HELP infected computer Solved

Question

Hello, Hello everyone, I'm writing to you today because I'm having quite a few issues with my PC. Since it wasn't running fast, I tried running scans with various software to locate the problem, followed by antivirus programs which despite what their reports indicated, didn't seem to work, as the computer still has bugs that I can't resolve.  For example: when I want to uninstall a program, the "add or remove programs" window takes 5 minutes to open. Anyway, I imagine my PC is still infected, so if anyone could kindly give me some information to help me get rid of these little problems for good, it would be really nice.  Thanks in advance.

dydoudu09om · Accepted Answer

Hi, download Spybot because it's the best antivirus https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html it goes super fast and if it bugs again, do a defragmentation.

darkpoet · Answer

download Hijackthis: http://www.trendsecure.com/portal/en-US/tools/security_tools­/hijackthis  .click on download .click on download Hijackthis installer .save it to the desktop .Close all open programs including the browser. except your antivirus and firewall .install it, it will install by default in C:\Program Files\Trend Micro\HijackThis .Click on "Do a system scan and save the logfile" .This will open a notepad at the end of the scan. .Copy its content and post it in your next message. otherwise the report is in C:\Program Files\Trend Micro\HijackThis\ hijackthis "text document"   if you need help with the installation: https://www.malekal.com/tutoriel-hijackthis/   -- teaching is always learning

V-X · Answer

Hey,  to follow  -- alcohol kills slowly, we don't care, we're not in a hurry......

crapoulou · Answer

Hi, Wow! I just learned that Spybot was an antivirus! You're surprising all the helpers! I'm sure V-X and darkpoet didn't know that! See you later and good luck. -- Got a problem? Head over to CCM! There is no problem without a solution.

darkpoet · Answer

Yes, and with CCleaner, you turn your PC into a liquid-cooled machine with neon lights and an infinitely memory disk, lol  -- to teach is always to learn

turbulent13 · Answer

Hi everyone, here is the HijackThis report, hoping there’s nothing too serious... waiting for your responses. Thanks a lot.   Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:12:42, on 01/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal  Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe D:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe D:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE D:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE D:\WINDOWS\system32
vsvc32.exe D:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE D:\WINDOWS\system32\svchost.exe D:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE D:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE D:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe D:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe D:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe D:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe D:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe D:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe D:\WINDOWS\system32\WgaTray.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Real\RealPlayer\RealPlay.exe D:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-In Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file) O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar	oolbar.dll (file missing) O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: &Search AOL Toolbar - res://D:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to AMV Converter... - C:\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar	oolbar.dll (file missing) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar	oolbar.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\windows\system32
wprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{CB32D5A6-B35C-4DD8-8A18-D5C55C029EC9}: NameServer = 86.64.145.144,84.103.237.144 O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - E:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - D:\Program Files\Orange\AntivirusFirewall\ORSP Client\fsorsp.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\maconfservice.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32
vsvc32.exe  --

darkpoet · Answer

The accumulation of antivirus software can significantly slow down the system; it is advised to have only one antivirus. Here, I would keep Antivir and remove Orange.  Then do this:   Download http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe]Ad-Remover (by Cyrildu17 / C_XX) to your Desktop.  /!\ Disconnect and close all running applications /!\  Double-click the installer, and install it in its default location (C:\Program files). Double-click the Ad-Remover shortcut located on your Desktop.  (On Vista, right-click the Ad-Remover shortcut and choose Run as administrator) In the main menu, choose option A. Post the report that appears at the end (C:\Ad-Report-Scan-(date).log).  (CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste)  Note: "Process.exe," a component of the tool, is detected by some antivirus software (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.-- To teach is to always learn.

crapoulou · Answer

There is no more option A ... Just launch it and that's enough :D -- Got a problem? Head over to CCM! There is no problem without a solution.

darkpoet · Answer

Thank you, I’m updating my information -- to teach is always to learn

darkpoet · Answer

here you go  &#9654; Download Ad-remover (from C_XX) to your desktop:  ! Log out and close all running applications !  &#9654; Double-click on "Ad-R.exe" to start the installation and leave the installation settings at default.  &#9654; Double-click on the shortcut Ad-remover on your desktop to launch the tool.  &#9654; In the main menu, choose the option "L" and press [enter].  &#9654; Let the tool work and don’t touch anything ...  &#9654; Post the report that appears at the end on the forum ...  ( The report is also saved under C:\Ad-report.log ) ( CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste )  Note: "Process.exe", a component of the tool, is detected by some antivirus software (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool. It is not a virus, but a utility designed to terminate processes. In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.  -- teaching is always learning

turbulent13 · Answer

THANK YOU FOR GIVING ME A HAND, HERE IS THE AD-REMOVER REPORT:   . ======= AD-REMOVER REPORT 1.1.4.5_B | WINDOWS XP/VISTA ONLY ======= . Updated by C_XX on 06/01/2009 at 11:50 AM Contact: AdRemover.contact@gmail.com Website: http://pagesperso-orange.fr/NosTools/ad_remover.html . Launched at: 21:03:25, 06/01/2009 | Normal Mode | Option: CLEAN Executed from: D:\Program Files\Ad-remover\ Operating System: Microsoft® Windows XP™ Service Pack 2 v5.1.2600 PC Name: PAULO | Current User: POLO . Not Administrator: ASPNET Not Administrator: HelpAssistant *Disabled* Not Administrator: Guest Administrator: LogMeInRemoteUser Administrator: Mika *Disabled* Administrator: POLO Not Administrator: SUPPORT_388945a0 *Disabled* . ============== NEUTRALIZED ITEM(S) ============== . . HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A} HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F} HKCU\Software\EoRezo HKCU\Software\FunWebProducts HKCU\Software\Grand Virtual HKCU\Software\ItsLabel HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} HKCU\Software\PartyGaming HKCU\Software\Popsicle HKCU\Software\SweetIM HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} HKLM\Software\Microsoft\Shared Tools\MSconfig\Startupreg\My Web Search Bar Search Scope Monitor HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35B-6118-11DC-9C72-001320C79847} HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A8955948-E02C-4738-AF22-53CA0F24C90B}_is1 HKLM\Software\SweetIM HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_MYWEBSEARCHSERVICE HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE HKLM\Software\Microsoft\Internet Explorer\Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847} HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847} HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9 . D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\koccinel@hotmail.fr D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\main_user_config.xml D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users	urbulent13@hotmail.fr D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\koccinel@hotmail.fr\emoticons_shortcut.xml D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\koccinel@hotmail.fr\user_config.xml D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users	urbulent13@hotmail.fr\emoticons_shortcut.xml D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users	urbulent13@hotmail.fr\lastuse_SpecialFX.xml D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users	urbulent13@hotmail.fr\user_config.xml D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000100B7.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0001081A.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010859.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0001086F.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010893.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0001089E.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000108B4.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00020190.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0002020D.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000202C0.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008000B.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080011.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008001E.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008001F.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080026.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\01050002.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\cache_indx.dat D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\Internet Explorer D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\Internet Explorer\cache D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml D:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM D:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\EoRezo\EoEngine.lnk D:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\EoRezo D:\DOCUME~1\POLO\APPLIC~1\EoRezo\cmhost.cyp D:\DOCUME~1\POLO\APPLIC~1\EoRezo\ConfMedia.cyp D:\DOCUME~1\POLO\APPLIC~1\EoRezo\db D:\DOCUME~1\POLO\APPLIC~1\EoRezo\eoDesktop D:\DOCUME~1\POLO\APPLIC~1\EoRezo\host.cyp D:\DOCUME~1\POLO\APPLIC~1\EoRezo\user.cyp D:\DOCUME~1\POLO\APPLIC~1\EoRezo\db\cat.cyp D:\DOCUME~1\POLO\APPLIC~1\EoRezo\eoDesktop\config.xml D:\DOCUME~1\POLO\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html D:\DOCUME~1\POLO\APPLIC~1\EoRezo\eoDesktop\userConfig.xml D:\DOCUME~1\POLO\APPLIC~1\EoRezo D:\DOCUME~1\POLO\APPLIC~1\ItsLabel\ItsTV D:\DOCUME~1\POLO\APPLIC~1\ItsLabel\ItsTV\itsTV.xml D:\DOCUME~1\POLO\APPLIC~1\ItsLabel D:\DOCUME~1\ALLUSE~1\DOCUME~1\Foxicle\FFADVPro.dll D:\DOCUME~1\ALLUSE~1\DOCUME~1\Foxicle\FFADVPro3.dll D:\DOCUME~1\ALLUSE~1\DOCUME~1\Foxicle\IFFADVPro.xpt D:\DOCUME~1\ALLUSE~1\DOCUME~1\Foxicle\IFFADVPro3.xpt D:\DOCUME~1\ALLUSE~1\DOCUME~1\Foxicle\Logo.gif D:\DOCUME~1\ALLUSE~1\DOCUME~1\Foxicle\main.db D:\DOCUME~1\ALLUSE~1\DOCUME~1\Foxicle\main.db-journal D:\DOCUME~1\ALLUSE~1\DOCUME~1\Foxicle\RegistrySearcher.exe D:\DOCUME~1\ALLUSE~1\DOCUME~1\Foxicle\unins000.dat D:\DOCUME~1\ALLUSE~1\DOCUME~1\Foxicle\unins000.exe D:\DOCUME~1\ALLUSE~1\DOCUME~1\Foxicle D:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.1.0.inf D:\Program Files\Mozilla FireFoxegxpcom.exe D:\WINDOWS\Installer\{59971D79-8111-42C2-9E40-883A0C277E78}\ARPPRODUCTICON.exe D:\WINDOWS\Installer\{59971D79-8111-42C2-9E40-883A0C277E78} D:\Documents and Settings\Guest\Application Data\Eorezo\ConfMedia.cyp D:\Documents and Settings\Guest\Application Data\Eorezo\db D:\Documents and Settings\Guest\Application Data\Eorezo\eoDesktop D:\Documents and Settings\Guest\Application Data\Eorezo\host.cyp D:\Documents and Settings\Guest\Application Data\Eorezo\user.cyp D:\Documents and Settings\Guest\Application Data\Eorezo\db\cat.cyp D:\Documents and Settings\Guest\Application Data\Eorezo\eoDesktop\config.xml D:\Documents and Settings\Guest\Application Data\Eorezo\eoDesktop\eoDesktop.html D:\Documents and Settings\Guest\Application Data\Eorezo\eoDesktop\userConfig.xml D:\Documents and Settings\Guest\Application Data\Eorezo D:\Documents and Settings\Guest\Application Data\ItsLabel\ItsTV D:\Documents and Settings\Guest\Application Data\ItsLabel\ItsTV\itsTV.xml D:\Documents and Settings\Guest\Application Data\ItsLabel D:\WINDOWS\Installer\100bcf57.msi D:\WINDOWS\Prefetch\EVEREST CASINO.EXE-06F073A4.pf  (!) -- Temporary files deleted.  . ============== Additional Scan ==============   * Mozilla FireFox Version 3.0.10 *   Profile Name: p2g8qcd4.default (POLO) . (Prefs.js) user_pref("browser.search.selectedEngine", "YouGoo"); (Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/firefox"); (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10"); . .  * Internet Explorer Version 8.0.6001.18702 *  [HKEY_CURRENT_USER\..\Internet Explorer\Main]  Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Start Page: hxxp://fr.msn.com/?ocid=iehp  [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]  Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/  [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]   Tabs: res://ieframe.dll/tabswelcome.htm  ============== Suspect (Cracks, Serials ...) ==============  .  +---------------------------------------------------------------------------+  9582 Bytes - D:\Ad-Report-CLEAN.log  17 File(s) - D:\Program Files\Ad-remover\BACKUP 33 File(s) - D:\Program Files\Ad-remover\QUARANTINE  End at: 21:11:05 | 06/01/2009 . ============== E.O.F ==============

