Viruses and Screen Saver problems...

Hi, :slight_smile:

I had a virus (not detected by AVAST!!) :
av2009 and also blphcv8e3eab.scr
Since that, I cannot start some Screen Savers I have in a FILE…
It gives me the configuration window.

Somebody could help?

I have SpyBot 1.6.0.31, and Eusing Registry Cleaner 1.8.
I made a big Clean-Up of my PC.
A complete run of AVAST.
And still the same problem.
I couldn’t do any Restore System because
it seems those viruses destroyed the back ups
my system (Windows 2000 XP PRO Version 2002 SP3)
does every day… :mad:

Before, I used to double click a Screen Saver Application
and it would start immediately…
Thanks in advance.
Have a nice day. :wink:

Jean*

hi jean
a couple of things to get started
this 2009 is a nasty BTW
If you get any advise from tech support guy post it up here
do you have Windows 2000 or Windows XP and which service pack, if any?

update avast by rt clicking the blue ball and select update program- it will also update the database
then rt the ball and schedule a boot time scan- reboot
If W2K does not allow boot time scans run both AVAST and Spybot from safe mode
send any hits to the chest- do not delete-remove
post a log if anything found

update spybot and run a scan- quarantine any hits
if spybot cannot complete reboot into safe mode -tap F8 while booting and run from there
post a log if anything found- not cookies- but nuke em

back in normal mode
dl malwarebytes anti malware (free-bypass the nag screen) update and run a scan
check all nasties and Click REMOVE
post a log

read the stickie at the top of this forum and post a Hijack This
when downloading do not click “OPEN” click “SAVE” and to a named file like C"\HJT not Temp or desktop
close all browser windows including this one
DO NOT FIX anything- just post the loig

Hi wyrmrider,

Thanks for your answer.

I have WINDOWS XP PRO - Version 2002 - SP3
(In my first post I wrote W 2000 XP PRO - my mistake ;))

Avast is always updated automatically,
and I do it also manually from time to time.
I also scan my system with avast once a month
a deep scan with zip files and all…
So I don’t think it was the problem…

I run Spybot and other malware programs
once a week and I update them as well.

So I don’t see what more I can do!
AVAST should be always updated
because it is done automatically!
(It updates itself more than twice a day!!)

I did EVERYTHING you tell me to do
except run AVAST in safe mode.
I will do it now and run hijackthis also.
And I’ll post the log.

Jean*

back in normal mode
dl malwarebytes anti malware (free-bypass the nag screen)
update and run a scan
check all nasties and Click REMOVE
post a log
and the HJT

(as of now this is the best first thing to do for a 2009 anti spy thing)

tomorrow wednasday update spybot and re-immunize
(are you running spybot 1.6?
and
have you ever run 1.3 or 1.4?
do not update to 1.6 if you have ever run 1.3 or 1.4 post back- thanks- but do do the detection update and reimmunize

download and install Javacool spywareblaster (takes no running resources)

we might have to use a heavy duty tool like SD-Fix but I want to be reasonably sure all the easy things are gone first

If you have time could you run a back up AV scan with Kaspersky or Dr Web Cure It?

Now we will have 2 AV scans and 2 Antispyware/ anti-malware scans

Hi,

dl malwarebytes anti malware (free-bypass the nag screen) update and run a scan

What dl means?? nag screen??

I updated and run malwarebytes really 3/4 times since!!
It’s not enough?? :wink:

I have SpyBot vers. 1.6.0.31.
I use this program since a long time,
so I most probably used the anterior versions!!
Nobody ever told me not to update the vers. 1.6!!
Why not do so??

then rt the ball and schedule a boot time scan- reboot

If you mean scan the memory at start time, it is always on.

If you mean running a complete scan,
I don’t see the possibility to run avast
in safe mode with the r click,
I’ll do it manually.

I’ll download Javacool spywareblaster, [color=blue] and Hijack This
and run the programs.

Thanks
Jean*

I updated and run malwarebytes really 3/4 times since!!
did you post a log
lots of people run malwarebytes but never check the baddies and/or click REMOVE
so post a MBAM log with the HJT
we have to see what baddies we are dealing with

Answer the question
Did you ever have Spybot 1.3 or 1.4 ?
There are stability problems with the overwrite direct program update to 1.6 which require a un-immunization and a complete removal and reinstallation
if you just updated from 1.5 you are most likely OK
update and reimmunize tomorrow in any case
great program

Dl- download nag screen- please purchase

we are not talking about scanning memory at start of avast
we are not talking about safe mode unless you can’t run any other way
Avast has an option to schedule a scan at startup before anything else loads
this catches things which get protected later
not a biggie but you do it by rt clicking the ball and looking at the options
sorry- my os does not support this feature but XP does

other malware programs - what other malware programs?

Hi,

It’s becoming quite complicated.
And You didn’t explain to me why AVAST did not block those viruses in the first place??
AVAST is ALWAYS ON and always on AUTOMATIC UPDATE,
for the program and the virus base…
May be I should have another Anti Virus…

lots of people run malwarebytes but never check the baddies and/or click REMOVE

I’m not that dumb!!

I already had Malwarebytes and used it regularly.
I just run it again for you now and the result is Éléments infectés : 0
Here is the Malwarebytes log:

Malwarebytes’ Anti-Malware 1.25
Version de la base de données: 1071
Windows 5.1.2600 Service Pack 3

01:21:37 2008-08-27
mbam-log-08-27-2008 (01-21-25).txt

Type de recherche: Examen complet (C:|)
Eléments examinés: 69324
Temps écoulé: 21 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

I don’t write down each and every version of all the programs I use…
It’s quite possible I used Spybot 1.3 or 1.4. Who knows?
I will uninstall it completely and reinstall the latest version!

And I know the importance of updating programs…
Each time I run SpyBot, Malwarebytes, Eusing Registry Cleaner, Adaware, SFL
and what not… I can assure you that I check for updates EACH TIME I run them!
And even if AVAST is updated automatically, I do it manually from time to time.
WHAT ESLE can I do?? I feel overprotected!!
If I go a step further, I feel every siteweb will be blocked! :slight_smile:

And lastly, here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:56, on 2008-08-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\THEWEA~1\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\spoolsv.exe
E:\0000\40 APPLI CATIONS\CAPTURE\captimag.exe
C:\Documents and Settings\c\Menu Démarrer\Programmes\Démarrage\SaverStarter.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Documents and Settings\c\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM..\Run: [POINTER] c:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM..\Run: [IntelliType] “C:\Program Files\Microsoft Hardware\Keyboard\type32.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU..\Run: [PopUpStopperFreeEdition] “C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe”
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [DW6] “C:\PROGRA~1\THEWEA~1\Desktop\DesktopWeather.exe”
O4 - Startup: captimag.lnk = E:\0000\40 APPLI CATIONS\CAPTURE\captimag.exe
O4 - Startup: SaverStarter.exe
O4 - Startup: TCLOCKEX.lnk = C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: =>&Anglais - http:\wordreference.com\fr\en\j\0300.htm
O8 - Extra context menu item: =>&Français - http:\wordreference.com\fr\j\iefr119.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203493634812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203977164578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe


End of file - 6630 bytes

To me, the only program that seems a problem is: (last line)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

Thanks again
Jean*


I don't write down each and every version of all the programs I use... It's quite possible I used Spybot 1.3 or 1.4. Who knows? I will uninstall it completely and reinstall the latest version!

No need to uninstall Spybot as it can be updated within the program. The latest version is in the 1.5 range. You can also find out what version you have by starting Spybot, clicking on “Help” at the top of the user interface, and then clicking on “About” in the drop down menu.

Most people do not write down the versions of programs the use but almost all programs have an easy way to find out what version it is just as Spybot does in my example above. Some programs will have seperate Help and About buttons but others will have the About information in the menu under Help.


Hi CharleyO :wink:

You can also find out what version you have by starting Spybot, clicking on "Help" at the top of the user interface, and then clicking on "About" in the drop down menu.

Or simply right click and “properties”…
I know which version I have. I already told wyrmrider in a previous post…

I have SpyBot vers. 1.6.0.31.

He wanted to know if I used 1.3 and 1.4 BEFORE…
He kind of told in his message there could be a problem
with Spybot, if I used other versions before!!

Anyway…

I run AVAST in Safe Mode. Here is the report:

27/08/2008 02:55
Analyse de C:\

Fichier C:\System Volume Information_restore{FE89ECD9-3607-4ED5-BFB5-76796F3756BB}\RP12\A0000665.exe%SYS32%\rkinstall.exe est infecté par Win32:Adware-gen [Adw], Mis en quarantaine
Fichier C:\System Volume Information_restore{FE89ECD9-3607-4ED5-BFB5-76796F3756BB}\RP12\A0000670.exe%SYS32%\rkinstall.exe est infecté par Win32:Adware-gen [Adw], Mis en quarantaine
Fichier C:\WINDOWS\SoftwareDistribution\Download\f5d7738acf9c48c006cd814026ee1a38\BIT10.tmp_sfx_0003._p Erreur 42127 {archive CAB corrompue.}
Nombre de dossiers parcourus : 3941
Nombre de fichiers analysés : 122570
Nombre de fichiers infectés : 2

After a google on rkinstall, it doesn’t seem to be a threat.

READ my initial post to see the ONLY problem I have.
It’s just about not being able to start a screen saver
just by a double click! I MUST install it each time.
It was not like that BEFORE I got the virus AV2009.

Thanks for your answer, CharleyO :wink:

Jean*

Hi JEAN*

From the analysis you have neither av nor firewall there, is that right?

polonus

Hi polonus,
How are you?

If av stands for AVAST, yes it’s on with RÉSEAU et STANDARD protection on HIGH.
I have no firewall on.

Jean*

Hi Jean*,

At least turn on the windows firewall, then download SAS and give that a swing, there is a brand new version here:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

polonus

Hi, :slight_smile:

The FireWall is on and SAS is running for 1 h 12 m 18 s exactly now and nothing found!
I’m not surprised, I have cleaned up my PC constantly since 2 days! :slight_smile: :slight_smile: :slight_smile:
My problem was not about CLEANING !! :wink:
What do I do next??

Thanks again,
Jean*

Sorry Jean* could not see the forest because of the trees

Pol
the key word was HAD in the first post :slight_smile:
would the “policies” tool help here?
I’ve seen this screensaver thing before but have to think of where

[color=blue]Hi wyrmrider,

BINGO!! You got it.!! :wink: :slight_smile: :slight_smile:

I posted here because it involved viruses.
But indeed it is just a screen saver problem.
BUT it was caused by viruses.
So I just taught it would be ok to post in that section.

For information:

I run SpyBot first and then SuperAntiSpyware,
SpywareBlaster, and MalwareBytes…
After SpyBot, nothing esle was found!!!
So, to me, SpyBot is really good,
and I don’t feel I need the other programs…

I've seen this screensaver thing before but have to think of where

So there is hope!! :slight_smile: :slight_smile:

Many many thanks for your help,
Jean*

(I include a HJT log, can you check it for me please?) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:48, on 2008-08-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\THEWEA~1\Desktop\DesktopWeather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
E:\0000\40 APPLI CATIONS\CAPTURE\captimag.exe
C:\Documents and Settings\c\Menu Démarrer\Programmes\Démarrage\SaverStarter.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HJT\Prog Installé\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM..\Run: [POINTER] c:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM..\Run: [IntelliType] “C:\Program Files\Microsoft Hardware\Keyboard\type32.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU..\Run: [PopUpStopperFreeEdition] “C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe”
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [DW6] “C:\PROGRA~1\THEWEA~1\Desktop\DesktopWeather.exe”
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: captimag.lnk = E:\0000\40 APPLI CATIONS\CAPTURE\captimag.exe
O4 - Startup: SaverStarter.exe
O4 - Startup: TCLOCKEX.lnk = C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: =>&Anglais - http:\wordreference.com\fr\en\j\0300.htm
O8 - Extra context menu item: =>&Français - http:\wordreference.com\fr\j\iefr119.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203493634812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203977164578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe


End of file - 6983 bytes

Hi JEAN*,

You can fix this line with HJT:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
File Missing
When a file is missing, you should always have HijackThis fix the item.

