Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trying to get rid of Scam Spyware Scanner's Icon [RESOLVED]

Started by annasam , Oct 06 2008 07:46 AM

  • This topic is locked This topic is locked

#31
annasam
Posted 01 November 2008 - 12:06 AM

annasam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
This is it for Dr. Web cureit:
Previously there were about 3 trojans or more that showed up.

Dd5.exe\32788R22FWJFW\C.bat;D:\RECYCLER\S-1-5-21-1244415343-2781019192-2759660628-1007\Dd5.exe;Probablement BATCH.Virus;;
A0036819.exe\32788R22FWJFW\C.bat;D:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP235\A0036819.exe;Probablement BATCH.Virus;;
A0038198.exe\32788R22FWJFW\C.bat;D:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP239\A0038198.exe;Probablement BATCH.Virus;;
A0041187.exe\32788R22FWJFW\C.bat;D:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP248\A0041187.exe;Probablement BATCH.Virus;;
Dd5.exe\32788R22FWJFW\psexec.cfexe;D:\RECYCLER\S-1-5-21-1244415343-2781019192-2759660628-1007\Dd5.exe;Program.PsExec.171;;
A0036819.exe\32788R22FWJFW\psexec.cfexe;D:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP235\A0036819.exe;Program.PsExec.171;;
A0038198.exe\32788R22FWJFW\psexec.cfexe;D:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP239\A0038198.exe;Program.PsExec.171;;
A0041187.exe\32788R22FWJFW\psexec.cfexe;D:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP248\A0041187.exe;Program.PsExec.171;;
Dd5.exe;D:\RECYCLER\S-1-5-21-1244415343-2781019192-2759660628-1007;L'archive contient des éléments infectés;Quarantaine.;
A0036819.exe;D:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP235;L'archive contient des éléments infectés;Quarantaine.;
A0038198.exe;D:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP239;L'archive contient des éléments infectés;Quarantaine.;
restart.exe;D:\RECYCLER\S-1-5-21-1244415343-2781019192-2759660628-1007\Dd17\SmitfraudFix;Tool.ShutDown.11;Renommé.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Renommé.;
Process.exe;D:\RECYCLER\S-1-5-21-1244415343-2781019192-2759660628-1007\Dd17\SmitfraudFix;Tool.Prockill;Renommé.;
C.bat;C:\RECYCLER\S-1-5-21-1244415343-2781019192-2759660628-1007\Dc3;Probablement BATCH.Virus;Supprimé.;
A0036741.bat;C:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP234;Probablement BATCH.Virus;Renommé.;
A0036779.bat;C:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP235;Probablement BATCH.Virus;Renommé.;
A0036822.bat;C:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP235;Probablement BATCH.Virus;Renommé.;
A0036861.bat;C:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP236;Probablement BATCH.Virus;Renommé.;
A0038148.bat;C:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP239;Probablement BATCH.Virus;Renommé.;
A0038170.bat;C:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP239;Probablement BATCH.Virus;Renommé.;
A0038201.bat;C:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP239;Probablement BATCH.Virus;Renommé.;
A0038239.bat;C:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP240;Probablement BATCH.Virus;Renommé.;
Silent Runners.vbs;D:\MON_BUREAU\Natalie's stuff;Probablement BATCH.Virus;Renommé.;
A0041187.exe;D:\System Volume Information\_restore{4082E8D7-9644-473F-8C5C-4404D9D84135}\RP248;L'archive contient des éléments infectés;Renommé.;
  • 0

Advertisements

#32
Thunderbird1988
Posted 03 November 2008 - 06:56 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello annasam,

Do you still have that icon? Adn what happens if you double click on it?

Please post also a new Hijackthislog.

Thunderbird1988
  • 0

#33
annasam
Posted 03 November 2008 - 07:42 AM

annasam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Yes I still have the icon. If I click it asks me if I want to download their software to protect my comp from viruses. I have an option of downloading a rapid installation or a personal installation. I am sure that it is just a bunch of spyware. The icon is a yellow sheild with a black exclamation point in the middle of it.

annasam
  • 0

#34
Thunderbird1988
Posted 04 November 2008 - 01:33 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Annasam,

Please download an updated version of SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Thunderbird1988
  • 0

#35
annasam
Posted 04 November 2008 - 05:45 AM

annasam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
This is the report for SmitFraud:


SmitFraudFix v2.371

Rapport fait à 12:38:36,96, 04/11/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BORJA Elisabeth


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BORJAE~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\BORJA Elisabeth\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BORJAE~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="https://a248.e.akama.../ma_mail_1.gif"
"SubscribedURL"="https://a248.e.akama.../ma_mail_1.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS3\Services\Tcpip\..\{2D4A56F6-5405-4E91-BB9C-43D8DA42AF85}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
  • 0

#36
Thunderbird1988
Posted 05 November 2008 - 01:57 PM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello annasam,

Please download the newest version of Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.

Thunderbird1988
  • 0

#37
Thunderbird1988
Posted 05 November 2008 - 03:47 PM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Annasam,

Please also download the new Windows Updates. To do this, start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

After you have updated your computer, please let me know if the icon is gone.

Thunderbird1988
  • 0

#38
annasam
Posted 10 November 2008 - 05:34 PM

annasam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here are the results from Maleware. It didnt find any infections:

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2

10/11/2008 23:39:57
mbam-log-2008-11-10 (23-39-57).txt

Scan type: Quick Scan
Objects scanned: 44906
Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Here are the results from runscanner:

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : BETTY
Creation time : 10/11/2008 23:56:46
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.13
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.7.0.0
User Language : Français (France)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
* C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\WINDOWS\system32\NOTEPAD.EXE (Microsoft Corporation)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
* C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
* C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
* C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
* C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
* C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
* C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
* C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
* C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ICO.EXE (Primax Electronics Ltd.)
* C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
* C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
* C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
* C:\DOCUME~1\BORJAE~1\LOCALS~1\Temp\Répertoire temporaire 1 pour runscanner.zip\RunScanner.exe (Runscanner.net)
* C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation)
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
* C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation)
* C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)

Unrated items
-------------
002 C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
002 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
002 C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
002 C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
002 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
002 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
003 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
004 C:\Program Files\ERUNT\AUTOBACK.EXE
005 C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
010 C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (AntiVir PersonalEdition Classic Guard)
010 C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (AntiVir PersonalEdition Classic Scheduler)
010 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device)
010 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (EvtEng)
010 * C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google Updater Service)
010 C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (Image Converter video recording monitor for VAIO Entertainment)
010 C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe (MSCSPTISRV Module)
010 C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe (PACSPTISVR Module)
010 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (RegSrvc)
010 C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe (SonicStage SCSI Service)
010 C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe (Sony SPTI Service)
010 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Spectrum24 Event Monitor)
010 C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe (VAIO Cooporated Initialisation)
010 C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (VAIO Entertainment Database Service)
010 C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (VAIO Entertainment File Import Service)
010 C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (VAIO Entertainment TV Device Arbitration Service)
010 C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (VAIO Entertainment UPnP Client Adapter)
010 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (VAIO Event Service)
010 C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (VAIO Media Integrated Server)
010 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (VAIO Media Integrated Server (HTTP))
010 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (VAIO Media Integrated Server (UPnP))
010 C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Manager Service)
011 C:\WINDOWS\system32\DRIVERS\AegisP.sys (AEGIS Protocol (IEEE 802.1x) v3.2.0.3)
011 * C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys (avgio)
011 * C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys (avgntflt)
011 C:\WINDOWS\System32\DRIVERS\gmer.sys (gmer)
011 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV)
011 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SASENUM)
011 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL)
011 C:\WINDOWS\system32\DRIVERS\s24trans.sys (Transport RLAN)
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
031 C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
031 C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
031 C:\PROGRA~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) {E1D2BF40-A96B-11d1-9C6B-0000F875AC61}
035 C:\WINDOWS\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
050 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
052 C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll (Google) {CA6319C0-31B7-401E-A518-A07C3DB8F777}
052 * C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
052 C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) {DBC80044-A445-435b-BC74-9C25C1C588A9}
052 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
061 C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {BDEADF00-C265-11d0-BCED-00A0C90AB50F}
061 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
061 C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll ( ) {C6643EC0-49AC-4c15-A455-04104DB900A9}
061 C:\PROGRA~1\MICROS~3\Office\1036\UNBIND.DLL (Microsoft Corporation) {59850401-6664-101B-B21C-00AA004BA90B}
061 C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
061 C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll (Sony Corporation) {ED58A35B-B554-42AF-A26C-6F3D424200D3}
062 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
067 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
067 C:\WINDOWS\system32\VESWinlogon.dll (Sony Corporation)
100 SearchUrl HKCU : http://home.microsof...search.asp?p=%s
100 ShellNext HKCU : http://www.club-vaio.com/fr/
100 Start Page HKCU : http://www.google.fr/
104 C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll (Microsoft Corporation) {14B87622-7E19-4EA8-93B3-97215F77A6BC}
104 C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll (Microsoft® Corporation) {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
104 * C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx (Aurigma, Inc.) {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
104 * C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx (Aurigma, Inc.) {6E5E167B-1566-4316-B27F-0DDAB3484CF7}
104 GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
104 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MessengerStatsPAClient.dll (Microsoft Corporation) {97E71027-0BA2-44F2-97DB-F84D808ED0B6}
104 C:\WINDOWS\Downloaded Program Files\ZIntro.ocx (Microsoft Corporation) {B8BE5E93-A60C-4D26-A2DC-220313175592}
105 Add to Windows &Live Favorites : http://favorites.liv...m/quickadd.aspx
173 GUID / CLSID not found
173 C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll ( ) {C6643EC0-49AC-4c15-A455-04104DB900A9}
173 C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
173 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
221 GUID / CLSID not found
221 C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll ( ) {C6643EC0-49AC-4c15-A455-04104DB900A9}
221 C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
221 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
225 C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
225 C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (Avira GmbH) {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
227 GUID / CLSID not found
227 C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll ( ) {C6643EC0-49AC-4c15-A455-04104DB900A9}
227 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) SUPERAntiSpyware Context Menu
229 C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll ( ) {C6643EC0-49AC-4c15-A455-04104DB900A9}
231 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info

Missing files
-------------
003 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20061025.029\symidsco.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
036 https:
052 C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
061 deskpan.dll

Attached Files


  • 0

#39
Thunderbird1988
Posted 11 November 2008 - 06:28 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Annasam,

Have you updated your Windows like discirbed in my previous post?

And if yes, is that icon gone?

Thunderbird1988
  • 0

#40
annasam
Posted 11 November 2008 - 07:46 AM

annasam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi I didn't do the windows update but the Icon is already no longer there. Should I do the update anyway and does that mean I have to download Windows Service Pack 3?

thanks!
annasam
  • 0

Advertisements

#41
Thunderbird1988
Posted 12 November 2008 - 01:49 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Annasam,

Well actually I asked you to update because I have been told that icon could be from Windows update, trying to warn you that you haven't updated.
Since the icon is gone, you won't have to update just to get rid of that icon. However, I still strongly recommand you to update your Windows and install Service Pack 3, because your computer is much better protected if you install the updates.

Is your computer running fine now?

Thunderbird1988
  • 0

#42
annasam
Posted 13 November 2008 - 04:22 PM

annasam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I updated and the annoying Icon came back. It seems like it will never go away. What should i do now?

Thanks for all of your help so far.

annasam
  • 0

#43
Thunderbird1988
Posted 15 November 2008 - 01:30 PM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello Annasam,

Could you please post a new Hijackthislog?

Thunderbird1988
  • 0

#44
annasam
Posted 15 November 2008 - 02:00 PM

annasam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I did the windows update again because I wasnt sure if it worked the first time. Now the yellow icon is not there which is good but I would like to wait a few days to see if it comes back.

Below is the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:25, on 15/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.com/fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16....es/MsnPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto....geUploader5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto....geUploader4.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zon...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab55579.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O24 - Desktop Component 0: (no name) - https://a248.e.akama...a/ma_mail_1.gif

--
End of file - 12371 bytes



Thanks!
annasam
  • 0

#45
Thunderbird1988
Posted 22 November 2008 - 03:58 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Is it still gone?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP