ill follow your instructions and get back to you as soon as possible..
thanks!!


----------



## feverish (Jul 4, 2007)

hey
so I uninstalled Avast as you told me, i downloaded and ran smitfraudfix , and here is my Smitfraudfix report followed by my new hijackthis log... 
i didnt quite understand...do you need a superantispyware along with these??
thanks for your help ill wait for your next instructions.

SFF report:
SmitFraudFix v2.200

Rapport fait à 0:47:04,06, 07/07/2007
Executé à partir de C:\Documents and Settings\Benjamin et Thomas\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{94524218-9af3-4643-9687-cbc2880e54da}"="*******"

[HKEY_CLASSES_ROOT\CLSID\{94524218-9af3-4643-9687-cbc2880e54da}\InProcServer32]
@="C:\WINDOWS\system32\nuqjici.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{94524218-9af3-4643-9687-cbc2880e54da}\InProcServer32]
@="C:\WINDOWS\system32\nuqjici.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\main_uninstaller.exe supprimé
C:\WINDOWS\msole.dll supprimé
C:\WINDOWS\privacy_danger\ supprimé
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\Online Security Guide.url supprimé
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\Security Troubleshooting.url supprimé
C:\Program Files\VirusProtectPro 3.3\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{65BFA024-E8F8-4BCA-BEAA-4D8EBACC7693}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{65BFA024-E8F8-4BCA-BEAA-4D8EBACC7693}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{65BFA024-E8F8-4BCA-BEAA-4D8EBACC7693}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

HJT log file:
Logfile of HijackThis v1.99.1
Scan saved at 00:56:01, on 07/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\c759407fceb9149391389903edb961ba\upd

ate\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Liens
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program

Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers

communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar4.dll
O2 - BHO: CmjBrowserHelperObject Object -

{AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager

6\Mm6InternetExplorer.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper -

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live

Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google

Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition

Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager

6\MMReminderService.exe
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"

/background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program

Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan -

res://C:\Program Files\Windows Live

Toolbar\Components\fr-ca\msntabres.dll.mui/229?deb1611fd58344acb9ea8c9e26e76c

74
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan -

res://C:\Program Files\Windows Live

Toolbar\Components\fr-ca\msntabres.dll.mui/230?deb1611fd58344acb9ea8c9e26e76c

74
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager -

{531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager

6\Mm6InternetExplorer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -

http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer

ActiveX Control version 3) -

https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -

http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s

ite.cab?1127788577339
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient

Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -

http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{E8A18A94-35CC-4686-B607-4E3744FA9284}:

NameServer = 67.69.184.7 67.69.184.159
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers

communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) -

Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira

GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google

Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program

Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner -

C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe


----------



## MFDnNC (Sep 7, 2004)

Yes run SAS and the post its log and a hijack log


----------



## feverish (Jul 4, 2007)

Generated 07/08/2007 at 02:37 AM
Application Version : 3.9.1008
Core Rules Database Version : 3266
Trace Rules Database Version: 1277
Scan type : Complete Scan
Total Scan Time : 07:45:03
Memory items scanned : 442
Memory threats detected : 0
Registry items scanned : 4750
Registry threats detected : 12
File items scanned : 178198
File threats detected : 284

Trojan.Media-Codec/V3
HKLM\Software\Classes\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}
HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}
HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}#xxx
HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}\InprocServer32
HKCR\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar#UninstallString

Adware.Tracking Cookie
C:\Documents and Settings\Benjamin et Thomas\Cookies\benjamin et [email protected][2].txt
C:\Documents and Settings\Benjamin et Thomas\Cookies\benjamin et [email protected][1].txt
C:\Documents and Settings\Benjamin et Thomas\Cookies\benjamin et [email protected][1].txt
C:\Documents and Settings\Benjamin et Thomas\Cookies\benjamin et [email protected][2].txt
C:\Documents and Settings\Marc et Dodo\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected]s.ak.facebook[2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][1].txt
C:\Documents and Settings\Marc et Dominique\Cookies\marc et [email protected][2].txt

Desktop Hijacker.AboutYourPrivacy
C:\Documents and Settings\Benjamin et Thomas\Favoris\Error Cleaner.url
C:\Documents and Settings\Benjamin et Thomas\Favoris\Privacy Protector.url
C:\Documents and Settings\Benjamin et Thomas\Favoris\Spyware&Malware Protection.url
C:\RECYCLER\S-1-5-21-1004336348-573735546-839522115-1005\DC494\IMAGES\CAPT.GIF
C:\RECYCLER\S-1-5-21-1004336348-573735546-839522115-1005\DC494\IMAGES\DANGER.JPG
C:\RECYCLER\S-1-5-21-1004336348-573735546-839522115-1005\DC494\IMAGES\DOWN.GIF
C:\RECYCLER\S-1-5-21-1004336348-573735546-839522115-1005\DC494\INDEX.HTM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP569\A0033031.DLL

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\BENJAMIN ET THOMAS\BUREAU\PHANDLER.PHP.URL

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP564\A0031605.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP566\A0032686.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP567\A0032801.EXE

Malware.VirusProtectPro
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP564\A0032593.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP566\A0032726.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP566\A0032727.ICO

Malware.SpywareNuker
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP567\A0032821.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP567\A0032832.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP568\A0032870.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP569\A0032894.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP569\A0032907.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP569\A0033056.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP570\A0033172.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP570\A0033177.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\PSHOOK11.SYS

Malware.Ultimate Defender
C:\SYSTEM VOLUME INFORMATION\_RESTORE{6A5C28CE-6EF8-49FF-B3CE-04661F1C7597}\RP569\A0033057.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\8T6JBBX2\2006[2].htm
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\AHD6NIT0\2006[1].htm
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\RTOKGB77\2006[1].htm
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\8T6JBBX2\2006[1].htm
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\4TUV4L6N\2006[1].htm
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\XQ3XLAW2\2006[1].htm
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\G7ZLR83U\favicon[1].ico
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\4TUV4L6N\WinAntiVirusPro2007FreeInstall_fr[1].cab
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\G7ZLR83U\sep[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\RTOKGB77\what[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\C1YJ0DY7\ico[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\W3PFMQ79\download[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\GPQJC5AJ\h1_bg[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\LFFJLTWE\table-2[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\63C5E107\local[1].css
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\173JD9WE\checksoft[1].js
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\K7L32QZ1\btn_company[1].jpg
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\8T6JBBX2\main[2].css
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\016F4LMV\btn_buynow[1].jpg
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\GPQJC5AJ\h2_bg[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\XQ3XLAW2\pointer[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\63C5E107\dvd[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\GPQJC5AJ\hd[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\AHD6NIT0\bot_r[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\0X2Z016Z\side-left[1].jpg
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\C1YJ0DY7\table-3[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\LFFJLTWE\main_bg[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\W3PFMQ79\functions.js[1].htm
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\O1A7416V\bot_bg[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\8PTGKS2I\3[1].htm
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\81QZGT2V\detector[1].htm
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\8T6JBBX2\logotype[1].jpg
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\173JD9WE\btn_buy[1].jpg
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\173JD9WE\btn_affiliates[1].jpg
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\GPQJC5AJ\btn_overview[1].jpg
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\RTOKGB77\corner-left[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\C1YJ0DY7\index[7].htm
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\8PTGKS2I\log2[1].jpg
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\XQ3XLAW2\line[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\63C5E107\10-30935822[1].htm
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\0X2Z016Z\anim[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\173JD9WE\2006[1].htm
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\RTOKGB77\px.winantispyware[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\8PTGKS2I\slogan[1].jpg
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\LFFJLTWE\button2[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\RHECZWXF\small-part-c[1].jpg
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\RTOKGB77\cd[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\8T6JBBX2\table-4[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\016F4LMV\logo[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary


----------



## feverish (Jul 4, 2007)

(the post was too long so here's the end of the scan, followed by the hjt log )

Internet Files\Content.IE5\016F4LMV\top_pic_new2[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\4TUV4L6N\navv_bg[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\XQ3XLAW2\btn_freescan[1].jpg
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\4TUV4L6N\small-part-b[1].jpg
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\AHD6NIT0\spacer[2].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\XQ3XLAW2\shield[1].gif
C:\Documents and Settings\Benjamin et Thomas\Local Settings\Temporary Internet Files\Content.IE5\81QZGT2V\list[1].gif
C:\Documents and Settings\Marc et Dominique\Local Settings\Temporary Internet Files\Content.IE5\EHSXQPSX\WinAntiVirusPro2007FreeInstall_fr[1].cab

Logfile of HijackThis v1.99.1
Scan saved at 11:47:15, on 08/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\MATLAB701\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?deb1611fd58344acb9ea8c9e26e76c74
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?deb1611fd58344acb9ea8c9e26e76c74
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127788577339
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8A18A94-35CC-4686-B607-4E3744FA9284}: NameServer = 67.69.184.7 67.69.184.159
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe


----------



## MFDnNC (Sep 7, 2004)

Clean








If you feel its is fixed mark it solved via Thread Tools above

Turn off restore points, boot, turn them back on  heres how

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

This clears infected restore points and sets a new, clean one.


----------