darkpoet · Answer

Download https://www.majorgeeks.com/­ml MalwareByte's Anti-Malware to your Desktop.  Install it by double-clicking the file Download_mbam-setup.exe. Once the installation and update are complete: Restart your computer in safe mode - At startup, after the BIOS loads, press the F8 key repeatedly until a menu with a black background appears. Once you reach this stage, use the keyboard to select Safe Mode. -- In this mode, you do not have Internet access, and you will be in a different visual configuration (no wallpaper, very large icons). So don’t be surprised. --- For these different reasons, I invite you to print, note down, or save the following information in a text document so that you do not get lost. ---- ! Do not start your computer in safe mode via MSConfig! Why? Some infections break the safe mode keys, which would cause your computer to crash.  Now run [b]MalwareByte's Anti-Malware. If you haven't already, select "Run a Full Scan". To start the search, click on "Search". Once the scan is complete, a window will open, click OK. Two options are available to you:  ~ If the program found nothing, press OK. A report will appear, close it. ~~ If infections are present, click on "Show Results" then on "Remove Selected". Save the report to your Desktop. ~~~~ Restart your computer normally and post the report in your next response.  NOTE: If MalwareByte's Anti-Malware needs to restart to complete the removal, accept by clicking OK  [b]Note/b: If you can't download MBAM from MajorGeeks, you can download it https://www.besttechie.com/resources/malwarebytes/  Help: http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec]How to start your computer in safe mode  -- teaching is always learning

turbulent13 · Answer

hi  finally back from work, I just ran the analysis with MalwareByte's Anti-Malware in safe mode here is the report  Malwarebytes' Anti-Malware 1.37 Database version: 2214 Windows 5.1.2600 Service Pack 2  02/06/2009 18:29:56 Report safe mode mbam-log-2009-06-02 (18-29-36)  Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 143485 Time elapsed: 31 minute(s), 1 second(s)  Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 10  Memory Processes Infected: (No malicious items detected)  Memory Modules Infected: (No malicious items detected)  Registry Keys Infected: (No malicious items detected)  Registry Values Infected: (No malicious items detected)  Registry Data Items Infected: (No malicious items detected)  Folders Infected: (No malicious items detected)  Files Infected: d:\system volume information\_restore{64bd409b-71b8-4529-9e0e-682a29e94023}\RP231\A0158630.dll (Adware.MyWebSearch) -> No action taken. d:\system volume information\_restore{64bd409b-71b8-4529-9e0e-682a29e94023}\RP231\A0158631.DLL (Adware.MyWebSearch) -> No action taken. d:\system volume information\_restore{64bd409b-71b8-4529-9e0e-682a29e94023}\RP231\A0158634.DLL (Adware.MyWeb) -> No action taken. d:\system volume information\_restore{64bd409b-71b8-4529-9e0e-682a29e94023}\RP231\A0158637.DLL (Adware.MyWebSearch) -> No action taken. d:\system volume information\_restore{64bd409b-71b8-4529-9e0e-682a29e94023}\RP231\A0158657.DLL (Adware.MyWebSearch) -> No action taken. d:\system volume information\_restore{64bd409b-71b8-4529-9e0e-682a29e94023}\RP231\A0158665.EXE (Adware.MyWeb) -> No action taken. d:\system volume information\_restore{64bd409b-71b8-4529-9e0e-682a29e94023}\RP231\A0158666.EXE (Adware.MyWeb) -> No action taken. d:\system volume information\_restore{64bd409b-71b8-4529-9e0e-682a29e94023}\RP231\A0158667.EXE (Adware.MyWeb) -> No action taken. d:\system volume information\_restore{64bd409b-71b8-4529-9e0e-682a29e94023}\RP231\A0158669.EXE (Adware.MyWeb) -> No action taken. d:\system volume information\_restore{64bd409b-71b8-4529-9e0e-682a29e94023}\RP231\A0158673.DLL (Adware.MyWeb) -> No action taken.  following that I ran the scan with Malwarebytes again still in safe mode and now no infections. waiting for your instructions...THANK YOU

darkpoet · Answer

hello  open malwarebytes in normal mode and go to the quarantine tab: empty everything that's there  Download https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 on your Desktop.  Run the installation of the program by executing the downloaded file. Double-click now on the Toolbar-S&D shortcut. Select the desired language by typing the letter of your choice and confirming with the Enter key. Now choose option 1 (Search). Wait until the search is complete. Post the generated report. (C:\TB.txt) -- to teach is to always learn

turbulent13 · Answer

Here is this monster report; apparently, it's all I could download... Do you think I should soon see the end of the road?   -----------\ ToolBar S&D 1.2.8 XP/Vista   Microsoft Windows XP Professional (v5.1.2600) Service Pack 2  X86-based PC (Uniprocessor Free: Mobile AMD Sempron(tm) Processor 3600+)  BIOS: PhoenixBIOS 4.0 Release 6.1  USER: POLO (Administrator)  BOOT: Normal boot  Antivirus: AntiVir Desktop 9.0.1.26 (Activated)  C:\ (Local Disk) - NTFS - Total: 69 Go (Free: 32 Go)  D:\ (Local Disk) - NTFS - Total: 34 Go (Free: 11 Go)  E:\ (Local Disk) - NTFS - Total: 35 Go (Free: 5 Go)  F:\ (CD or DVD)   "D:\ToolBar SD" (UPDATE: 21-12-2008|20:47)  Option: [1] (02/06/2009|22:32)   -----------\ File/Folder Search...   D:\Program Files\BitLord  D:\Program Files\BitLord\BitLord.exe  D:\Program Files\BitLord\BitLord.url  D:\Program Files\BitLord\BitLord.xml  D:\Program Files\BitLord\Downloads  D:\Program Files\BitLord\Downloads.xml  D:\Program Files\BitLord\lang  D:\Program Files\BitLord\License.txt  D:\Program Files\BitLord\rules  D:\Program Files\BitLord\Torrents  D:\Program Files\BitLord\uninst.exe  D:\Program Files\BitLord\Downloads\da_melissa_lauren.wmv  D:\Program Files\BitLord\lang\lang_ar_ae.xml  D:\Program Files\BitLord\lang\lang_bg_bg.xml  D:\Program Files\BitLord\lang\lang_ca_es.xml  D:\Program Files\BitLord\lang\lang_cz_cz.xml  D:\Program Files\BitLord\lang\lang_da_dk.xml  D:\Program Files\BitLord\lang\lang_de_de.xml  D:\Program Files\BitLord\lang\lang_el_gr.xml  D:\Program Files\BitLord\lang\lang_en_us.xml  D:\Program Files\BitLord\lang\lang_es_ar.xml  D:\Program Files\BitLord\lang\lang_es_es.xml  D:\Program Files\BitLord\lang\lang_et_ee.xml  D:\Program Files\BitLord\lang\lang_fi_fi.xml  D:\Program Files\BitLord\lang\lang_fr_fr.xml  D:\Program Files\BitLord\lang\lang_gl_es.xml  D:\Program Files\BitLord\lang\lang_he_il.xml  D:\Program Files\BitLord\lang\lang_hu_hu.xml  D:\Program Files\BitLord\lang\lang_it_it.xml  D:\Program Files\BitLord\lang\lang_jp_jp.xml  D:\Program Files\BitLord\lang\lang_ko_kr.xml  D:\Program Files\BitLord\lang\lang_nb_no.xml  D:\Program Files\BitLord\lang\lang_nl_nl.xml  D:\Program Files\BitLord\lang\lang_pl_pl.xml  D:\Program Files\BitLord\lang\lang_pt_br.xml  D:\Program Files\BitLord\lang\lang_pt_pt.xml  D:\Program Files\BitLord\lang\lang_ro_ro.xml  D:\Program Files\BitLord\lang\lang_ru_ru.xml  D:\Program Files\BitLord\lang\lang_sk_sk.xml  D:\Program Files\BitLord\lang\lang_sl_si.xml  D:\Program Files\BitLord\lang\lang_sr_sr.xml  D:\Program Files\BitLord\lang\lang_sv_se.xml  D:\Program Files\BitLord\lang\lang_th_th.xml  D:\Program Files\BitLord\lang\lang_tr_tr.xml  D:\Program Files\BitLord\lang\lang_va_es.xml  D:\Program Files\BitLord\lang\lang_zh_tw.xml  D:\Program Files\BitLord\rules\ipfilter.dat  D:\Program Files\BitLord\rules\tracker.dat  D:\Program Files\BitLord\Torrents\(TT).Dr.House.S04E07-13.FRENCH.LD.HDTV.XVID-JMT.torrent  D:\Program Files\BitLord\Torrents\(TT).Dr.House.S04E07-13.FRENCH.LD.HDTV.XVID-JMT[0].torrent  D:\Program Files\BitLord\Torrents\17_J irai Dormir chez vous - Emirats Arabes Unis.mp4.torrent  D:\Program Files\BitLord\Torrents\17_J irai Dormir chez vous - Emirats Arabes Unis.mp4[0].torrent  D:\Program Files\BitLord\Torrents\24h - saison 4.torrent  D:\Program Files\BitLord\Torrents\24h - saison 4.xml  D:\Program Files\BitLord\Torrents\24_heures_chrono-saison3-fr-french-complete.torrent  D:\Program Files\BitLord\Torrents\40.Ans.Toujours.Puceau.FR.avi.torrent  D:\Program Files\BitLord\Torrents\6.Bourgeoises.FRENCH.XXX.(2008).DVDRip.XviD-YUMYUM.torrent  D:\Program Files\BitLord\Torrents\6.Bourgeoises.FRENCH.XXX.(2008).DVDRip.XviD-YUMYUM.xml  D:\Program Files\BitLord\Torrents\9th_Wonder_&_Murs-Sweet_Lord-2008-MIXFIEND.torrent  D:\Program Files\BitLord\Torrents\Appel D'Urgence - La Bac De Marseillle.avi.torrent  D:\Program Files\BitLord\Torrents\Appels.D.Urgences(Vol.Agression.Braquage.Flics.De.Choc.Contre.Voyous.Pret.a.Tous).FRENCH.DOC.TV.2009.Upload[AXE31].avi.torrent  D:\Program Files\BitLord\Torrents\Au.Secours.J.Ai.30 Ans DVDRip Fr DivX.avi.torrent  D:\Program Files\BitLord\Torrents\BAC.De.Nuit.Au.Coeur.De.L.Action.avi.torrent  D:\Program Files\BitLord\Torrents\Bailey - TryTeens.wmv.torrent  D:\Program Files\BitLord\Torrents\Barrington Levy - 1998 - Too experienced.torrent  D:\Program Files\BitLord\Torrents\Barrington Levy - Prison Oval Rock.torrent  D:\Program Files\BitLord\Torrents\Big Naturals 7 XXX [DVDRIP][Big Boobs].www.lokotorrents.com.torrent  D:\Program Files\BitLord\Torrents\Big Tits Boss 5 XXX [DVDRip][Big Boobs][www.lokotorrents.com].torrent  D:\Program Files\BitLord\Torrents\Big Tits Boss 5 XXX [DVDRip][Big Boobs][www.lokotorrents.com].xml  D:\Program Files\BitLord\Torrents\Big Tits Curvy Asses - Maria Moore As Busty Red Riding Hood!.wmv.torrent  D:\Program Files\BitLord\Torrents\Black Snake Moan.torrent  D:\Program Files\BitLord\Torrents\blow fr dvdrip.avi.torrent  D:\Program Files\BitLord\Torrents\Bob Marley & The Wailers - Babylon By Bus [www.p2p-world.dl.am].torrent  D:\Program Files\BitLord\Torrents\bos-yaledi.avi.torrent  D:\Program Files\BitLord\Torrents\Boulevard de la mort.torrent  D:\Program Files\BitLord\Torrents\Boulevard de la mort.xml  D:\Program Files\BitLord\Torrents\Busting The Babysitter XXX [DVDRip][Big Boobs].www.lokotorrents.com.torrent  D:\Program Files\BitLord\Torrents\cantona-the complete collection.torrent  D:\Program Files\BitLord\Torrents\Chinese Man Records - The Groove Sessions Vol.2 (FLAC LEVEL 8) + VidA©os HQ.rar.torrent  D:\Program Files\BitLord\Torrents\Chinese Man Records - The Groove Sessions Vol.2 (FLAC LEVEL 8) + VidA©os HQ.rar.xml  D:\Program Files\BitLord\Torrents\Chinese_Man-The_Indi_Groove_EP-Vinyl-2007-MVP.rar.torrent  D:\Program Files\BitLord\Torrents\Chroniques de Mars-vol.1 by skytorrentfr.torrent  D:\Program Files\BitLord\Torrents\Chroniques de Mars-vol.1 by skytorrentfr.xml  D:\Program Files\BitLord\Torrents\Compil Son De Teuf hardtek Tribe Tribecore By Tom.torrent  D:\Program Files\BitLord\Torrents\Compilation Rap Francais Alternatif - Quand L Underground Debarque - French.torrent  D:\Program Files\BitLord\Torrents\CSI Las Vegas S06 E01 - E13 French.rar.torrent  D:\Program Files\BitLord\Torrents\CSI las vegas s07 complA¨te.torrent  D:\Program Files\BitLord\Torrents\CSI Las Vegas Saison 5 FRENCH.torrent  D:\Program Files\BitLord\Torrents\CSI Las Vegas Saison 6 FRENCH.torrent  D:\Program Files\BitLord\Torrents\CSI Las Vegas Saison 6 FRENCH[0].torrent  D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E05.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.s07e04.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E01-03.FRENCH.HDTV.XviD-JMT.torrent  D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E06-10.FRENCH.DVDRiP.XViD-ANDR0S.torrent  D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E06-10.FRENCH.DVDRiP.XViD-ANDR0S.xml  D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S.torrent  D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S.xml  D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E21-22.FRENCH.HDTV.XviD-JMT.torrent  D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S09E02.FRENCH.LD.HDTV.XviD-JMT[trackersurfer].avi.torrent  D:\Program Files\BitLord\Torrents\csi.lv.s09e01-jmt.avi.torrent  D:\Program Files\BitLord\Torrents\csi.lv.s09e01-jmt.avi.xml  D:\Program Files\BitLord\Torrents\csi.lv.s09e02-jmt.avi.torrent  D:\Program Files\BitLord\Torrents\csi.lv.s09e02-jmt.avi.xml  D:\Program Files\BitLord\Torrents\CSI.Miami.S05E13.FRENCH.HDTV.XviD-JMT.