954,242 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
3 Years Ago
0

mp3 codec virus

I was listening to an album when windows media player suddenly stopped playing and asked me to update some driver (mp3 codec)... Stupidly, I said yes without thinking about it.

Few moments after, my computer was having non stop popus or advertisement about virus, some stuff about anti virus 2008 or something like this. At the moment I am typing this, I've got a popup with a big red X saying "Windows security alert" as the title.. It says : Windows has detected an Internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking attepmts and spyware! clich here to download spyware remover for total protection. (I have to choose between OK and Cancel, and I always choose Cancel, of course).

I also have a flashing icon next to the clock with an X in some red square around it. Sometimes, a popup will come out from that icon as well. Ir says "System Alert....".

If I use ctrl+alt+del, I've got an error saying I can access anything because of the administrator (that was me...).

I also receive a Spyware Alert popup regularly about Worm. Win32.Netbooster being detected on my machine.

I've run Spybot and AVG and deleted everything I could. At first, I got a "Virus detected" or something like this right next to the clock in the bottom bar of windows XP but now it's gone. The same 3 icons keep reappearing on my desktop even If I delete them (system error fixer, protect your privacy and malware defender)

What should I do next?

thank you VERY MUCH!!

Attachments virus.JPG 56.9KB
BigM1ke
Light Poster
35 posts since Apr 2005
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

I've installed and run Super Anti Spyware and removed a ton of bad stuffs.. but it seems some stuff are still there since the "VIRUS ALERT!" is still present next to my clock in the bottom bar of windows.

All the popups seems to be gone now though!

BigM1ke
Light Poster
35 posts since Apr 2005
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

Hi BigMike and welcome to daniweb.
You need to first do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Finally please do this also. Download HiJackThis Please run a Full System scan with HiJackThis. When it is complete Save the log.
Post back here with all three requested logs and we will decide if other steps should be taken.
Judy

jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
 
3 Years Ago
0

Alright, I'm going to bed but in 7 hrs I should be able to complete this!

BigM1ke
Light Poster
35 posts since Apr 2005
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

No problem Mike, I will check back here tomorrow.
Judy

jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
 
3 Years Ago
0

Here are the 3 logs as requested.

I can now access the task manager when using ctrl+alt+del but the "VIRUS ALERT!" is still present next to the clock in the bottom bar.

Thank you very much for your time so far :)

Attachments log.txt (0.72KB) mbam-log-2008-10-02_(00-43-08).txt (5.16KB) hijackthis.txt (7.41KB)
BigM1ke
Light Poster
35 posts since Apr 2005
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

I will be back in 6 or 7 hours again! Thanks again!

BigM1ke
Light Poster
35 posts since Apr 2005
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

Looks pretty good Mike.
Did you set the restrictions shown here in your HJT log?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
I would advise that you download and run ATF-Cleaner by atribune to remove all your temp files.
Download it to your desktop for easy access.
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.
Your Java is out of date and definitely should be updated.
Download the OFFLINE install from HERE and save it to the desktop.
Once you have it downloaded then go to Add/Remove and Uninstall ALL previous versions of Java found there.
Reboot your computer.
Then click that Java install icon on the desktop to install the newest version.
Once the install is complete then go back to the Java Download page and on the right side you will see Verify Now. Click that to verify that the installation was complete.
I would recommend that you also download and install a MUST have security program called SpywareBlaster from javacoolsoftware. An EXCELLENT and FREE program which will do the following;



* Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
* Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
* Restrict the actions of potentially unwanted sites in Internet Explorer.


Download, install, update and ENABLE all protection. Then CLOSE the program. It DOES NOT run in the background but provides a huge amount of protection.
I would advise also that you KEEP the MBA-M program. Run it at least weekly to remove any nasty items found, though with SpywareBlaster you will probably find few to none.
Be sure to UPDATE MBA-M each time before you run a scan. By the way, for general weekly scanning with it just the Quick Scan setting is probably enough. If you see some problems developing the do the Full Scan.
Judy

jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
 
3 Years Ago
0

I've done everything but the "VIRUS ALERT!" is still present in the windows bottom bar next to the clock. When using MSN, I also see the VIRUS ALERT! when speaking to someone next to my name in the conversation window each line.

