Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Looie

Pages: [1]
1
Tech Clinic / rundll32.exe
« on: June 09, 2006, 03:53:40 AM »
I left it on all day and everything seems to be fine - many thanks.
When I run a scan I still see a few errors, but as it is running Ok will leave them.
Thanks again.

2
Tech Clinic / rundll32.exe
« on: June 07, 2006, 03:48:41 AM »
I have done the above.  I can now get into my control panel and have no annoying ads so far.
However, my incredimail is shutting down after about 5-10 minutes - the fault says,

Exception: ACCESS_VIOLATION (C0000005) - on reading from 00000000
Faulting Offset: 0000EFE5
Module: IMApp.exe

0000EFE5     IMApp.exe

I have reinitiated my spyware.

Are you able to tell if I had anything nasty i.e. virus etc befor which you have now fixed? Or was it just adware stuff?

The rundll32 file came from a link on the topic ,  http://www.spywareinfo.com/~merijn/winfiles.html#rundll32

3
Tech Clinic / rundll32.exe
« on: June 06, 2006, 03:58:13 PM »
Logfile of HijackThis v1.99.1
Scan saved at 22:32:00, on 06/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\PC MightyMax\pcmm.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Filseclab\FilMsg.exe
C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Climate Change Experiment\boinc.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.08_windows_intelx86.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.08_windows_intelx86.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\K-litePro\Plugins\RazaWebHook.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKCU\..\Run: [a-squared] C:\Program Files\a-squared\a2guard.exe
O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\K-litePro\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IEpal - CleanUp history, search and navigation - {614941A8-F4C6-49F3-AB6B-5EAD14B1029E} - C:\Program Files\IEpal\CIEpal.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: IEpal - Analyze page - {ED889FA5-D5F6-4A74-881A-BC062D730677} - C:\Program Files\IEpal\IEpal.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe


 ewido anti-malware - Rapport de scan
---------------------------------------------------------

 + Créé le:      22:03:31, 06/06/2006
 + Somme de contrôle:   54455328

 + Résultats du scan:

   HKLM\SYSTEM\ControlSet002\Control\SPPInfo\PPSE1IDesc -> Dialer.Generic : Nettoyer et sauvegarder
   C:\Program Files\K-litePro\Downloads\- SnowBall - tradewinds.rar/Setup_toolBar.exe -> Downloader.IstBar.nj : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{00F3F248-D13E-4256-BE8F-D92B255E9B1B} -> Trojan.Small.cy : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{05423ABD-E8DF-4859-8C35-6ED39612F921} -> Adware.Gator : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{0A2D31B8-44C2-42F1-8FD0-93FC87D76CDA} -> Adware.SideFind : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{0B7EAC1C-AAEE-432F-9AC7-B1980D6ECF15} -> Downloader.IstBar.jm : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{15E99E39-23E3-4115-ACFC-E92C34BEC43E} -> Not-A-Virus.Downloader.Win32.WinFixer.b : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{3C400947-B1F7-4E29-92F0-AD7BF24CCDBF} -> Downloader.Dyfuca.dt : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{3E112C74-680D-496C-9088-33935EDE121D} -> Downloader.IstBar.jm : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{46FBC077-C8C1-4838-9E70-0628038026E8} -> Downloader.Dyfuca.ei : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{4973506E-EE68-41B9-BBD0-E9C038776276} -> Adware.Gator : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{4D4A766F-7229-4D66-A496-0C95F6B2D40F} -> Adware.Gator : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{66478FD6-25C2-4E2F-8D93-E0E5D04C8ADB} -> Adware.SideFind : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{68FB70BE-9F6A-48C1-BC35-5A1B76F0B1AE} -> Adware.Gator : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{731C0146-7DFC-46B4-A31F-7E3A1C91019D} -> Downloader.IstBar : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{7966CCA9-748A-425A-AB99-D3688A989AA1} -> Downloader.IstBar.ms : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{7FEAEA7A-39FD-4A42-88E2-3368ED34674A} -> Downloader.Dyfuca.ei : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{8B6AA016-500C-4168-9E43-23078301986A} -> Adware.PowerScan : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{8C683109-C55A-4C4D-82E3-0F775B551006} -> Adware.Gator : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{CA567670-7288-42D5-B7CD-4F55AE62AB3B} -> Adware.EZula : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{CADF08F8-244C-4AF1-B301-41FD97EB7E5C} -> Downloader.IstBar.ij : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{CD74E01C-2C8B-4816-BCAF-2C5C4DAFA9A3} -> Trojan.Small.cy : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{DE860B18-A779-4E65-9EB7-198750128E91} -> Downloader.Dyfuca.dt : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{E096AE63-D006-4EDD-80A0-C69CAAD5F365} -> Adware.SurfAccuracy : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{F0305BB1-3708-4692-A7DD-76DB6836BC31} -> Downloader.Dyfuca : Nettoyer et sauvegarder
   C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\Quarantine\Quarantine - 01-05-2006 - 11-12-36.SBU/{F4F1C478-336D-493C-8B84-F0EB113F124E} -> Downloader.Dyfuca : Nettoyer et sauvegarder
   :mozilla.27:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
   :mozilla.34:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
   :mozilla.35:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.37:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.38:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.39:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.44:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
   :mozilla.45:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
   :mozilla.58:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
   :mozilla.59:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
   :mozilla.61:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
   :mozilla.62:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
   :mozilla.65:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.66:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.67:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.68:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.75:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.82:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.83:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.84:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.93:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder
   :mozilla.94:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.96:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
   :mozilla.98:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyer et sauvegarder
   :mozilla.100:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.101:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Firefox\Profiles\pdnhk6r0.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.10:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.23:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
   :mozilla.25:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.26:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.27:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.28:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.30:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.31:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.32:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.33:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.34:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.35:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.36:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.37:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
   :mozilla.42:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
   :mozilla.43:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Trafic : Nettoyer et sauvegarder
   :mozilla.58:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
   :mozilla.59:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
   :mozilla.68:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
   :mozilla.75:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Com : Nettoyer et sauvegarder
   :mozilla.76:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Com : Nettoyer et sauvegarder
   :mozilla.83:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hotlog : Nettoyer et sauvegarder
   :mozilla.96:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
   :mozilla.97:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
   :mozilla.98:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Liveperson : Nettoyer et sauvegarder
   :mozilla.99:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.104:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder
   :mozilla.105:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder
   :mozilla.112:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder
   :mozilla.126:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Gator : Nettoyer et sauvegarder
   :mozilla.141:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Adserver : Nettoyer et sauvegarder
   :mozilla.142:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Adserver : Nettoyer et sauvegarder
   :mozilla.144:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Spylog : Nettoyer et sauvegarder
   :mozilla.145:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
   :mozilla.146:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
   :mozilla.147:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Zedo : Nettoyer et sauvegarder
   :mozilla.152:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
   :mozilla.183:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Xxxtoolbar : Nettoyer et sauvegarder
   :mozilla.184:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Xxxtoolbar : Nettoyer et sauvegarder
   :mozilla.194:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.195:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.210:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
   :mozilla.211:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
   :mozilla.212:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
   :mozilla.227:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder
   :mozilla.247:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
   :mozilla.256:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder
   :mozilla.257:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
   :mozilla.267:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder
   :mozilla.278:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.279:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.280:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   :mozilla.281:D:\sauvegarde\Documents and Settings\Louise and Dave\Application Data\Mozilla\Profiles\default\v7i2vgk2.slt\cookies.txt -> TrackingCookie.Hitslink : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@com[2].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkikodzcfoaqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiukcjafpgudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkokkajakqqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@y-1shz2prbmdj6wvny-1sez2pra2dj6wfliupdzaloqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlokmc5aepgidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder
   D:\sauvegarde\Documents and Settings\Louise and Dave\Cookies\louise and dave@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlykjdjgaqasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyer et sauvegarder


::Fin du rapport

mitFraudFix v2.54

Rapport fait à 20:53:53,45, 06/06/2006
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\system32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\system32\imfdfcj.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\atmclk.exe supprimé
C:\WINDOWS\system32\dcomcfg.exe supprimé
C:\WINDOWS\system32\hp???.tmp supprimé
C:\WINDOWS\system32\imfdfcj.dll supprimé
C:\WINDOWS\system32\ld????.tmp supprimé
C:\WINDOWS\system32\ot.ico supprimé
C:\WINDOWS\system32\regperf.exe supprimé
C:\WINDOWS\system32\simpole.tlb supprimé
C:\WINDOWS\system32\stdole3.tlb supprimé
C:\WINDOWS\system32\ts.ico supprimé
C:\WINDOWS\system32\1024\ supprimé
C:\DOCUME~1\ADMINI~1\Favoris\Antivirus Test Online.url supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\imfdfcj.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé.
 
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



Hope this is OK, 2 files you wanted me to check in the hijackthis were not there ;-
RO - HKCU\Software\Microsft\Internet Explorer\Main,Local Page = \blank.htm - I had one similar ending with
Main,Window Title = Wanadoo.  I did not check it as it was not exactly the same.
Also I did not have
o2-BHO:Nothing -{6ab7158b-4bff..............\hp100.tmp

Re txt file:-

 Le volume dans le lecteur C n'a pas de nom.
 Le num‚ro de s‚rie du volume est FC59-A376

 R‚pertoire de C:\Documents and Settings\Administrateur\Bureau

11/01/2005  10:21            33ÿ792 rundll32.exe
               1 fichier(s)           33ÿ792 octets

 R‚pertoire de C:\WINDOWS\system32\dllcache

11/01/2005  10:20            32ÿ256 rundll32.exe
               1 fichier(s)           32ÿ256 octets


Translators do not really help as computer jargon is not a direct translation .  I was having a mad moment and did not realise the Clean up program was English.  I am feeling better now.

4
Tech Clinic / rundll32.exe
« on: June 06, 2006, 07:10:58 AM »
Gosh that sounds complicated - you must be mighty clever.  I will manage this!
However, I have come unstuck already, I found 'safe mode' which they directly translate to 'mode without failure' in french.  But I cannot find the icon or Start>all programs.  If it is in the control panel, I cannot access this.
Can you please give me an idea of where I should be looking.  I have tried a file search for it but again it is obviously called something else completely in french.  If the icon is a 'my computer' type thing, I have never had one of those.  Sorry to get stuck so early on!  Thanks for your help so far.  I hope to manage the rest as it is in English, although I wonder if Prefetch files are called something strange here.  Will get aid of bi-lingual children this evening.

5
Tech Clinic / rundll32.exe
« on: June 05, 2006, 11:18:48 AM »
»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe PRESENT !
C:\WINDOWS\system32\dcomcfg.exe PRESENT !
C:\WINDOWS\system32\hp???.tmp PRESENT !
C:\WINDOWS\system32\hp????.tmp PRESENT !
C:\WINDOWS\system32\imfdfcj.dll PRESENT !
C:\WINDOWS\system32\ld????.tmp PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\regperf.exe PRESENT !
C:\WINDOWS\system32\simpole.tlb PRESENT !
C:\WINDOWS\system32\stdole3.tlb PRESENT !
C:\WINDOWS\system32\ts.ico PRESENT !
C:\WINDOWS\system32\1024\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris

C:\DOCUME~1\ADMINI~1\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\system32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\system32\imfdfcj.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



Logfile of HijackThis v1.99.1
Scan saved at 18:17:39, on 05/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\PC MightyMax\pcmm.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\Fichiers communs\Filseclab\FilMsg.exe
C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Program Files\Climate Change Experiment\boinc.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.08_windows_intelx86.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.08_windows_intelx86.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\K-litePro\Plugins\RazaWebHook.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKCU\..\Run: [a-squared] C:\Program Files\a-squared\a2guard.exe
O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\K-litePro\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IEpal - CleanUp history, search and navigation - {614941A8-F4C6-49F3-AB6B-5EAD14B1029E} - C:\Program Files\IEpal\CIEpal.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: IEpal - Analyze page - {ED889FA5-D5F6-4A74-881A-BC062D730677} - C:\Program Files\IEpal\IEpal.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

6
Tech Clinic / rundll32.exe
« on: June 05, 2006, 08:08:51 AM »
I have read your info on re this of last year and have downloaded the file I have lost according to my control panel, which I cannot access.  I have put it into the cache area but am unsure where to put it to get it to work.  I have windows XP, presume the earlier edition and it is french.  I have loaned the machine to my son who downloads music, and am now getting frequent adverts for sex, plus a pestrap advert which is very annoying.
 Here is the hijack info incase you can help;
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\PC MightyMax\pcmm.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\Fichiers communs\Filseclab\FilMsg.exe
C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Program Files\Climate Change Experiment\boinc.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3trans_5.08_windows_intelx86.exe
C:\Program Files\Climate Change Experiment\projects\bbc.cpdn.org\hadcm3transum_5.08_windows_intelx86.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MySearch Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\K-litePro\Plugins\RazaWebHook.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R
O4 - HKCU\..\Run: [a-squared] C:\Program Files\a-squared\a2guard.exe
O4 - Startup: Climate Change Experiment Manager.lnk = C:\Program Files\Climate Change Experiment\cpdnbbcmgr.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Filseclab Messenger.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\K-litePro\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IEpal - CleanUp history, search and navigation - {614941A8-F4C6-49F3-AB6B-5EAD14B1029E} - C:\Program Files\IEpal\CIEpal.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: IEpal - Analyze page - {ED889FA5-D5F6-4A74-881A-BC062D730677} - C:\Program Files\IEpal\IEpal.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Pages: [1]