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.Miami.S06 partage.torrent  D:\Program Files\BitLord\Torrents\CSI.Miami.vostf.Saison-7.Ep-1,2,3,4.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S03E13.FRENCH.HDTV.XviD-JMT.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S03E13.FRENCH.HDTV.XviD-JMT.avi[0].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S03E14.FRENCH.HDTV.XviD-JMT.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S03E15.FRENCH.HDTV.XviD-JMT.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S03E15.FRENCH.HDTV.XviD-JMT.avi[0].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S03E16.FRENCH.HDTV.XviD-JMT.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S03E17.FRENCH.HDTV.XviD-JMT.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S03E20.FRENCH.DVTV.XviD-JMT.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S03E21.FRENCH.DVTV.XviD-JMT.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S03E21.FRENCH.DVTV.XviD-JMT.avi[0].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S04 partage.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S04 partage[0].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S04 partage[1].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S04 partage[2].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S04E01-03.FRENCH.HDTV.XviD-JMT.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S04E01-03.FRENCH.HDTV.XviD-JMT[0].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S04E04.FRENCH.LD.HDTV.XviD-JMT.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S04E04.FRENCH.LD.HDTV.XviD-JMT.avi[0].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S04E05.FRENCH.HDTV.XviD-JMT.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S04E07.FRENCH.LD.HDTV.XviD-JMT.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S04E07.FRENCH.LD.HDTV.XviD-JMT.avi[0].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S04E16.Right Next Door.HDTV.XviD-LOL.SUB FR.slayerFR.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S04E18.HDTV.XviD-LOL.VOST FR.slayerFR.avi.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S05E01.FRENCH.LD.HDTV.XviD-JMT[up by sahokyu.free.fr].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S05E02.FRENCH.LD.HDTV.XviD-JMT[up by sahokyu.free.fr].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S05E03E04.FRENCH.LD.HDTV.XviD-JMT[up by sahokyu.free.fr].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S05E03E04.FRENCH.LD.HDTV.XviD-JMT[up by sahokyu.free.fr][0].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S05E04.FRENCH.LD.HDTV.XviD-JMT.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S05E05.FRENCH.LD.HDTV.XviD-JMT[by tracker-series.fr.cc].torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S05E07et08.FRENCH.LD.HDTV.XviD-JMT.torrent  D:\Program Files\BitLord\Torrents\CSI.New.York.S05E07et08.FRENCH.LD.HDTV.XviD-JMT[0].torrent  D:\Program Files\BitLord\Torrents\CSI.NY.S02E01.E24.FINAL.FRENCH.DVDRip.XviD.torrent  D:\Program Files\BitLord\Torrents\CSI.NY.S04E02.VOSTFR.HDTV.XviD-ELiTE.torrent  D:\Program Files\BitLord\Torrents\Cut Killer - Street Francais Vol.4 by Marshall73.rar.torrent  D:\Program Files\BitLord\Torrents\Cut Killer - Street Francais Vol.4 by Marshall73.rar[0].torrent  D:\Program Files\BitLord\Torrents\Davia Ardell & Jessica Lynn - BigTitsAtSchool.wmv.torrent  D:\Program Files\BitLord\Torrents\Davia Ardell & Jessica Lynn - BigTitsAtSchool.wmv.xml  D:\Program Files\BitLord\Torrents\Daz Dillinger - Tha Dogg Pound Gangsta LP (2005) Rap - www.torrentazos.com By FEFE2003.rar.torrent  D:\Program Files\BitLord\Torrents\da_melissa_lauren.wmv.torrent  D:\Program Files\BitLord\Torrents\da_melissa_lauren.wmv.xml  D:\Program Files\BitLord\Torrents\Deux jours a tuer french dvdrip xvid [L@ndTe@m].torrent  D:\Program Files\BitLord\Torrents\Deux jours a tuer french dvdrip xvid [L@ndTe@m].xml  D:\Program Files\BitLord\Torrents\Dexter.S01E01-06.FRENCH.DVDRip.XviD-JMT.torrent  D:\Program Files\BitLord\Torrents\Dexter.S01E01-12.HR.HDTV.XviD.torrent  D:\Program Files\BitLord\Torrents\Dexter.S01E01-12.HR.HDTV.XviD.xml  D:\Program Files\BitLord\Torrents\Dexter.S01E05.HDTV.XviD-NoTV[www.moviex.info].torrent  D:\Program Files\BitLord\Torrents\Dexter.S01E05.HDTV.XviD-NoTV[www.moviex.info].xml  D:\Program Files\BitLord\Torrents\Dr House - Saison 2.torrent  D:\Program Files\BitLord\Torrents\Dr House - Saison 2.xml  D:\Program Files\BitLord\Torrents\Dr House - Saison 2[0].torrent  D:\Program Files\BitLord\Torrents\Dr House S04 Ep 1 A 12 by gsxr1000.torrent  D:\Program Files\BitLord\Torrents\Dr House S04 Ep 1 A 12 by gsxr1000[0].torrent  D:\Program Files\BitLord\Torrents\Dr House saison 4.torrent  D:\Program Files\BitLord\Torrents\Dr._Dre_feat._RBX__KRS-One__B-Real__Nas___Scarface_-_East_Coast_West_Coast_Killas.avi.torrent  D:\Program Files\BitLord\Torrents\Dr._Dre_feat._RBX__KRS-One__B-Real__Nas___Scarface_-_East_Coast_West_Coast_Killas.avi.xml  D:\Program Files\BitLord\Torrents\Eminem - Crack A Bottle Feat Dr Dre & 50 Cent-MIXFIEND-2009.mp3.torrent  D:\Program Files\BitLord\Torrents\Eminem - Return Of The Bad Guy Pt2[2009].torrent  D:\Program Files\BitLord\Torrents\Eminem - The Recovery (mixtape 2009) [trackersurfer.fr].torrent  D:\Program Files\BitLord\Torrents\Entre.Les.Murs.FRENCH.DVDRip.XviD.torrent  D:\Program Files\BitLord\Torrents\Entre.Les.Murs.FRENCH.DVDRip.XviD.xml  D:\Program Files\BitLord\Torrents\Eric The King.torrent  D:\Program Files\BitLord\Torrents\Florence.Foresti.And.Friends.Sketchs.Inedits.2009.French.Dvdrip.Xvid-RLD.Upload.(Steph53).Mininova.org..avi.torrent  D:\Program Files\BitLord\Torrents\Florence.Foresti.And.Friends.Sketchs.Inedits.2009.French.Dvdrip.Xvid-RLD.Upload.(Steph53).Mininova.org..avi[0].torrent  D:\Program Files\BitLord\Torrents\Florence.Foresti.And.Friends.Sketchs.Inedits.2009.French.Dvdrip.Xvid-RLD.Upload.(Steph53).Mininova.org..avi[1].torrent  D:\Program Files\BitLord\Torrents\Fraiches.Et.Salopes.FRENCH.XXX.DVDRip.DivX.REPACK.1CD_ALLTEAM.torrent  D:\Program Files\BitLord\Torrents\Fraiches.Et.Salopes.FRENCH.XXX.DVDRip.DivX.REPACK.1CD_ALLTEAM.xml  D:\Program Files\BitLord\Torrents\FratHouseFuckFest.E12.Victoria.Sweet.XXX.WMV-DiXXX.torrent  D:\Program Files\BitLord\Torrents\Funk Party - 3cds(split tracks + covers).torrent  D:\Program Files\BitLord\Torrents\Funk Sessions (2 CD).torrent  D:\Program Files\BitLord\Torrents\Funkoars (2008) The Hangover.torrent  D:\Program Files\BitLord\Torrents\G-unit - Best Volume 1 (2005) - Rap - www.torrentazos.com By FEFE2003.rar.torrent  D:\Program Files\BitLord\Torrents\G-unit - Best Volume 1 (2005) - Rap - www.xmlazos.com By FEFE2003.rar.xml  D:\Program Files\BitLord\Torrents\gaous french dvdrip [chicoun].AVI.torrent  D:\Program Files\BitLord\Torrents\gaous french dvdrip [chicoun].AVI.xml  D:\Program Files\BitLord\Torrents\GdoGs Mixtape Vol 1 Kaim & Riskey.torrent  D:\Program Files\BitLord\Torrents\Hardcore Ravers Volume Two.zip.torrent  D:\Program Files\BitLord\Torrents\Hip Hop Underground n°3 - Rap Francais - French Rap.torrent  D:\Program Files\BitLord\Torrents\Hot Fuzz.torrent  D:\Program Files\BitLord\Torrents\Hot Fuzz.xml  D:\Program Files\BitLord\Torrents\House.4x02.La.tete.dans.les.