Further analysis of your hjt file:
Your system seems clean of malicious software, but you have no active firewall running. This could cause a hightened risk of remote attacks.

Survey of active tasks:
smss.exe

System task

Session Manager Subsystem
winlogon.exe

System task

Microsoft Windows Logon Process
services.exe

System task

Windows Service Controller
lsass.exe

System task

Local Security Authority Service
svchost.exe

System task

Microsoft Service Host Process
svchost.exe

System task

Microsoft Service Host Process
svchost.exe

System task

Microsoft Service Host Process
aswUpdSv.exe

Virusscan

Avast Anti-Virus Component
Explorer.EXE

System task

Microsoft Windows Explorer
ashServ.exe

Virusscan

Avast
jusched.exe

Backgroundtask

Sun Java Update Scheduler
point32.exe

Application

Microsoft Intellimouse Monitor
type32.exe

Application

Microsoft Office Keyboard Console
ashDisp.exe

Virusscan

Avast AntiVirus
realsched.exe

Application

RealNetworks Scheduler
PSFree.exe

Backgroundtask

Pop-Up Stopper Free from Panicware.
MsnMsgr.Exe

Application

MSN Messenger
DesktopWeather.exe

Unknown task

SUPERAntiSpyware.exe

Anti Add/Spyware software

SUPERAntiSpyware
spoolsv.exe

System task

Microsoft Printer Spooler Service
orbitdm.exe

Background task

orbitdm.exe
captimag.exe

Unknown task

SaverStarter.exe

Unknown task (screen saver freeware)

Webshots.scr

Unknown task Description: File webshots.scr is located in a subfolder of “C:\Program Files” or sometimes in a subfolder of C:. Known file sizes on Windows XP are 1605632 bytes (60% of all occurrence), 1646592 bytes, 3297280 bytes, 1650688 bytes, 1843200 bytes.
There is an icon for this program on the taskbar next to the clock. The program has a visible window. The file is not a Windows core file. webshots.scr is able to connect to Internet, record inputs. Therefore the technical security rating is 18% dangerous, however also read the users reviews.

If webshots.scr is located in the folder C:\Windows then the security rating is 21% dangerous. File size is 1957888 bytes (85% of all occurrence), 634880 bytes. The program has a visible window. The file is located in the Windows folder, but it is not a Windows core file. The file is not a Windows core file. webshots.scr is able to record inputs, connect to Internet.

Important: Some malware camouflage themselves as webshots.scr, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the webshots.scr process on your pc whether it is pest. We recommend Security Task Manager for verifying your computer’s security. It is one of the Top Download Picks of 2005 of The Washington Post and PC World.

ashMaiSv.exe

Virusscan

Avast Anti-Virus Component
ashWebSv.exe

Virusscan

avast! Web Scanner
usnsvc.exe

Application

Messenger Sharing USN Journal Reader Service
rundll32.exe

System task

Microsoft Rundll32
iexplore.exe

Application

Microsoft Internet Explorer
WLLoginProxy.exe

Application

Microsoft? Windows Live Login Helper
HijackThis.exe

Application

Merijn Hijackthis

polonus

Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.

Then get the latest update from here http://java.sun.com/javase/downloads/index.jsp
The latest version is JRE version 6 update 7, there is a Release Candidate (RC) update 10 but I would give that a wide berth until it is a regular release.

A visit to http://secunia.com/software_inspector/ for a check to see if there are any other updates you need.

The sun Java version you are running is down level and has security exposures.

Download JavaRa then run it and un-install all old versions of sun Java:
http://raproducts.org

Get the latest version of Sun Java:
http://www.java.com/en/download/manual.jsp

Go to Secunia: Online Software Inspector and run it to detect other insecure aplications:
http://secunia.com/software_inspector

Is that an Echo I can hear ;D

Is that an Echo I can hear

I was just pointing out JavaRa.

I wonder if polonus was around when God was making the Universe that there would not have been as many mistakes made?