Also, since deleting and installing the new Java, some webpages are all messed up, like this one...

Any help?

BigM1ke
Light Poster
35 posts since Apr 2005
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

Ok Mike, there is obviously more working here than shows in any of the logs.
There are a couple "odd" entries, that supposedly are legit listings but I have never seen before in any log that I do question.

Did you place the restrictions shown in this entry? This isn't one of the odd ones, I have seen this before but need to know if YOU did this.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Did you reboot the system IMMEDIATELY after running MBA-M?
Where are you located?
Are you familiar with the following;
Tax Administration of the Republic of Slovenia. ?

I DO need the answers to those questions.


Download Smitfraudfix to the desktop.
* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
* Double-click SmitfraudFix.exe
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. Go ahead and allow the system to reboot. The report can be found at the root of the system drive, usually at C:\rapport.txt
Please post that log here, just copy/paste do not attach.
Judy

jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
 
3 Years Ago
0

I live in Quebec, Canada.
I have no clue about those restrictions of Internet explorer.. so I guess I didn't do it?? I use Firefox anyway!

I rebooted my system after using MBA-M.

I am not familiar at all with those tax administration of the republic of Slovenia!!!

BigM1ke
Light Poster
35 posts since Apr 2005
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

Hey! The webpages are now showing correctly and I have done absolutely nothing! That's one problem solved!

I will do the SmitfraudFix steps in 1 or 2 hours and get back to you!
Thank again, I really appreciate it!

BigM1ke
Light Poster
35 posts since Apr 2005
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

After you run that Smitfraudfix, post me a new HJT scan log too please.
Judy

jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
 
3 Years Ago
0

I think everything is fine now! :)
The VIRUS ALERT! is gone!!
Sorry I can't attach any files!!!
The 2nd post below is kinda f'd up :(

-----------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:31, on 2008-10-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://emom1ke.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196392741015
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196392717171
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://emom1ke.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Image Worker (windownetpker) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe (file missing)

--
End of file - 6716 bytes

BigM1ke
Light Poster
35 posts since Apr 2005
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0
Attachments smitfraudfix.txt (264.71KB)
BigM1ke
Light Poster
35 posts since Apr 2005
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

I can't attach any files.. that's weird!

BigM1ke
Light Poster
35 posts since Apr 2005
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

Not a problem we would rather not have to open attachments anyway.
Can you run a new MBA-M scan and fix anything found and then post that log?
Judy

jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
 
3 Years Ago
0

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1225
Windows 5.1.2600 Service Pack 2

2008-10-03 15:05:19
mbam-log-2008-10-03 (15-05-19).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 86281
Temps écoulé: 27 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

BigM1ke
Light Poster
35 posts since Apr 2005
Reputation Points: 10
Solved Threads: 0
 
3 Years Ago
0

Mike,
Go into Safe Mode and look for the following;
C:\Program Files\Internet Cleaner\
If you find that entry, delete it.

Reboot to normal mode and then can you run HJT again and put a check mark next to the following entries;

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (HKCU)
O23 - Service: Window Image Worker (windownetpker) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe (file missing)


Once you have place the check mark click the Fix Checked button.
Exit HJT.
Reboot and run a new HJT scan and post that log here.
Judy

jholland1964
Posting Expert
Moderator
5,785 posts since Jul 2008
Reputation Points: 725
Solved Threads: 340
 
3 Years Ago
0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:06, on 2008-10-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://emom1ke.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196392741015
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196392717171
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://emom1ke.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Image Worker (windownetpker) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe (file missing)

--
End of file - 6186 bytes

BigM1ke
Light Poster
35 posts since Apr 2005
Reputation Points: 10
Solved Threads: 0
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed