Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Spyware Secure pop-up's

  1. #1
    Junior Member
    Join Date
    Sep 2007
    Posts
    6

    Unhappy Spyware Secure pop-up's

    I seem to receiving pop-up's from http://www.spyware-secure.com/fullpa...ime=312e323132

    I've tried everything that I can possibly think of :

    1. SpyBot

    This application tells me that it finds "spyware-secure" and when I ask it to fix the problem, it says that the problem's been fixed. I keep getting the pop up's though.

    2. AVG Spyware

    AFTER removing all temp folders with the help of ATF CLEANER, I did a complete scan of my system (more than 306000 objects which took roughly one hour) and they found 21 infected objects : Tracking cookies - which I quarantined. Am attaching the scan report :

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 16:41:51 05/09/2007

    + Scan result:



    :mozilla.69:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.70:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.71:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
    :mozilla.21:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.24:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.29:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
    :mozilla.78:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
    :mozilla.46:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.47:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.51:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
    :mozilla.31:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.32:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.19:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.20:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.33:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.34:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.87:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.88:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.89:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.90:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
    :mozilla.37:C:\Documents and Settings\Rajeev Mehra\Application Data\Mozilla\Firefox\Profiles\qx1wo67a.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.


    ::Report end

    ---------------------------------------------------

    3. The Latest Hijack This Log

    This log was taken AFTER doing the AVG scan

    Logfile of HijackThis v1.99.1
    Scan saved at 17:35:06, on 05/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
    C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Rajeev Mehra\Local Settings\Temp\wz56a6\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453463 14
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1224488079750
    O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab
    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) - http://javadl-esd.sun.com/update/1.4...ndows-i586.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    -------------------------------------------------------

    I still have popup windows crashing on my screen. Most come from Spyware-Secure.com while there are others coming from some casino's and xxx sites...


    I can't seem to think of anything else right now. Could someone please help me with this? Thanks in advance. BTW, I use the latest firefox version so am wondering how they managed to beat firefox security.

  2. #2
    Security Expert shelf life's Avatar
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,076

    Default

    hi Beesakopie,

    two things:


    download and run vundofix.exe:

    http://www.atribune.org/ccount/click.php?id=4

    * Double-click VundoFix.exe to run it.
    * Click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will reboot your computer, click OK.
    * Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
    ------------------------------------
    Download SmitfraudFix (by S!Ri) to your Desktop:

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip


    Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press Enter

    This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named: c:\rapport.txt

    stop at this point and post a HijackThis log along with the contents of the c:\rapport.txt.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    ---------------------------------------
    do the above, then:

    post the vundo log, the smitfraud log and a new hjt log.

    shelf life
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Sep 2007
    Posts
    6

    Default

    Hi there Shelf Life

    Thanks for taking the trouble to look into this.

    The Vundofix programme did not find any infected files. Am attaching the log as requested:

    ------------------------------------------------
    VundoFix V6.5.8

    Checking Java version...

    Scan started at 11:28:04 06/09/2007

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...
    ------------------------------------------------
    The programme did not prompt me that it wanted to reboot or anything. I should imagine thats because it didn't find anything...(?)

    Then I did the Smitfraud Fix thing. (thanks for sending me the french version - i have however used it in english to ensure that things are legible)The rapport.txt is copied as under :

    -------------------------------------------------

    SmitFraudFix v2.221

    Scan done at 11:59:59.26, 06/09/2007
    Run from C:\Documents and Settings\Rajeev Mehra\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    C:\windows\system32\jvcwmep.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
    C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\WINDOWS\system32\cmd.exe

    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ hosts


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\Web


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system32


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system32\LogFiles


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Documents and Settings\Rajeev Mehra


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Documents and Settings\Rajeev Mehra\Application Data


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Start Menu


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\DOCUME~1\RAJEEV~1\Favoris


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Desktop


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Program Files


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Corrupted keys


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"



    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Rustock



    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ DNS

    Description: NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 192.168.1.1



    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Scanning for wininet.dll infection


    ╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ End
    ---------------------------------------------------------

    The Latest Hi-Jack This log was done AFTER the SmitFraud process :

    ---------------------------------------------------------
    Logfile of HijackThis v1.99.1
    Scan saved at 12:05:48, on 06/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
    C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\WINDOWS\system32\cmd.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Rajeev Mehra\Local Settings\Temp\wz2581\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453463 14
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1224488079750
    O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab
    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) - http://javadl-esd.sun.com/update/1.4...ndows-i586.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    ---------------------------------------------------------------------

    Has anything shown up? I still get the pop-ups !!

    cheers

    Beesakopie

  4. #4
    Security Expert shelf life's Avatar
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,076

    Default

    hi Beesakopie,

    still popups? amazingly i thought vundo and or smitfraud would fix the problems.
    ---------------------------
    scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.


    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453463 14

    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
    --------------------------
    navigate to the C:\windows dir. see if you can find and delete a folder named:
    "reminder"

    inside the folder is a executable: fsc-reminder.exe 2453463 14

    delete the entire named folder "reminder"
    -------------------------------
    reboot once and post a new hjt log.

    shelf life
    How Can I Reduce My Risk?

  5. #5
    Junior Member
    Join Date
    Sep 2007
    Posts
    6

    Default

    Hi Shelflife

    Ok, I got rid of Fsc-reminder executible. I fixed the issue first with HiJack This and then I found the directory in c:\windows which had the executible file like you'd indicated. I manually deleted the folder.

    Am attaching the latest HJT log (after re-boot, as instructed) :

    Logfile of HijackThis v1.99.1
    Scan saved at 11:00:38, on 07/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Creative\Shared Files\CTSched.exe
    C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
    C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Documents and Settings\Rajeev Mehra\Local Settings\Temp\wz7641\HijackThis.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1224488079750
    O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab
    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) - http://javadl-esd.sun.com/update/1.4...ndows-i586.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    Unfortunately, just before I posted this, I got a couple of pop-ups again...Everything seemed to be ok for a good 10 minutes while I surfed...and now once again the pop-ups are back !

  6. #6
    Junior Member
    Join Date
    Sep 2007
    Posts
    6

    Default

    sorry for the double post - but I seem to have thought of something and I can't edit my post above :

    On the HJT log, there are a few processes that seem to be wierd :

    O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast.com/admin/hostClientIE.cab

    O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
    (I think these two above have something to do with xxx sites)

    Should I "fix" these on HJT?

    Cheers,

    Beesakopie

  7. #7
    Security Expert shelf life's Avatar
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,076

    Default

    hi,

    yes you can delete those 2 016 items. also look in add/remove programs panel for CID, and uninstall it if present (those are IE plugins, which could be the source of the problem)

    post a add/remove list like this also:
    start hjt
    click on "open misc tolls section"
    at top clcik on "misc tools"
    then "open uninstall manager"
    then "save list"
    post the list in next reply.
    -----------------------------
    also you can disable any IE add ons like this: (maybe alittle different for IE 7.0)

    open IE>tools>manage addons
    see any that you arent sure about?
    click on it and disable it.
    ---------------------
    short on time
    shelf life
    How Can I Reduce My Risk?

  8. #8
    Junior Member
    Join Date
    Sep 2007
    Posts
    6

    Default

    Hi Shelf Life

    1. Have "fixed" the 016 programmes on HJT.

    2. Here is the Uninstall list from HJT. I've now realised that there is a lot of stuff I need to / can get rid off !!!

    Adobe Reader 8.1.0
    Adobe Shockwave Player
    AppCore
    Archiveur WinRAR
    ATI Control Panel
    ATI Display Driver
    AV
    AVG Anti-Spyware 7.5
    BroadJump Client Foundation
    BUM --------WHAT IS THIS?
    ccCommon
    Club Internet Agent Wi-Fi V2
    Club Internet Service Photos
    Configurateur Modem
    Correctif pour Lecteur Windows Media 11 (KB939683)
    Correctif pour Windows XP (KB914440)
    Correctif Windows XP - KB834707
    Correctif Windows XP - KB873333
    Correctif Windows XP - KB873339
    Correctif Windows XP - KB883517
    Correctif Windows XP - KB883529
    Correctif Windows XP - KB883667
    Correctif Windows XP - KB884020
    Correctif Windows XP - KB884575
    Correctif Windows XP - KB885222
    Correctif Windows XP - KB885250
    Correctif Windows XP - KB885523
    Correctif Windows XP - KB885835
    Correctif Windows XP - KB885836
    Correctif Windows XP - KB885894
    Correctif Windows XP - KB886185
    Correctif Windows XP - KB886677
    Correctif Windows XP - KB887472
    Correctif Windows XP - KB887742
    Correctif Windows XP - KB887797
    Correctif Windows XP - KB888113
    Correctif Windows XP - KB888302
    Correctif Windows XP - KB890175
    Correctif Windows XP - KB890831
    Correctif Windows XP - KB890859
    Correctif Windows XP - KB890923
    Correctif Windows XP - KB891781
    Correctif Windows XP - KB893066
    Correctif Windows XP - KB893086
    Creative Live! Cam Vista IM Driver (1.00.07.0401)
    Creative Live! Cam Vista IM User's Guide (English)
    Creative Software AutoUpdate
    Creative System Information
    Creative WebCam Center
    Dora La CitÚ Perdue OK THIS IS A GAME MY KID PLAYS
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    Ecran de veille AOL Photos --MAY I REMOVE? --
    EPSON CardMonitor
    EPSON Copy Utility 3
    EPSON Logiciel imprimante
    EPSON PhotoQuicker3.5
    EPSON PhotoStarter3.1
    EPSON PRINT Image Framer Tool2.1
    EPSON Scan
    EPSON Smart Panel
    EPSON Web-To-Page
    ESCX3600 Guide de rÚf.
    ESCX3600 Guide des logiciels
    Get Yahoo! Messenger
    Google Earth
    Google Toolbar for Internet Explorer
    High Definition Audio Driver Package - KB888111
    HijackThis 1.99.1
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    InterVideo WinDVD
    Java 2 Runtime Environment, SE v1.4.1
    Java Web Start
    Joost (tm) 0.9.2
    Lanceur Club Internet v6 --- OK, THIS IS LEGIT --
    LE COMPAGNON CLUB ----OK, THIS IS LEGIT --
    Learn2 Player (Uninstall Only) --- MAY I REMOVE --
    Lecteur Windows Media 11
    LiveUpdate 3.1 (Symantec Corporation)
    Macromedia Flash Player 8
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Word Viewer 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Works
    Mise Ó jour de sÚcuritÚ pour Lecteur Windows Media (KB911564)
    Mise Ó jour de sÚcuritÚ pour Lecteur Windows Media 10 (KB917734)
    Mise Ó jour de sÚcuritÚ pour Lecteur Windows Media 11 (KB936782)
    Mise Ó jour de sÚcuritÚ pour Lecteur Windows Media 6.4 (KB925398)
    Mise Ó jour de sÚcuritÚ pour Step by Step Interactive Training (KB898458) --WHAT IS THIS ? --
    Mise Ó jour de sÚcuritÚ pour Step by Step Interactive Training (KB923723) --WHAT IS THIS ? --
    Mise Ó jour de sÚcuritÚ pour Windows Internet Explorer 7 (KB928090)
    Mise Ó jour de sÚcuritÚ pour Windows Internet Explorer 7 (KB929969)
    Mise Ó jour de sÚcuritÚ pour Windows Internet Explorer 7 (KB931768)
    Mise Ó jour de sÚcuritÚ pour Windows Internet Explorer 7 (KB933566)
    Mise Ó jour de sÚcuritÚ pour Windows Internet Explorer 7 (KB937143)
    Mise Ó jour de sÚcuritÚ pour Windows Internet Explorer 7 (KB938127)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB883939)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB890046)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB893756)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB896358)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB896422)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB896423)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB896424)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB896428)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB896688)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB899587)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB899588)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB899591)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB900725)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB901017)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB901190)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB901214)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB902400)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB903235)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB904706)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB905414)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB905749)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB905915)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB908519)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB911562)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB911567)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB911927)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB912919)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB913580)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB914388)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB914389)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB916281)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB917159)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB917344)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB917422)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB917953)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB918118)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB918439)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB918899)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB919007)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB920213)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB920214)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB920670)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB920683)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB920685)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB921398)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB921503)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB921883)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB922616)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB922760)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB922819)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB923191)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB923414)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB923694)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB923980)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB924191)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB924270)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB924496)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB924667)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB925486)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB925902)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB926255)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB926436)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB927779)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB927802)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB928255)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB928843)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB929123)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB930178)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB931261)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB931784)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB932168)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB935839)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB935840)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB936021)
    Mise Ó jour de sÚcuritÚ pour Windows XP (KB938829)
    Mise Ó jour pour Windows XP (KB894391)
    Mise Ó jour pour Windows XP (KB896727)
    Mise Ó jour pour Windows XP (KB898461)
    Mise Ó jour pour Windows XP (KB900485)
    Mise Ó jour pour Windows XP (KB904942)
    Mise Ó jour pour Windows XP (KB908531)
    Mise Ó jour pour Windows XP (KB910437)
    Mise Ó jour pour Windows XP (KB911280)
    Mise Ó jour pour Windows XP (KB916595)
    Mise Ó jour pour Windows XP (KB920872)
    Mise Ó jour pour Windows XP (KB922582)
    Mise Ó jour pour Windows XP (KB927891)
    Mise Ó jour pour Windows XP (KB929338)
    Mise Ó jour pour Windows XP (KB930916)
    Mise Ó jour pour Windows XP (KB931836)
    Mise Ó jour pour Windows XP (KB933360)
    Mise Ó jour pour Windows XP (KB938828)
    Mozilla Firefox (2.0.0.2)
    Mozilla Firefox (2.0.0.6)
    MSN Messenger 7.5
    MSRedist
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    Nero 6
    Nero BurnRights
    NeroVision Express 2
    NETGEAR WG111T Smart Wizard Wireless Utility
    Norton AntiVirus
    Norton Confidential Browser Component
    Norton Confidential Web Protection Component
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security Online (Symantec Corporation)
    Norton Protection Center
    Panda TotalScan
    PCFriendly --WHAT IS THIS ? --
    PIF DESIGNER2.1
    QuickTime
    RealPlayer
    ScanToWeb
    Security Update for CAPICOM (KB931906) --WHAT IS THIS ? --
    Security Update for CAPICOM (KB931906) --WHAT IS THIS ? --
    Skype 3.0
    Skype add-on for IE
    Skype Plugin Manager
    Slideroll Videomaker 0.32a
    Smart Link 56K Modem
    SPBBC 32bit --WHAT IS THIS ? --
    Spybot - Search & Destroy 1.4
    SymNet --WHAT IS THIS ? --
    VIA Rhine-Family Fast Ethernet Adapter
    Viewpoint Media Player --WHAT IS THIS ? --
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    WinZip
    Yahoo! Messenger

    * "Mise Ó jour" : Update

    PS: Take your time. For the moment, I am using the latest firefox version and have activated the option of blocking all cookies. I still get the pop-up's though ...

  9. #9
    Security Expert shelf life's Avatar
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,076

    Default

    hi Beesakopie,

    no joy yet. nothing really in the uninstall list. i was looking for malicious third party add-ons.

    BUM --------WHAT IS THIS?
    do not know, if you dont i would uinstall it

    Ecran de veille AOL Photos --MAY I REMOVE? --
    a photo plug in, i would say its safe to remove

    the 4 KB numbers.... are patches from windows update. just scroogle the number.

    PCFriendly --WHAT IS THIS ? -
    questionable dvd playback media player, installed with older dvd's, uninstall it.

    Viewpoint Media Player
    comes bundled with AOL, uninstall it.

    SPBBC 32bit --WHAT IS THIS ? --

    SymNet --WHAT IS THIS ? --
    both are ok

    ---------------------
    also run step 2 of the smitfraudFix:

    best to do it in safe mode so you might want to copy/paste the directions into notepad so you can read them in safe mode:

    Reboot into Safe Mode

    * Restart your computer.
    * Before the Windows logo appear, tap F8 repeatedly.
    * chose the first option: safe mode
    -----------------------
    in safe mode:

    Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
    Select option #2 - Clean by typing 2 and press Enter.
    Wait for the tool to complete and disk cleanup to finish.
    You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

    The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
    --------------------
    post the log in next reply.

    shelf life
    How Can I Reduce My Risk?

  10. #10
    Junior Member
    Join Date
    Sep 2007
    Posts
    6

    Default

    Shelf Life,

    Thanks a lot for your help. I seem to have fixed the problem.

    I found a French online security magazine article on the internet that detailed my problem succintly and even offered a solution. Here is the link :

    http://www.secuser.com/alertes/2007/spyware-secure.htm

    It basically tells me that the spyware-secure installs a rootkit into the computer and this rootkit triggers off the pop ups. It goes on to say that this menace was discovered in Jan 2007 and is not "malicious" in the strict sense of the term. This is basically a commerical propostion used by spyware - secure to sell its software. I think you can translate the page with babel fish to read it fully.

    Anyways, I did what the article told me - viz. downloaded AVG rootkit. This programme found one hidden EXE file called jvcwmep.exe in my system32 folder. (This file shows up in the Smitfraudfix log BTW) There were 5 other variants of jvcwmep (.dll /.bat/.dat etc) in other areas of the machine.

    I removed these files with AVG rootkit and since then (I did this about 2 days back - just after the last time I posted) and till now haven't received any pop-up's.

    I think I have thus solved the problem.

    One other thing :
    1. NickW, the french translator here on spybot helped me get on the right track. Please give her further powers to help people on this forum. She is doing a great job.

    Thanks once again to all at spybot. I think this thread may be closed. Cheers !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •