I followed the instructions of your guidelines. 8 hours running in total.
I indeed was able to destruct several spywares, trojan, ..
My pc is still very low on start up. Needs 4 mn, at least.
Can you have a look on the enclosed hijack log.
Thanks for your assistance.
Fox
Here is the result :
Logfile of HijackThis v1.99.1
Scan saved at 12:06:13, on 31/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Vikao 3.1.3 Client [FR]\STCVRemote.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\1ClickFixerPlus.exe
C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\1ClickFixerPlus.exe
C:\Program Files\Secure PC Solutions\1 Click Spy Clean\1ClickSpyClean.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.9.0.38\PlaxoHelper.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\Program Files\PyGrenouille\pygrenouille.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\CariBarre\cb.exe
C:\Program Files\SpamPal\spampal.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.f...page_recherche/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: HLIeBar - {0A120D41-244B-11D5-8122-005004F6D77D} - C:\Program Files\HumanLinks\bin\HLIeBar.dll
O3 - Toolbar: Furl Toolbar - {74E677D9-0F37-4654-85E9-02F36AA295EB} - C:\Program Files\Furl Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [VIKAO RESIDENT] "C:\Program Files\Vikao 3.1.3 Client [FR]\STCVRemote.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SecurePCSolutionsBootCheck] C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\BootCheck.exe
O4 - HKLM\..\Run: [1ClickFixerPlus] C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\1ClickFixerPlus.exe
O4 - HKLM\..\Run: [SpyClean] C:\Program Files\Secure PC Solutions\1 Click Spy Clean\1ClickSpyClean.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.9.0.38\PlaxoHelper.exe -a
O4 - Startup: CariBarre.lnk = C:\Program Files\CariBarre\cb.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PyGrenouille.lnk = C:\Program Files\PyGrenouille\pygrenouille.exe
O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = C:\WINDOWS\SCMain.exe
O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = C:\WINDOWS\WCMain.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Furl It - http://www.furl.net/.../rightClick.jsp
O8 - Extra context menu item: Résumer avec Copernic Summarizer - C:\Program Files\Copernic Summarizer\Web\SummarizePage.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O12 - Plugin for .cpc: C:\Program Files\Internet Explorer\PLUGINS\NPCPC32.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - http://d.66.155.171.52.downloads.estara.co...543058OneCC.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotion...canner37480.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} (CSQ Object) - http://www.monvendeur.com:90/view.cab
O16 - DPF: {CCAE551F-B8A2-11D5-BE8E-00D0B7E10E31} (STCTDirManager Control) - http://www.mayeticvillage.fr/STNDSetup.nsf...e/Client_fr.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
1
please, check my hijack log
Started by fox, May 31 2006 10:18 AM
9 replies to this topic
#2 OFFLINE
-
- Spyware Moderators
-
- 1,821 posts
Power Member
- Gender:Male
- Location:Manchester. UK
- Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.
Posted 31 May 2006 - 02:12 PM
Hi Fox, Welcome to the forum 
Its nice to hear you followed all the steps RRidgely has written into the Removal Guide, I appreciate it may take alot of time to get through but each program will detect different infections and its alot easier to remove junk with a scanner than have to remove them manually. Your log is looking ok so it looks like the Removers RRidgely has recommended have done their jobs well
Run Hijack This and choose Do A System Scan then place a check next to these entries
R3 - URLSearchHook: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
Close all open browser and other windows except for Hijack This and press the Fix Checked button
Your Version of Java is out of date and needs removing from the PC, some older versions of Java contain some security holes which are being exploited by malware writers so its best to remove the version you have then upgrade to the latest version.
Goto Start Menu > Control Panel > Add or Remove Programs and remove any versions of Java (J2SE Runtime Environment) that are in the list such as the 1.4.2_06 version thats showing in your log, after they are removed reboot the PC and then download the latest version from Here.
Optional Fixes
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
You had three URL SearchHooks on your system but we have fixed one of them leaving the above two, URLSearchHooks are called by the browser when the browser cannot determine the protocol of a URL address.. Internet Explorer first attempts to determine the correct protocol but If that fails it calls each object's translate method until the URL has been translated or until all hooks have been called. Normally there should be only one value in this key, Id suggest fixing one of the above lines so you only have one URL SearchHook on the system, As they are both genuine its up to you if you want to remove one or leave them in place, If they are both fixed then it would just restore it to Microsoft's default URL SearchHook so its really up to you how you want to do that.
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dumprep.exe is from Microsoft and is their fault logging software. Once serious errors happen on the system this program will write the details to a text file and request the information be sent to Microsoft, this entry can be fixed if it remains in the log after a reboot.
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Checks for Java updates but doesnt need to run everytime you start the pc. Its common to see out of date versions in the log when this feature is running so its not really doing anything to benefit you, Your version is well out of date so needs upgrading and if the entry returns after updating, that can also be fixed. You can update Java in the future after removing this entry by using the Control Panel's Java icon or by visiting Sun's website Here anytime updates become available.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
QuickTime tray icon which doesnt need to start with Windows, Quicktimes movies will still automatically play when they are run. To stop it coming back right click the blue Quicktime Icon in the system tray then click Quicktime Preferences or access Quicktimes options on the Control Panel. Goto the Advanced tab and Uncheck the 'Install Quicktime Icon In System Tray' box then press Apply and OK and fix the above entry in Hijack This if it remains
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
Application Scheduler installed along with Real Player. Once installed, it runs independently and doesnt need to start up automatically with Windows. To disable this after fixing the entry so it doesnt return, goto Start Menu > All Programs > Real Player > Click Tools then Preferences. Goto The Automatic Services and uncheck all boxes. Do the same for the AutoUpdate & Message Center tabs and press OK then exit
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
These restrictions can be used by some malware to prevent you from changing settings like your homepage. It can also be set by you (using programs like Spybot:S&D) to prevent malware changing your settings, or System Administrators to prevent their users changing settings. If you are sure that you or a system administrator didn't impose these restrictions then check the entries for fixing with Hijack This. If in doubt then leave them.
O4 - HKLM\..\Run: [SecurePCSolutionsBootCheck] C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\BootCheck.exe
O4 - HKLM\..\Run: [1ClickFixerPlus] C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\1ClickFixerPlus.exe
O4 - HKLM\..\Run: [SpyClean] C:\Program Files\Secure PC Solutions\1 Click Spy Clean\1ClickSpyClean.exe /startup
As I mentioned in the other topic of yours 1 Click Spy Clean is a rogue Antispyware remover which at one stage was using a stolen database from Spybot Search & Destroy, If this is free Id suggest it being removed from your PC but if you have payed for that then its really up to you if you trust the people who made it. I wouldnt want it installed on myown pc but I appreciate everyone has different views so Im just giving my opinion on this, I dont recommend fixing the entries in Hijack This because if you didnt want to keep the program, its best to remove it using the Add/Remove programs screen, More info on that can be found Here.
Can you run a full scan with Kaspersky's online scanner so we can see if there is any remaining malware problems:
Regards
Andy
Its nice to hear you followed all the steps RRidgely has written into the Removal Guide, I appreciate it may take alot of time to get through but each program will detect different infections and its alot easier to remove junk with a scanner than have to remove them manually. Your log is looking ok so it looks like the Removers RRidgely has recommended have done their jobs well
Run Hijack This and choose Do A System Scan then place a check next to these entries
R3 - URLSearchHook: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
Close all open browser and other windows except for Hijack This and press the Fix Checked button
Your Version of Java is out of date and needs removing from the PC, some older versions of Java contain some security holes which are being exploited by malware writers so its best to remove the version you have then upgrade to the latest version.
Goto Start Menu > Control Panel > Add or Remove Programs and remove any versions of Java (J2SE Runtime Environment) that are in the list such as the 1.4.2_06 version thats showing in your log, after they are removed reboot the PC and then download the latest version from Here.
Optional Fixes
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
You had three URL SearchHooks on your system but we have fixed one of them leaving the above two, URLSearchHooks are called by the browser when the browser cannot determine the protocol of a URL address.. Internet Explorer first attempts to determine the correct protocol but If that fails it calls each object's translate method until the URL has been translated or until all hooks have been called. Normally there should be only one value in this key, Id suggest fixing one of the above lines so you only have one URL SearchHook on the system, As they are both genuine its up to you if you want to remove one or leave them in place, If they are both fixed then it would just restore it to Microsoft's default URL SearchHook so its really up to you how you want to do that.
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dumprep.exe is from Microsoft and is their fault logging software. Once serious errors happen on the system this program will write the details to a text file and request the information be sent to Microsoft, this entry can be fixed if it remains in the log after a reboot.
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Checks for Java updates but doesnt need to run everytime you start the pc. Its common to see out of date versions in the log when this feature is running so its not really doing anything to benefit you, Your version is well out of date so needs upgrading and if the entry returns after updating, that can also be fixed. You can update Java in the future after removing this entry by using the Control Panel's Java icon or by visiting Sun's website Here anytime updates become available.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
QuickTime tray icon which doesnt need to start with Windows, Quicktimes movies will still automatically play when they are run. To stop it coming back right click the blue Quicktime Icon in the system tray then click Quicktime Preferences or access Quicktimes options on the Control Panel. Goto the Advanced tab and Uncheck the 'Install Quicktime Icon In System Tray' box then press Apply and OK and fix the above entry in Hijack This if it remains
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
Application Scheduler installed along with Real Player. Once installed, it runs independently and doesnt need to start up automatically with Windows. To disable this after fixing the entry so it doesnt return, goto Start Menu > All Programs > Real Player > Click Tools then Preferences. Goto The Automatic Services and uncheck all boxes. Do the same for the AutoUpdate & Message Center tabs and press OK then exit
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
These restrictions can be used by some malware to prevent you from changing settings like your homepage. It can also be set by you (using programs like Spybot:S&D) to prevent malware changing your settings, or System Administrators to prevent their users changing settings. If you are sure that you or a system administrator didn't impose these restrictions then check the entries for fixing with Hijack This. If in doubt then leave them.
O4 - HKLM\..\Run: [SecurePCSolutionsBootCheck] C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\BootCheck.exe
O4 - HKLM\..\Run: [1ClickFixerPlus] C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\1ClickFixerPlus.exe
O4 - HKLM\..\Run: [SpyClean] C:\Program Files\Secure PC Solutions\1 Click Spy Clean\1ClickSpyClean.exe /startup
As I mentioned in the other topic of yours 1 Click Spy Clean is a rogue Antispyware remover which at one stage was using a stolen database from Spybot Search & Destroy, If this is free Id suggest it being removed from your PC but if you have payed for that then its really up to you if you trust the people who made it. I wouldnt want it installed on myown pc but I appreciate everyone has different views so Im just giving my opinion on this, I dont recommend fixing the entries in Hijack This because if you didnt want to keep the program, its best to remove it using the Add/Remove programs screen, More info on that can be found Here.
Can you run a full scan with Kaspersky's online scanner so we can see if there is any remaining malware problems:
- Please go HERE and click Kaspersky Online Scanner
- Read and Accept the Agreement
- You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- If you see a Windows dialog asking if you want to install this software, click the Install button.
- The program will launch and then begin downloading the latest definition files,
- When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
- Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
- Under "Please select a target to scan:", click My Computer to start the scan.
- When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Regards
Andy
#3 OFFLINE
-
- Members
-
- 8 posts
Newbie
Posted 01 June 2006 - 09:19 AM
Hi Andy,
Thank you for your assistance.
I followed the different steps described on your analysis, and finally runned Kasperky (4 hours alone (!)).
Kasperky found additional 10 viruses, in the electronic mail, that obviously were not detected by previous a/v solutions (Panda, Trend Micro), including my resident a/v solution, Antivir.
As to 1 Click softwares, i have recently purchased them. In line with your advise, i will go back to them asking for refund, there is a 30 day money back warranty.
Will get rid up of them soon.
My PC is still very slow at start up : not 4 minutes, but 10 minutes.
Any ideas?
Here is the log. Hope it is final.
Thanks.
Fox
Logfile of HijackThis v1.99.1
Scan saved at 11:00:51, on 01/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Vikao 3.1.3 Client [FR]\STCVRemote.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\1ClickFixerPlus.exe
C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\1ClickFixerPlus.exe
C:\Program Files\Secure PC Solutions\1 Click Spy Clean\1ClickSpyClean.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.9.0.38\PlaxoHelper.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\PyGrenouille\pygrenouille.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\CariBarre\cb.exe
C:\Program Files\SpamPal\spampal.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PyGrenouille\pygrenouille.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.f...page_recherche/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: HLIeBar - {0A120D41-244B-11D5-8122-005004F6D77D} - C:\Program Files\HumanLinks\bin\HLIeBar.dll
O3 - Toolbar: Furl Toolbar - {74E677D9-0F37-4654-85E9-02F36AA295EB} - C:\Program Files\Furl Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [VIKAO RESIDENT] "C:\Program Files\Vikao 3.1.3 Client [FR]\STCVRemote.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SecurePCSolutionsBootCheck] C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\BootCheck.exe
O4 - HKLM\..\Run: [1ClickFixerPlus] C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\1ClickFixerPlus.exe
O4 - HKLM\..\Run: [SpyClean] C:\Program Files\Secure PC Solutions\1 Click Spy Clean\1ClickSpyClean.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.9.0.38\PlaxoHelper.exe -a
O4 - Startup: CariBarre.lnk = C:\Program Files\CariBarre\cb.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PyGrenouille.lnk = C:\Program Files\PyGrenouille\pygrenouille.exe
O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = C:\WINDOWS\SCMain.exe
O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = C:\WINDOWS\WCMain.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Furl It - http://www.furl.net/.../rightClick.jsp
O8 - Extra context menu item: Résumer avec Copernic Summarizer - C:\Program Files\Copernic Summarizer\Web\SummarizePage.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O12 - Plugin for .cpc: C:\Program Files\Internet Explorer\PLUGINS\NPCPC32.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - http://d.66.155.171.52.downloads.estara.co...543058OneCC.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotion...canner37480.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} (CSQ Object) - http://www.monvendeur.com:90/view.cab
O16 - DPF: {CCAE551F-B8A2-11D5-BE8E-00D0B7E10E31} (STCTDirManager Control) - http://www.mayeticvillage.fr/STNDSetup.nsf...e/Client_fr.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Thank you for your assistance.
I followed the different steps described on your analysis, and finally runned Kasperky (4 hours alone (!)).
Kasperky found additional 10 viruses, in the electronic mail, that obviously were not detected by previous a/v solutions (Panda, Trend Micro), including my resident a/v solution, Antivir.
As to 1 Click softwares, i have recently purchased them. In line with your advise, i will go back to them asking for refund, there is a 30 day money back warranty.
Will get rid up of them soon.
My PC is still very slow at start up : not 4 minutes, but 10 minutes.
Any ideas?
Here is the log. Hope it is final.
Thanks.
Fox
Logfile of HijackThis v1.99.1
Scan saved at 11:00:51, on 01/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Vikao 3.1.3 Client [FR]\STCVRemote.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\1ClickFixerPlus.exe
C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\1ClickFixerPlus.exe
C:\Program Files\Secure PC Solutions\1 Click Spy Clean\1ClickSpyClean.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.9.0.38\PlaxoHelper.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\PyGrenouille\pygrenouille.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\CariBarre\cb.exe
C:\Program Files\SpamPal\spampal.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PyGrenouille\pygrenouille.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.f...page_recherche/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: HLIeBar - {0A120D41-244B-11D5-8122-005004F6D77D} - C:\Program Files\HumanLinks\bin\HLIeBar.dll
O3 - Toolbar: Furl Toolbar - {74E677D9-0F37-4654-85E9-02F36AA295EB} - C:\Program Files\Furl Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [VIKAO RESIDENT] "C:\Program Files\Vikao 3.1.3 Client [FR]\STCVRemote.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SecurePCSolutionsBootCheck] C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\BootCheck.exe
O4 - HKLM\..\Run: [1ClickFixerPlus] C:\Program Files\Secure PC Solutions\1 Click Fixer PLUS\1ClickFixerPlus.exe
O4 - HKLM\..\Run: [SpyClean] C:\Program Files\Secure PC Solutions\1 Click Spy Clean\1ClickSpyClean.exe /startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.9.0.38\PlaxoHelper.exe -a
O4 - Startup: CariBarre.lnk = C:\Program Files\CariBarre\cb.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PyGrenouille.lnk = C:\Program Files\PyGrenouille\pygrenouille.exe
O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = C:\WINDOWS\SCMain.exe
O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = C:\WINDOWS\WCMain.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Furl It - http://www.furl.net/.../rightClick.jsp
O8 - Extra context menu item: Résumer avec Copernic Summarizer - C:\Program Files\Copernic Summarizer\Web\SummarizePage.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O12 - Plugin for .cpc: C:\Program Files\Internet Explorer\PLUGINS\NPCPC32.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - http://d.66.155.171.52.downloads.estara.co...543058OneCC.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - http://download.zonelabs.com/bin/promotion...canner37480.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} (CSQ Object) - http://www.monvendeur.com:90/view.cab
O16 - DPF: {CCAE551F-B8A2-11D5-BE8E-00D0B7E10E31} (STCTDirManager Control) - http://www.mayeticvillage.fr/STNDSetup.nsf...e/Client_fr.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
#4 OFFLINE
-
- Spyware Moderators
-
- 1,821 posts
Power Member
- Gender:Male
- Location:Manchester. UK
- Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.
Posted 01 June 2006 - 09:55 AM
Hi Fox
If Kaspersky found problems it would of been good to post back the results incase the files were not removed from your pc, You currently have over 30 items starting up with Windows so that could explain why its taking so long to get running. As they are genuine (With the exception of 1Click) its not really for me to say what you should have starting or what should be disabled but you may want to consider going to Start Menu > Run > Typing msconfig and then goto the Startup tab and disable some items which can be run manually when needed, then press Apply and OK and reboot to see if it improves the startup time. If you do then it will show if it is the amount of programs running thats causing the problem.
If the problem is still there try running Disk Defrag (Start Menu > All Programs > Accessories > System Tools > Disk Defragmenter) First use the Analyse button and then run Defrag if its recommended.
Next Goto Start Menu -> Run -> type
SFC /SCANNOW
(There's a space after SFC) , Press OK and it will run the System File Checker. Follow the prompts, and insert your Windows installation CD if requested then reboot the computer after it has finished.
As it doesnt appear to be a malware problem Im not sure I can help with this but you could try running the Full Tests at PCPitStop and post back the results as it may show if there is any hardware issues.
Register (it's free, don't worry) with PCPitStop and run the full tests here:
http://www.pcpitstop...top/default.asp
Click Test this system, it then may prompt you to install a ActiveX control , click Install if you get the option, then click Let's Go. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the menu then copy the URL provided and post it back, It should look like this:
Hopefully one of the above steps will help
Andy
If Kaspersky found problems it would of been good to post back the results incase the files were not removed from your pc, You currently have over 30 items starting up with Windows so that could explain why its taking so long to get running. As they are genuine (With the exception of 1Click) its not really for me to say what you should have starting or what should be disabled but you may want to consider going to Start Menu > Run > Typing msconfig and then goto the Startup tab and disable some items which can be run manually when needed, then press Apply and OK and reboot to see if it improves the startup time. If you do then it will show if it is the amount of programs running thats causing the problem.
If the problem is still there try running Disk Defrag (Start Menu > All Programs > Accessories > System Tools > Disk Defragmenter) First use the Analyse button and then run Defrag if its recommended.
Next Goto Start Menu -> Run -> type
SFC /SCANNOW
(There's a space after SFC) , Press OK and it will run the System File Checker. Follow the prompts, and insert your Windows installation CD if requested then reboot the computer after it has finished.
As it doesnt appear to be a malware problem Im not sure I can help with this but you could try running the Full Tests at PCPitStop and post back the results as it may show if there is any hardware issues.
Register (it's free, don't worry) with PCPitStop and run the full tests here:
http://www.pcpitstop...top/default.asp
Click Test this system, it then may prompt you to install a ActiveX control , click Install if you get the option, then click Let's Go. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the menu then copy the URL provided and post it back, It should look like this:
Quote
TechExpress link for your current results:
http://www.pcpitstop.com/techexpress.asp?i...HK0WE3HLEWRE99Q
http://www.pcpitstop.com/techexpress.asp?i...HK0WE3HLEWRE99Q
Hopefully one of the above steps will help
Andy
#5 OFFLINE
-
- Members
-
- 8 posts
Newbie
Posted 01 June 2006 - 01:53 PM
Hi Andy,
Still painful problems.
I runned both msconfig & SFC.
Here are the results of Pitstop
TechExpress link for your current results:
http://www.pcpitstop...AUDPWSYP6JSEQ0Q
Not enough memory, hard drive too small. Will save elsewhare part of it, to get 4 Go additional space.
As to Kasperky results, i don't want to share in public this kind of information. Give me your email address.
Actually, there were several trojans in electronic mail.
Thanks for your help.
Fox
Still painful problems.
I runned both msconfig & SFC.
Here are the results of Pitstop
TechExpress link for your current results:
http://www.pcpitstop...AUDPWSYP6JSEQ0Q
Not enough memory, hard drive too small. Will save elsewhare part of it, to get 4 Go additional space.
As to Kasperky results, i don't want to share in public this kind of information. Give me your email address.
Actually, there were several trojans in electronic mail.
Thanks for your help.
Fox
#6 OFFLINE
-
- Spyware Moderators
-
- 1,821 posts
Power Member
- Gender:Male
- Location:Manchester. UK
- Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.
Posted 01 June 2006 - 03:28 PM
Hi Fox
Like you say more RAM would really help you and it looks like your Hard Drive is running out of space so it appears to be time for an upgrade or a spring clean I dont think we can help solve this based on those results as its likely that 256MB of RAM isnt enough for your setup, With you also starting to run out of disk space then eventually Windows will start having problems writing temp, swap files etc.. and it will effect the performance if its not already doing that.
This site will help you determine what RAM is compatible with your system if needed, The scan results also show some of your security settings in the Restricted zone may not be set correctly but you can you the AutoFix tool PCPitstop provides Here to adjust those settings or adjust them manually if you wish based on the advise they are giving.
If you wanted to send anything by email please send it to
AndyManchesta(AT)hotmail.com (Replace (AT) With @)
I will check them out but it doesnt appear the speed problem is connected to the items found in your email box but it would be nice to see what has been detected on your system just to be safe.
Regards
Andy
Like you say more RAM would really help you and it looks like your Hard Drive is running out of space so it appears to be time for an upgrade or a spring clean
I dont think we can help solve this based on those results as its likely that 256MB of RAM isnt enough for your setup, With you also starting to run out of disk space then eventually Windows will start having problems writing temp, swap files etc.. and it will effect the performance if its not already doing that. This site will help you determine what RAM is compatible with your system if needed, The scan results also show some of your security settings in the Restricted zone may not be set correctly but you can you the AutoFix tool PCPitstop provides Here to adjust those settings or adjust them manually if you wish based on the advise they are giving.
If you wanted to send anything by email please send it to
AndyManchesta(AT)hotmail.com (Replace (AT) With @)
I will check them out but it doesnt appear the speed problem is connected to the items found in your email box but it would be nice to see what has been detected on your system just to be safe.
Regards
Andy
#7 OFFLINE
-
- Members
-
- 8 posts
Newbie
Posted 04 June 2006 - 06:20 PM
AndyManchesta, on Jun 1 2006, 05:28 PM, said:
Hi Fox
Like you say more RAM would really help you and it looks like your Hard Drive is running out of space so it appears to be time for an upgrade or a spring clean I dont think we can help solve this based on those results as its likely that 256MB of RAM isnt enough for your setup, With you also starting to run out of disk space then eventually Windows will start having problems writing temp, swap files etc.. and it will effect the performance if its not already doing that.
This site will help you determine what RAM is compatible with your system if needed, The scan results also show some of your security settings in the Restricted zone may not be set correctly but you can you the AutoFix tool PCPitstop provides Here to adjust those settings or adjust them manually if you wish based on the advise they are giving.
If you wanted to send anything by email please send it to
AndyManchesta(AT)hotmail.com (Replace (AT) With @)
I will check them out but it doesnt appear the speed problem is connected to the items found in your email box but it would be nice to see what has been detected on your system just to be safe.
Regards
Andy
Like you say more RAM would really help you and it looks like your Hard Drive is running out of space so it appears to be time for an upgrade or a spring clean
I dont think we can help solve this based on those results as its likely that 256MB of RAM isnt enough for your setup, With you also starting to run out of disk space then eventually Windows will start having problems writing temp, swap files etc.. and it will effect the performance if its not already doing that. This site will help you determine what RAM is compatible with your system if needed, The scan results also show some of your security settings in the Restricted zone may not be set correctly but you can you the AutoFix tool PCPitstop provides Here to adjust those settings or adjust them manually if you wish based on the advise they are giving.
If you wanted to send anything by email please send it to
AndyManchesta(AT)hotmail.com (Replace (AT) With @)
I will check them out but it doesnt appear the speed problem is connected to the items found in your email box but it would be nice to see what has been detected on your system just to be safe.
Regards
Andy
Hi Andy,
I have run virustotal.com on a specific file as requested. 1stPage2000 - an australian htlm maker program.
Here is the result. What you i understand?
http://www.virustotal.com/vt/en/resultadof...734e32d77ef1030
Regards
Fox
#8 OFFLINE
-
- Spyware Moderators
-
- 1,821 posts
Power Member
- Gender:Male
- Location:Manchester. UK
- Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.
Posted 04 June 2006 - 07:42 PM
Hi Fox
Remove that 1stpage2000.zip file if its still on the pc
We cleared what Kaspersky & Bitdefender found through email so hopefully its removed all the infected items, If you think there might be more problems try another scan such as TrendMicro or Pandascan
TrendMicro HouseCall
Panda Activescan
Andy
Remove that 1stpage2000.zip file if its still on the pc
We cleared what Kaspersky & Bitdefender found through email so hopefully its removed all the infected items, If you think there might be more problems try another scan such as TrendMicro or Pandascan
TrendMicro HouseCall
- Click Scan now. It's free!
- Read the terms and put a Check next to Yes I accept the terms of use.
- Click the Launching HouseCall>> button.
- If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
- You may receive a Security Warning about the TrendMicro Java applet, click YES.
- Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
- Please be patient while it installs, updates, and scans your system.
- Once the scan is complete, it will take you to the summary page.
- Under Cleanup options, choose clean all detected infections automatically.
- Click the Clean now>> button.
- If anything was found you may be prompted to run the scan again, you can just close the browser window.
- Reboot the PC
Panda Activescan
- Once you are on the Panda site click the Scan your PC button
- - A new window will open...click the Check Now button
- - Enter your Country
- - Enter your State/Province
- - Enter your e-mail address and click send
- - Select either Home User or Company
- - Click the big Scan Now button
- - If it wants to install an ActiveX component allow it
- - It will start downloading the files it requires for the scan
(Note: It may take a couple of minutes) - - When the download is complete, click on Local Disks to start the scan
- - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back.
Andy
#9 OFFLINE
-
- Members
-
- 8 posts
Newbie
Posted 06 June 2006 - 07:02 PM
Andy,
As to memory upgrade, can i use two RAM working at different frequencies, ie 266 Mhz (original one) and 333 Mhz (new one). After scanning my PC, Crucial advised a new 333 Mhz extra RAM.
Thanks.
Fox
As to memory upgrade, can i use two RAM working at different frequencies, ie 266 Mhz (original one) and 333 Mhz (new one). After scanning my PC, Crucial advised a new 333 Mhz extra RAM.
Thanks.
Fox
#10 OFFLINE
-
- Spyware Moderators
-
- 1,821 posts
Power Member
- Gender:Male
- Location:Manchester. UK
- Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.
Posted 12 June 2006 - 09:00 PM
Hi Fox
Sorry for the delay , Ive only just noticed the reply as I had abit of time to browse the forum, it will work but the slowest module will determine the overall speed of the memory,
http://www.crucial.c...er.asp?qid=4032
I suggest emailing Crucial if you need assistance as they will be able to help with any questions you have regarding upgrades
http://www.crucial.c...ntacts.asp?qid=
Sorry for the delay , Ive only just noticed the reply as I had abit of time to browse the forum, it will work but the slowest module will determine the overall speed of the memory,
http://www.crucial.c...er.asp?qid=4032
I suggest emailing Crucial if you need assistance as they will be able to help with any questions you have regarding upgrades
http://www.crucial.c...ntacts.asp?qid=