étoiles.Hdtv.avi.torrent  D:\Program Files\BitLord\Torrents\House.S04E11.FRENCH.LD.HDTV.XViD-ASC.torrent  D:\Program Files\BitLord\Torrents\House.S04E11.FRENCH.LD.HDTV.XViD-ASC.xml  D:\Program Files\BitLord\Torrents\House.S04E12.FRENCH.LD.HDTV.XViD-ASC.torrent  D:\Program Files\BitLord\Torrents\House.S04E13.FRENCH.LD.DVDRip.XViD-ASC.avi.torrent  D:\Program Files\BitLord\Torrents\House.S04E14.FRENCH.LD.DVDRip.XViD-ASC.torrent  D:\Program Files\BitLord\Torrents\House.S05E05.FRENCH.LD.HDTV.XViD-JMT[trackersurfer].avi.torrent  D:\Program Files\BitLord\Torrents\House.S05E07.FRENCH.LD.HDTV.XViD-JMT[trackersurfer].avi.torrent  D:\Program Files\BitLord\Torrents\Ice-T - O.G. Original Gangster.torrent  D:\Program Files\BitLord\Torrents\ichi le tueur DVDRip XviD French {appocalipteam.mine.nu}.avi.torrent  D:\Program Files\BitLord\Torrents\J irais Dormir chez vous.torrent  D:\Program Files\BitLord\Torrents\Jirai dormir chez vous...Chili.avi.torrent  D:\Program Files\BitLord\Torrents\Jirai dormir chez vous...Chili.avi[0].torrent  D:\Program Files\BitLord\Torrents\Jusqu'a la Mort-DVD R[www.appocalipteam.mine.nu french].torrent  D:\Program Files\BitLord\Torrents\Kill Shot ((2008)) Limited DVDrip(divx)BigbrO.torrent  D:\Program Files\BitLord\Torrents\Killshot.FRENCH.DVDRip.Xvid-THEWARRIOR777.avi.torrent  D:\Program Files\BitLord\Torrents\King.Guillaume.FRENCH.READNFO.TS.XViD-RaCcOoN(Smartorrent).torrent  D:\Program Files\BitLord\Torrents\KRS One - The Fundamentals of Hip Hop.torrent  D:\Program Files\BitLord\Torrents\KRS-ONE (Boogie Down Productions) - Retrospective [FLAC] [h33t] - Kitlope.torrent  D:\Program Files\BitLord\Torrents\KRS-ONE (Boogie Down Productions) - Retrospective [FLAC] [h33t] - Kitlope.xml  D:\Program Files\BitLord\Torrents\L.Annee.Du.Zapping.2008.2EME.PARTIE.FRENCH.avi.torrent  D:\Program Files\BitLord\Torrents\L.Annee.Du.Zapping.2008.2EME.PARTIE.FRENCH.avi.xml  D:\Program Files\BitLord\Torrents\La Swija-Au Sourire Levant(2009).torrent  D:\Program Files\BitLord\Torrents\La.Realite.En.Images.Special.Drogue.DOC.FRENCH.DVDRiP.XViD-SCiENCES.avi.torrent  D:\Program Files\BitLord\Torrents\Laughing.Out.Loud.FRENCH.TS.MD.XViD-RaCcOoN(Smartorrent).torrent  D:\Program Files\BitLord\Torrents\LA_CITE_DE_DIEU.AVI.torrent  D:\Program Files\BitLord\Torrents\Le droit de savoir - Drogues 'Enquete sur la nouvelle guerre des stups' by Juli1 (www.foromtorrent.com).avi.torrent  D:\Program Files\BitLord\Torrents\Le.Divorce.FRENCH.DVDRip.XViD-SEQ.avi.torrent  D:\Program Files\BitLord\Torrents\Les experts las vegas saison 4 episode 1a12 dvdrip french divx.torrent  D:\Program Files\BitLord\Torrents\Les Experts 2x03 - Regression Mortelle.avi.torrent  D:\Program Files\BitLord\Torrents\Les Experts Las Vegas - Saison 8.torrent  D:\Program Files\BitLord\Torrents\Les experts Miami S4 Pack 1 TVRIP FR.torrent  D:\Program Files\BitLord\Torrents\Les experts Miami S4 Pack 1 TVRIP FR.xml  D:\Program Files\BitLord\Torrents\Les parrains french dvdrip xvid [L@ndTe@m].torrent  D:\Program Files\BitLord\Torrents\Les randonneurs a st tropez french dvdrip xvid [L@ndTe@m].torrent  D:\Program Files\BitLord\Torrents\Les.Experts 2x05 - Permis de demolir.AVI.torrent  D:\Program Files\BitLord\Torrents\Les.Lascars.S02.DVDRip.XviD.FR.2008 [phoenix-tk].rar.torrent  D:\Program Files\BitLord\Torrents\Les.Promesses.De.L.Ombre.DVDrip.VOST.Fr.by.JzX-FraKtal.avi.torrent  D:\Program Files\BitLord\Torrents\Lethal Injection.torrent  D:\Program Files\BitLord\Torrents\Lethal Injection.xml  D:\Program Files\BitLord\Torrents\Lets go to prison French DVDRIP.avi.torrent  D:\Program Files\BitLord\Torrents\Lil Kim - The Notorious K.I.M 20008-TRI_INT seeded by www.p2p-crew.to.rar.torrent  D:\Program Files\BitLord\Torrents\Ma.Femme.Est.A.Louer.FRENCH.XXX.DVDRip.XviD-YUMYUM.avi.torrent  D:\Program Files\BitLord\Torrents\mafiosa le clan S02E01.avi.torrent  D:\Program Files\BitLord\Torrents\mafiosa le clan S02E02.avi.torrent  D:\Program Files\BitLord\Torrents\Mafiosa.S02E06.FRENCH.HDTV.XviD-JMT.torrent  D:\Program Files\BitLord\Torrents\Mafiosa.S02E06.FRENCH.HDTV.XviD-JMT.xml  D:\Program Files\BitLord\Torrents\Malcolm Saison 4.torrent  D:\Program Files\BitLord\Torrents\Manipulations.ROYALTORRENT.avi.torrent  D:\Program Files\BitLord\Torrents\manipulations.torrent  D:\Program Files\BitLord\Torrents\manipulations.xml  D:\Program Files\BitLord\Torrents\Marc Dorcel - Natacha [Monica Sweetheart, Vanessa, Lea De Mae, Lara Stevens, Tiffany Diamond...].torrent  D:\Program Files\BitLord\Torrents\Medine.Don't.Panik.MixTape.2008.by.PGX.rar.torrent  D:\Program Files\BitLord\Torrents\Meet The Twins 11 XXX [DVDRIP][Big Boobs].www.lokotorrents.com.torrent  D:\Program Files\BitLord\Torrents\MIXTAPE 10 ANS DE RAP FRANCAIS - 2008.rar.torrent  D:\Program Files\BitLord\Torrents\MR 73 (2008) [DvdRip] [Xvid] {1337x}-Noir.torrent  D:\Program Files\BitLord\Torrents\MR 73 (2008) [DvdRip] [Xvid] {1337x}-Noir.xml  D:\Program Files\BitLord\Torrents\MSN-Webcam-Capture-Liv.mov.torrent  D:\Program Files\BitLord\Torrents\MSN-Webcam-Capture-Liv.mov.xml  D:\Program Files\BitLord\Torrents\Musee.Haut.Musee.Bas.FRENCH.DVDRip.XviD-UNSKiLLED.MZISYS.avi.torrent  D:\Program Files\BitLord\Torrents\Musee.Haut.Musee.Bas.FRENCH.DVDRip.XviD-UNSKiLLED.MZISYS.avi.xml  D:\Program Files\BitLord\Torrents\naruto french vf 160-188.torrent  D:\Program Files\BitLord\Torrents\Notorious BIG - King Of New York [TK].torrent  D:\Program Files\BitLord\Torrents\Notorious BIG - King Of New York [TK].xml  D:\Program Files\BitLord\Torrents\Notorious Big - Life After Death.torrent  D:\Program Files\BitLord\Torrents\Notorious Big - Life After Death[0].torrent  D:\Program Files\BitLord\Torrents\Notorious Big - Life After Death[0].xml  D:\Program Files\BitLord\Torrents\Passengers.LiMiTED.720p.FRENCH.BluRay.x264-ForceBleue.torrent  D:\Program Files\BitLord\Torrents\Private Practice S02E13 XviD VOSTFR --Antoine 4011--.avi.torrent  D:\Program Files\BitLord\Torrents\Private Practice S02E15 XviD VOSTFR --Antoine 4011--.avi.torrent  D:\Program Files\BitLord\Torrents\PROMESSES_OMBRE.ISO.torrent  D:\Program Files\BitLord\Torrents\PROMESSES_OMBRE.ISO.xml  D:\Program Files\BitLord\Torrents\PUISSANCE RAP 2009 - SPÉCIAL RAP FRANCAIS.rar.torrent  D:\Program Files\BitLord\Torrents\Rage Against The Machine.torrent  D:\Program Files\BitLord\Torrents\Raggasonic 2 album complet.rar.torrent  D:\Program Files\BitLord\Torrents\Raggasonic 2 album complet.rar[0].torrent  D:\Program Files\BitLord\Torrents\Raggasonic albumz.torrent  D:\Program Files\BitLord\Torrents\Raggasonic.torrent  D:\Program Files\BitLord\Torrents\Rap-Francais-Fuck-Skyrock-2CD-French-2006.torrent  D:\Program Files\BitLord\Torrents\Reporters.torrent  D:\Program Files\BitLord\Torrents\Reporters.xml  D:\Program Files\BitLord\Torrents\ROHFF-LE.CAUCHEMAR.DU.RAP.FRANCAIS.CHAPITRE.1_-FR-2007 LuDivX.torrent  D:\Program Files\BitLord\Torrents\Role.Models.UNRATED.FRENCH.DVDRip.XviD-ULTRASON.torrent  D:\Program Files\BitLord\Torrents\Role.Models.UNRATED.FRENCH.DVDRip.XviD-ULTRASON.xml  D:\Program Files\BitLord\Torrents\SarahSunshine_BigBoobsPOV.wmv.torrent  D:\Program Files\BitLord\Torrents\Schoolgirls On Fire XXX [DVDRip][www.zonatorrent.com].torrent  D:\Program Files\BitLord\Torrents\Scrubs.S08E02.VOSTFR.HDTV.XViD-OQS.avi.torrent

darkpoet · Answer

Delete all cracks as they are a source of infections:  D:\DOCUME~1\POLO\My Documents\Ableton\Library\Presets\Audio Effects\Vinyl Distortion\Crack.adv D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\01 The French Connection.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\02 Les flammes du mal.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\04 La sédition.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\05 Savoir dire non.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\06 Ma T-ci va K-kra.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\07 Le temps des opprimés.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\08 La roue tourne.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\09 C'est donc ça nos vies.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\10 Retour aux pyramides.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\11 Trop dur.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\12 Le Biz.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\13 Avoir le pouvoir.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\14 Le prix requis.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\15 L'Œle de l'inconscient.wma D:\DOCUME~1\POLO\My Documents\My Music\French Rap\MA 6-t va craquer\Ma 6-T va crack-er\desktop.ini D:\DOCUME~1\POLO\My Documents\My Music\US RAP\eminem\04) CRACK A BOTTLE FT DR DRE 50 CENT.mp3 D:\DOCUME~1\POLO\My Documents\My Music\US RAP\eminem\11) CRACK SMOKE.mp3 D:\DOCUME~1\POLO\My Documents\My Music\US RAP\NOTORIOUS BIG\NOTORIOUS BIS II\Notorious B.I.G. - Ten Crack Commandments.mp3 D:\DOCUME~1\POLO\Recent\Notorious B.I.G. - Ten Crack Commandments.lnk     Then restart ToolbarSD  this time choose option 2 (deletion)  please post the generated report      -- to teach is always to learn

turbulent13 · Answer

Excuse me, but I'm really a klutz with computers. Just to clarify, when you say to delete all "the following cracks," how do I do that? Like, do I go into my music and look for, for example, my 6T will crack, and do I delete the whole album????

darkpoet · Answer

Yes, you follow the access path to: (drive) document /polo etcetc  you can access it via the workstation, you select your drive and follow the path -- to teach is always to learn

darkpoet · Answer

Alright, I'm leaving you for tonight, I'll resume tomorrow morning. Post the tolbarsd report (option 2) and then do this for the checks please. Good night  - Download Random's System Information Tool (RSIT) (by random/random) to your Desktop. http://images.malwareremoval.com/random/RSIT.exe  - Double-click on RSIT.exe to launch the program.  - Click on Continue at the Disclaimer screen.  - If the HijackThis tool (updated version) is not present or not detected on the computer, RSIT will download it (allow access in your firewall, if prompted) and you will need to accept the license.  - When the scan is complete, two text files will open. Post the contents of log.txt (the one that appears on the screen) as well as info.txt (which you will see in the taskbar).  Note: Reports are saved in the folder C:\rsit. -- Teaching is always learning

turbulent13 · Answer

HERE IT SEEMS TO HAVE REMOVED A MOVIE FILE CALLED NEW BITLORD? HERE'S THE REPORT.   -----------\ ToolBar S&D 1.2.8 XP/Vista   Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2  X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) Processor 3600+ )  BIOS : PhoenixBIOS 4.0 Release 6.1  USER : POLO ( Administrator )  BOOT : Normal boot  Antivirus : AntiVir Desktop 9.0.1.26 (Activated)  C:\ (Local Disk) - NTFS - Total:69 Go (Free:32 Go)  D:\ (Local Disk) - NTFS - Total:34 Go (Free:12 Go)  E:\ (Local Disk) - NTFS - Total:35 Go (Free:5 Go)  F:\ (CD or DVD)   "D:\ToolBar SD" ( UPDATE : 21-12-2008|20:47 )  Option : [2] ( 02/06/2009|23:25 )   -----------\ DELETION   Deleted! - D:\Program Files\BitLord\BitLord.exe  Deleted! - D:\Program Files\BitLord\BitLord.url  Deleted! - D:\Program Files\BitLord\BitLord.xml  Deleted! - D:\Program Files\BitLord\Downloads  Deleted! - D:\Program Files\BitLord\Downloads.xml  Deleted! - D:\Program Files\BitLord\lang  Deleted! - D:\Program Files\BitLord\License.txt  Deleted! - D:\Program Files\BitLordules  Deleted! - D:\Program Files\BitLord\Torrents  Deleted! - D:\Program Files\BitLord\uninst.exe  Deleted! - D:\DOCUME~1\POLO\Desktop\BitLord.lnk  Deleted! - D:\DOCUME~1\POLO\Desktop\NEW BITLORD  Deleted! - D:\WINDOWS\Prefetch\BITLORD.EXE-27A8448C.pf  Deleted! - D:\DOCUME~1\POLO\MENUDM~1\PROGRA~1\BitLord  Deleted! - D:\DOCUME~1\POLO\Cookies\polo@bitlord[1].txt  Deleted! - D:\DOCUME~1\POLO\Cookies\polo@bitlord[2].txt  Deleted! - D:\DOCUME~1\POLO\Cookies\polo@bitlord[4].txt  Deleted! - D:\Program Files\Burn4Free\bass.dll  Deleted! - D:\Program Files\Burn4Free\basscd.dll  Deleted! - D:\Program Files\Burn4Free\bassflac.dll  Deleted! - D:\Program Files\Burn4Free\basswma.dll  Deleted! - D:\Program Files\Burn4Free\basswv.dll  Deleted! - D:\Program Files\Burn4Free\bass_ape.dll  Deleted! - D:\Program Files\Burn4Free\bass_mpc.dll  Deleted! - D:\Program Files\Burn4Free\BURN4FREE.CFG  Deleted! - D:\Program Files\Burn4Free\Burn4Free.exe  Deleted! - D:\Program Files\Burn4Free\languages  Deleted! - D:\Program Files\Burn4Free\queue  Deleted! - D:\Program Files\Burn4Free	emp  Deleted! - D:\Program Files\Burn4Free\wav  Deleted! - D:\DOCUME~1\POLO\Cookies\polo@iredirect.burn4free[1].txt  Deleted! - D:\Program Files\BitLord  Deleted! - D:\Program Files\Burn4Free   -----------\ File / Folder Search ...    -----------\ Extensions   (POLO) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar  (POLO) - {7c5c0f58-e061-457d-9033-77307f5ed00c} => torrentman  (POLO) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper    -----------\ [..\Internet Explorer\Main]   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]  "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"  "Local Page"="D:\WINDOWS\system32\blank.htm"  "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"  "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"  "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"  "Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"  "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"  "Window Title"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]  "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"  "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"  "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"  "Local Page"="D:\WINDOWS\system32\blank.htm"  "Start Page"="https://www.msn.com/fr-fr/"  "Search bar"="http://www.bing.com/spresults.aspx"    --------------------\ Search for other infections   --------------------\ Cracks & Keygens ..   D:\DOCUME~1\POLO\Recent\Notorious B.I.G. - Ten Crack Commandments.lnk     1 - "D:\ToolBar SD\TB_1.txt" - 02/06/2009|22:32 - Option : [1]  2 - "D:\ToolBar SD\TB_2.txt" - 02/06/2009|23:03 - Option : [1]  3 - "D:\ToolBar SD\TB_3.txt" - 02/06/2009|23:29 - Option : [2]   -----------\ End of report at 23:29:46,60

turbulent13 · Answer

YEP I just looked at it, it deleted it for me and it put "bitlord" (which I use to download) blocked behind the firewall. Do you think I can unblock it?

darkpoet · Answer

Peer-to-peer networks are the source of your infections, do as you wish, can you do post 19 please rsit -- to teach is always to learn

turbulent13 · Answer

Hello, first thank you for staying up late yesterday, honestly I don't know how I could have done it without you, so to start here is the RSIT report, this is the one that appeared as a log:  Logfile of random's system information tool 1.06 (written by random/random) Run by POLO at 2009-06-03 10:35:31 Microsoft Windows XP Professional Service Pack 2 System drive D: has 14 GB (39%) free of 35 GB Total RAM: 1791 MB (72% free)  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:35:34, on 03/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal  Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe D:\WINDOWS\system32
vsvc32.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\WgaTray.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Real\RealPlayer\RealPlay.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\WINDOWS\system32
otepad.exe E:\RSIT.exe D:\Program Files\Trend Micro\HijackThis\POLO.exe  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Assistant Help Program - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar	oolbar.dll (file missing) O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: &AOL Toolbar Search - res://D:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to AMV Converter... - C:\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar	oolbar.dll (file missing) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar	oolbar.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\windows\system32
wprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{CB32D5A6-B35C-4DD8-8A18-D5C55C029EC9}: NameServer = 86.64.145.144,84.103.237.144 O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - E:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\maconfservice.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32
vsvc32.exe  -- End of file - 5706 bytes  ======Scheduled tasks folder======  D:\WINDOWS	asks\WGASetup.job  ======Registry dump======  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Assistant Help Program - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - D:\Program Files\AOL Toolbar	oolbar.dll []  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RealTray"=D:\Program Files\Real\RealPlayer\RealPlay.exe [2009-04-04 26112] "NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664] "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] "msnmsgr"=D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-04-08 496752]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-02-22 72192]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] D:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE /splash []  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] D:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW []  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] D:\WINDOWS\RTHDCPL.EXE [2009-04-30 17881088]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ygyysue] d:\documents and settings\polo\local settings\application data\ygyysue.exe ygyysue []  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] C:\Office10\OSA.EXE [2001-02-13 83360]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk] D:\DOCUME~1\POLO\APPLIC~1\MICROS~1\NOTIFI~1\lsnfier.exe [2009-04-30 135680]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk] D:\WINDOWS\BRICOP~1\VISTAI~1\ROCKET~1\ROCKET~1.EXE [2007-03-19 630784]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] D:\WINDOWS\system32\LMIinit.dll [2008-05-19 87352]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] D:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDriveAutorun"=0  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\WINDOWS\system32\usmt\migwiz.exe"="D:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:File and Settings Transfer Assistant" "D:\Program Files\BitLord\BitLord.exe"="D:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord" "D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "E:\LimeWire\LimeWire.exe"="E:\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "D:\Program Files\BitComet\BitComet.exe"="D:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "D:\Program Files\Vuze\Azureus.exe"="D:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus" "D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule" "D:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="D:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "C:\AOL 9.0a\waol.exe"="C:\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a" "C:\maconfservice.exe"="C:\maconfservice.exe:LocalSubNet:Enabled:maconfservice"  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="D:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "C:\AOL 9.0a\waol.exe"="C:\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0109afb2-1d55-11de-83ce-001b386d6916}] shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0109afb3-1d55-11de-83ce-001b386d6916}] shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90104f8d-d2fc-11dd-8355-001b386d6916}] shell\AutoRun\command - explorer.exe .  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4f7c9a3-e32d-11dd-836d-001b386d6916}] shell\AutoRun\command - G:\wd_windows_tools\WDSetup.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cee5f4b0-cc86-11dd-834c-001b386d6916}] shell\AutoRun\command - J:\EmDesk.exe shell\EmDesk\command - J:\EmDesk.exe  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d964ef89-2111-11de-83e0-001e4c7e75dd}] shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee759fb0-1d50-11de-83cd-001b386d6916}] shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee759fb1-1d50-11de-83cd-001b386d6916}] shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence   ======List of files/folders created in the last 1 months======  2009-06-03 10:35:31 ----D---- D:sit 2009-06-03 10:18:57 ----D---- D:\Program Files\Common Files\ODBC 2009-06-02 22:32:19 ----A---- D:\TB.txt 2009-06-02 22:31:46 ----D---- D:\ToolBar SD 2009-06-02 21:49:50 ----D---- D:\Documents and Settings\POLO\Application Data\Ableton 2009-06-02 21:49:50 ----D---- D:\Documents and Settings\All Users\Application Data\Ableton 2009-06-02 17:53:54 ----A---- D:\WINDOWS
tbtlog.txt 2009-06-02 17:51:43 ----D---- D:\Program Files\Malwarebytes' Anti-Malware 2009-06-01 23:17:20 ----D---- D:\Program Files\Avira 2009-06-01 21:02:58 ----D---- D:\Program Files\Ad-remover 2009-06-01 19:01:51 ----D---- D:\Program Files\Trend Micro 2009-05-31 13:32:35 ----D---- D:\Documents and Settings\POLO\Application Data\Lavasoft 2009-05-29 14:09:03 ----D---- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-05-29 13:21:38 ----D---- D:\Program Files\NT Registry Optimizer 2009-05-28 22:23:17 ----D---- D:\Documents and Settings\POLO\Application Data\Malwarebytes 2009-05-28 22:23:10 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-05-28 22:08:19 ----D---- D:\WINDOWS\pss 2009-05-28 22:00:41 ----D---- D:\Program Files\VS Revo Group 2009-05-25 03:03:55 ----HDC---- D:\WINDOWS\$NtUninstallKB923689$ 2009-05-25 03:00:55 ----HDC---- D:\WINDOWS\$NtUninstallKB936782_WMP10$ 2009-05-22 21:00:45 ----D---- D:\WINDOWS\system32\URTTEMP 2009-05-22 17:40:04 ----D---- D:\Documents and Settings\POLO\Application Data\vlc 2009-05-22 14:00:38 ----D---- D:\WINDOWS\system32\RTCOM 2009-05-22 14:00:17 ----A---- D:\WINDOWS\vncutil.exe 2009-05-22 14:00:17 ----A---- D:\WINDOWS\SOUNDMAN.EXE 2009-05-22 14:00:17 ----A---- D:\WINDOWS\SkyTel.exe 2009-05-22 14:00:15 ----A---- D:\WINDOWS\RtlUpd.exe 2009-05-22 14:00:14 ----A---- D:\WINDOWS\RTLCPL.EXE 2009-05-22 14:00:12 ----A---- D:\WINDOWS\system32\RtkCoInstXP.dll 2009-05-22 14:00:12 ----A---- D:\WINDOWS\RtkAudioService.exe 2009-05-22 14:00:09 ----A---- D:\WINDOWS\RTHDCPL.EXE 2009-05-22 14:00:07 ----A---- D:\WINDOWS\MicCal.exe 2009-05-22 14:00:03 ----D---- D:\Program Files\Realtek 2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCWZRD.EXE 2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCMTR.EXE 2009-05-22 13:59:55 ----A---- D:\WINDOWS\RtlExUpd.dll 2009-05-22 13:53:51 ----D---- D:\Documents and Settings\All Users\Application Data\ma-config.com 2009-05-17 13:09:48 ----D---- D:\Documents and Settings\All Users\Application Data\Babylon 2009-05-17 13:09:47 ----D---- D:\Documents and Settings\POLO\Application Data\Babylon 2009-05-16 20:48:35 ----D---- D:\Documents and Settings\POLO\Application Data\Serif 2009-05-15 21:34:35 ----A---- D:\WINDOWS\wininit.ini 2009-05-15 13:38:32 ----D---- D:\Documents and Settings\POLO\Application Data\F-Secure 2009-05-15 13:33:37 ----D---- D:\Program Files\Orange 2009-05-15 13:33:14 ----D---- D:\Documents and Settings\All Users\Application Data\fssg 2009-05-15 13:32:25 ----D---- D:\Documents and Settings\All Users\Application Data\f-secure 2009-05-13 18:15:38 ----D---- D:\Documents and Settings\POLO\Application Data\Icons 2009-05-12 19:02:10 ----D---- D:\Program Files\Securitoo 2009-05-12 19:01:30 ----A---- D:\WINDOWS\system32\w32n50.dll 2009-05-12 19:01:20 ----D---- D:\Program Files\OrangeHSS 2009-05-12 18:59:49 ----A---- D:\WINDOWS\system32\atl71.dll  ======List of files/folders modified in the last 1 months======  2009-06-03 10:19:03 ----SD---- D:\Documents and Settings\POLO\Application Data\Microsoft 2009-06-03 10:19:02 ----SHD---- D:\WINDOWS\Installer 2009-06-03 10:19:01 ----D---- D:\WINDOWS\Prefetch 2009-06-03 10:18:57 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft 2009-06-03 10:18:57 ----D---- D:\Program Files\Common Files 2009-06-03 10:13:29 ----D---- D:\Program Files\Mozilla Firefox 2009-06-03 10:12:47 ----D---- D:\WINDOWS\Temp 2009-06-03 09:56:38 ----D---- D:\WINDOWS\system32\CatRoot2 2009-06-03 01:21:20 ----A---- D:\WINDOWS\SchedLgU.Txt 2009-06-02 23:29:12 ----RD---- D:\Program Files 2009-06-02 23:22:35 ----D---- D:\WINDOWS\system32 2009-06-02 18:31:23 ----D---- D:\WINDOWS\system32\drivers 2009-06-02 17:54:05 ----D---- D:\Documents and Settings 2009-06-02 17:53:54 ----D---- D:\WINDOWS 2009-06-01 23:17:28 ----HD---- D:\WINDOWS\inf 2009-06-01 23:17:20 ----D---- D:\Documents and Settings\All Users\Application Data\Avira 2009-06-01 23:15:24 ----D---- D:\WINDOWS\WinSxS 2009-06-01 21:09:57 ----SD---- D:\WINDOWS\Downloaded Program Files 2009-05-31 14:40:53 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI 2009-05-29 13:16:31 ----D---- D:\WINDOWS\system32\config 2009-05-29 13:16:12 ----D---- D:\WINDOWS\system32\wbem 2009-05-29 13:16:12 ----D---- D:\WINDOWS\Registration 2009-05-28 23:18:54 ----D---- D:\WINDOWS\Debug 2009-05-28 22:09:50 ----A---- D:\WINDOWS\win.ini 2009-05-28 22:09:49 ----A---- D:\WINDOWS\system.ini 2009-05-28 22:04:39 ----D---- D:\Program Files\Internet Explorer 2009-05-28 00:58:08 ----D---- D:\Documents and Settings\POLO\Application Data\dvdcss 2009-05-25 13:29:54 ----D---- D:\WINDOWS\security 2009-05-25 03:05:35 ----D---- D:\WINDOWS\system32\CatRoot 2009-05-25 03:04:30 ----RSHDC---- D:\WINDOWS\system32\dllcache 2009-05-22 21:01:12 ----RSD---- D:\WINDOWS\assembly 2009-05-22 17:49:27 ----D---- D:\Program Files\Windows Media Player 2009-05-22 17:49:16 ----D---- D:\WINDOWS\Help 2009-05-22 17:48:56 ----D---- D:\WINDOWS\RegisteredPackages 2009-05-22 14:16:17 ----D---- D:\Program Files\Messenger Plus! Live 2009-05-22 14:16:16 ----SHDC---- D:\Program Files\Common Files\WindowsLiveInstaller 2009-05-22 14:00:03 ----HD---- D:\Program Files\InstallShield Installation Information 2009-05-18 09:47:05 ----A---- D:\WINDOWS\CDPlayer.ini 2009-05-16 20:47:27 ----RSD---- D:\WINDOWS\Fonts 2009-05-14 23:41:49 ----D---- D:\Program Files\Movie Maker 2009-05-07 09:16:29 ----A---- D:\WINDOWS\system32\MRT.exe 2009-05-05 22:55:47 ----A---- D:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt 2009-05-05 22:02:08 ----A---- D:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt 2009-05-05 21:45:02 ----A---- D:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt  ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======  R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832] R2 ASCTRM;ASCTRM; D:\WINDOWS\system32\drivers\ASCTRM.sys [2009-04-04 72192]

turbulent13 · Answer

Re-hi, as I was telling you, I lost my BitLord files, but it's not a big deal. However, I tried to re-download what I had lost, but BitLord won't launch and the files stay at 0%. Do you have any idea what to do to get it working again?

turbulent13 · Answer

ComboFix 09-06-01.03 - POLO 03/06/2009 19:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.33.1036.18.1791.1199 [GMT 2:00] Started from: E:\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} .  (((((((((((((((((((((((((((((((((((( Other deletions )))))))))))))))))))))))))))))))))))))))))))))))) .  d:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf d:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf d:\windows\system32moc3260.dll  . ((((((((((((((((((((((((((((( Files created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))))))) .  2009-06-03 12:01 . 2009-06-03 12:02 -------- d-----w- d:\program files\BitLord 2009-06-03 09:17 . 2009-06-03 12:01 -------- d-----w- d:\program files\TorrentMan 2009-06-03 08:35 . 2009-06-03 08:35 -------- d-----w- D:sit 2009-06-02 20:31 . 2009-06-03 08:20 -------- d-----w- D:\ToolBar SD 2009-06-02 19:49 . 2009-06-02 19:49 -------- d-----w- d:\documents and settings\POLO\Application Data\Ableton 2009-06-02 19:49 . 2009-06-02 19:49 -------- d-----w- d:\documents and settings\All Users\Application Data\Ableton 2009-06-02 15:51 . 2009-05-26 11:20 40160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys 2009-06-02 15:51 . 2009-06-02 15:51 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware 2009-06-02 15:51 . 2009-05-26 11:19 19096 ----a-w- d:\windows\system32\drivers\mbam.sys 2009-06-01 21:17 . 2009-03-30 08:32 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys 2009-06-01 21:17 . 2009-03-24 14:07 55640 ----a-w- d:\windows\system32\drivers\avgntflt.sys 2009-06-01 21:17 . 2009-06-01 21:17 -------- d-----w- d:\program files\Avira 2009-06-01 19:02 . 2009-06-01 19:11 -------- d-----w- d:\program files\Ad-remover 2009-06-01 17:01 . 2009-06-01 17:01 -------- d-----w- d:\program files\Trend Micro 2009-05-31 11:32 . 2009-05-31 12:35 -------- d-----w- d:\documents and settings\POLO\Application Data\Lavasoft 2009-05-30 22:21 . 2009-05-30 22:21 -------- d-----w- d:\documents and settings\POLO\DoctorWeb 2009-05-30 20:51 . 2009-05-30 22:20 -------- d-----w- d:\documents and settings\POLO\.housecall6.6 2009-05-29 12:09 . 2009-05-29 12:09 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-05-29 11:21 . 2009-05-29 11:21 -------- d-----w- d:\program files\NT Registry Optimizer 2009-05-29 11:16 . 2009-05-29 11:16 -------- d-----w- d:\windows\system32\wbem\Repository 2009-05-28 20:23 . 2009-05-28 20:23 -------- d-----w- d:\documents and settings\POLO\Application Data\Malwarebytes 2009-05-28 20:23 . 2009-05-28 20:23 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-28 20:00 . 2009-05-28 20:00 -------- d-----w- d:\program files\VS Revo Group 2009-05-22 19:00 . 2009-05-22 19:00 -------- d-----w- d:\windows\system32\URTTEMP 2009-05-22 15:49 . 2009-05-22 15:56 -------- d-----w- d:\documents and settings\POLO\Local Settings\Application Data\ApplicationHistory 2009-05-22 15:49 . 2009-05-22 15:49 127 ----a-w- d:\documents and settings\POLO\Local Settings\Application Data\fusioncache.dat 2009-05-22 15:40 . 2009-05-22 19:58 -------- d-----w- d:\documents and settings\POLO\Application Data\vlc 2009-05-22 11:59 . 2009-04-16 15:23 540672 ----a-w- d:\windows\RtlExUpd.dll 2009-05-22 11:53 . 2009-05-22 11:55 -------- d-----w- d:\documents and settings\All Users\Application Data\ma-config.com 2009-05-18 20:25 . 2009-05-18 20:25 -------- d-----w- d:\documents and settings\POLO\Local Settings\Application Data\Downloaded Installations 2009-05-17 11:09 . 2009-05-17 11:09 -------- d-----w- d:\documents and settings\All Users\Application Data\Babylon 2009-05-17 11:09 . 2009-05-17 11:09 -------- d-----w- d:\documents and settings\POLO\Application Data\Babylon 2009-05-16 19:48 . 2009-05-16 19:48 51632 ----a-w- d:\windows\system32\GDIPFONTCACHEV1.DAT 2009-05-16 18:48 . 2009-05-16 18:48 -------- d-----w- d:\documents and settings\POLO\Application Data\Serif 2009-05-15 11:38 . 2009-05-15 11:38 -------- d-----w- d:\documents and settings\POLO\Application Data\F-Secure 2009-05-15 11:35 . 2009-05-15 11:35 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure 2009-05-15 11:33 . 2009-05-15 11:33 -------- d-----w- d:\program files\Orange 2009-05-15 11:33 . 2009-05-31 12:34 -------- d-----w- d:\documents and settings\All Users\Application Data\fssg 2009-05-15 11:32 . 2009-06-01 18:49 -------- d-----w- d:\documents and settings\All Users\Application Data\f-secure 2009-05-13 16:15 . 2009-05-13 16:15 -------- d-----w- d:\documents and settings\POLO\Application Data\Icones 2009-05-12 17:02 . 2009-05-12 17:02 -------- d-----w- d:\program files\Securitoo 2009-05-12 17:01 . 2006-03-01 16:53 94208 ----a-w- d:\windows\system32\w32n50.dll 2009-05-12 17:01 . 2006-03-01 16:53 32128 ----a-w- d:\windows\system32\pcandis5.sys 2009-05-12 17:01 . 2003-09-23 08:38 34688 ----a-w- d:\windows\system32\pcampr5.sys 2009-05-12 17:01 . 2009-05-13 08:29 -------- d-----w- d:\program files\OrangeHSS 2009-05-12 16:59 . 2003-03-19 01:05 89088 ----a-w- d:\windows\system32\atl71.dll  . (((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))  2009-06-03 17:30 . 2008-07-25 15:29 -------- d-----w- d:\documents and settings\POLO\Application Data\LimeWire 2009-06-02 15:54 . 2009-06-02 15:54 -------- d-----w- d:\documents and settings\Mika\Application Data\Malwarebytes 2009-06-01 21:17 . 2008-12-26 16:20 -------- d-----w- d:\documents and settings\All Users\Application Data\Avira 2009-06-01 18:49 . 2001-08-28 12:00 78322 ----a-w- d:\windows\system32\perfc00C.dat 2009-06-01 18:49 . 2001-08-28 12:00 473090 ----a-w- d:\windows\system32\perfh00C.dat 2009-05-27 22:58 . 2008-06-24 19:48 -------- d-----w- d:\documents and settings\POLO\Application Data\dvdcss 2009-05-22 12:16 . 2008-06-24 11:49 -------- d-----w- d:\program files\Messenger Plus! Live 2009-05-22 12:16 . 2008-05-18 18:36 -------- dcsh--w- d:\program files\Common Files\WindowsLiveInstaller 2009-05-22 12:00 . 2009-05-22 12:00 -------- d-----w- d:\program files\Realtek 2009-04-18 16:00 . 2009-04-18 16:00 -------- d-----w- d:\documents and settings\POLO\Application Data\Icone 2009-04-10 13:13 . 2009-03-14 20:12 7 ----a-w- d:\windows\sbacknt.bin 2009-04-10 13:08 . 2009-03-14 20:12 -------- d-----w- d:\documents and settings\POLO\Application Data\vghd 2009-04-09 23:51 . 2009-03-04 20:23 -------- d-----w- d:\documents and settings\POLO\Application Data\Azureus 2009-04-09 22:20 . 2009-03-14 20:12 152904 ----a-w- d:\windows\system32\vghd.scr 2009-04-08 09:17 . 2009-04-04 16:48 -------- d-----w- d:\documents and settings\All Users\Application Data\QuickTime 2009-04-04 22:11 . 2009-04-04 16:45 -------- d-----w- d:\documents and settings\All Users\Application Data\AOL 2009-04-04 22:11 . 2009-04-04 16:43 -------- d-----w- d:\program files\Common Files\AOL 2009-04-04 16:47 . 2009-04-04 16:47 8552 ----a-w- d:\windows\system32\drivers\asctrm.sys 2009-04-04 16:43 . 2008-05-18 17:50 335 -c--a-w- d:\windows
sreg.dat 2009-04-01 07:58 . 2009-05-22 12:00 1200128 ----a-w- d:\windows\RtlUpd.exe 2009-03-17 12:07 . 2009-05-22 12:00 122880 ----a-w- d:\windows\RtkAudioService.exe 2009-03-10 12:32 . 2009-05-22 12:00 2168320 ----a-w- d:\windows\MicCal.exe 2009-03-08 02:34 . 2004-08-19 14:09 914944 ----a-w- d:\windows\system32\wininet.dll 2009-03-08 02:34 . 2004-08-19 14:09 43008 ----a-w- d:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2004-08-19 14:09 18944 ----a-w- d:\windows\system32\corpol.dll 2009-03-08 02:33 . 2004-08-19 14:09 420352 ----a-w- d:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2004-08-19 14:09 72704 ----a-w- d:\windows\system32\admparse.dll 2009-03-08 02:32 . 2004-08-19 14:09 71680 ----a-w- d:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2004-08-19 14:09 34816 ----a-w- d:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2004-08-19 14:08 48128 ----a-w- d:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2004-08-19 14:10 45568 ----a-w- d:\windows\system32\mshta.exe 2009-03-08 02:22 . 2001-08-28 12:00 156160 ----a-w- d:\windows\system32\msls31.dll 2009-03-06 14:46 . 2004-08-19 14:09 286208 ----a-w- d:\windows\system32\pdh.dll 2008-05-27 14:47 . 2008-05-27 14:47 382352 -c--a-w- d:\program files\xpiinstall.exe .  ------- Sigcheck -------  [-] 2008-04-14 02:33 1571840 E17C85D5B5CF477638433B851A98499E d:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\sfcfiles.dll [-] 2008-05-13 11:50 1548288 C3AB3F01625B68E6A63BA1761A6BEEDD d:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((( Registry Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))  . *Note* empty items & legitimate initial items are not listed REGEDIT4  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] 2008-05-20 22:43 1526296 ----a-w- d:\program files\TorrentMan	bTor0.dll  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-19 15360] "msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RealTray"="d:\program files\Real\RealPlayer\RealPlay.exe" [2009-04-04 26112] "NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-06-25 8433664] "avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-19 15360]  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - d:\windows\system32\advpack.dll [2009-03-08 128512]  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\LMIinit] 2008-05-19 13:23 87352 ----a-w- d:\windows\system32\LMIinit.dll  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver"  [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=d:\windows\pss\Microsoft Office.lnkCommon Startup  [HKLM\~\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk] path=d:\documents and settings\POLO\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk backup=d:\windows\pss\Notification de cadeaux MSN.lnkStartup  [HKLM\~\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk] path=d:\documents and settings\POLO\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk backup=d:\windows\pss\RocketDock.lnkStartup  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "d:\WINDOWS\system32\usmt\migwiz.exe"= "d:\Program Files\Messenger\msmsgs.exe"= "d:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "d:\Program Files\Windows Live\Messenger\livecall.exe"= "d:\Program Files\Common Files\AOL\ACS\AOLDial.exe"= "d:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"= "e:\BitLord\BitLord.exe"= "d:\ToolBar SD\Backup-TB\Program Files\BitLord\BitLord.exe"= "d:\Program Files\BitLord\BitLord.exe"= "d:\Program Files\LimeWire\LimeWire.exe"=  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21539:TCP"= 21539:TCP:*:Disabled:BitComet 21539 TCP "21539:UDP"= 21539:UDP:*:Disabled:BitComet 21539 UDP  R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [01/06/2009 23:17 108289] R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [26/05/2008 19:47 45848] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\program files\LogMeIn\x86\RaInfo.sys --> d:\program files\LogMeIn\x86\RaInfo.sys [?] S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [22/05/2009 14:00 1684736] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\program files\MAGIX\Common\Database\bin\fbserver.exe --> e:\program files\MAGIX\Common\Database\bin\fbserver.exe [?] S3 maconfservice;Ma-Config Service;"c:\maconfservice.exe" --> c:\maconfservice.exe [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . Contents of the 'Task Scheduler' folder  2009-06-03 d:\windows\Tasks\WGASetup.job - d:\windows\system32\KB905474\wgasetup.exe [2009-04-13 20:18] . - - - - ORPHANS REMOVED - - - -  SafeBoot-procexp90.Sys   . ------- Additional Examination -------  mWindow Title = IE: &Search AOL Toolbar - d:\program files\AOL Toolbar	oolbar.dll/SEARCH.HTML IE: Add to AMV Converter... - c:\amvconverter\grab.html IE: E&xporter to Microsoft Excel - c:\office10\EXCEL.EXE/3000 IE: MediaManager tool grab multimedia file - c:\mediamanager\grab.html TCP: {CB32D5A6-B35C-4DD8-8A18-D5C55C029EC9} = 86.64.145.144,84.103.237.144 FF - ProfilePath - d:\documents and settings\POLO\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\ FF - prefs.js: browser.search.selectedEngine - YouGoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox FF - prefs.js: keyword.URL - hxxp://www.yougoo.fr/annuaire?search&q= FF - component: d:\program files\Mozilla Firefox\extensions\{280b5d37-4a76-467a-b3d6-942fca90acde}\components\FFAlert.dll FF - plugin: d:\program files\Mozilla Firefox\plugins\NPPOKER.dll FF - plugin: d:\program files\Viewpoint\Viewpoint Experience Technology
pViewpoint.dll  ---- FIREFOX SETTINGS ---- d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false); d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false); d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false); d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true); d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false); d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com"); d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k="); d:\program files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox"); .  **************************************************************************  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-03 19:30 Windows 5.1.2600 Service Pack 2 NTFS  Searching for hidden processes ...  Searching for hidden autostart entries ...  Searching for hidden files ...  Scan completed successfully Hidden files: 0  ************************************************************************** . --------------------- DLLs loaded in active processes ---------------------  - - - - - - - > 'winlogon.exe'(640) d:\windows\system32\LMIinit.dll . End time: 2009-06-03 19:32 ComboFix-quarantined-files.txt 2009-06-03 17:32  Before-CF: 13,959,770,112 bytes free After-CF: 14,205,235,200 bytes free  WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="XP" /fastdetect multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="DWindows" multi(0)disk(0)rdisk(0)partition(1)\Windows="HWindows"  217 --- E O F --- 2009-05-26 10:22

darkpoet · Answer

Hi  Download =http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe Navilog (by Il-Mafioso)  Save it on your Desktop. Install it by double-clicking on navilog.exe. Once the installation is complete, the utility will run automatically. (If not, double-click on the shortcut on the Desktop) Follow the prompts of the utility. Choose option 1 and then confirm. ! Do not use options 2, 3, and 4 without our permission! Wait until you see this message: *** Analysis Complete ..... *** Press a key as instructed. The [b]Notepad[/b] will open. Post the report here. Post the generated report.  The report is located here: C:\fixnavi.txt -- to teach is always to learn

turbulent13 · Answer

HELLO HERE is the navilog report Search Navipromo version 3.7.7 started on 03/06/2009 at 23:02:52.92  !!! Warning, this report may indicate legitimate files/programs!!! !!! Post this report on the forum for analysis!!! !!! Do not start the disinfection process without the advice of a specialist!!!  Tool executed from D:\Program Files
avilog1  Updated on 12.05.2009 at 18:00 by IL-MAFIOSO  Microsoft Windows XP Professional (v5.1.2600) Service Pack 2 X86-based PC (Uniprocessor Free: Mobile AMD Sempron(tm) Processor 3600+) BIOS: PhoenixBIOS 4.0 Release 6.1 USER: POLO (Administrator) BOOT: Normal boot  Antivirus: AntiVir Desktop 9.0.1.26 (Activated)   C:\ (Local Disk) - NTFS - Total: 69 GB (Free: 32 GB) D:\ (Local Disk) - NTFS - Total: 34 GB (Free: 13 GB) E:\ (Local Disk) - NTFS - Total: 35 GB (Free: 5 GB) F:\ (CD or DVD)   Search executed in normal mode   *** Searching folders in "D:\WINDOWS" ***   *** Searching folders in "D:\Program Files" ***   *** Searching folders in "D:\Documents and Settings\All Users\menudm~1\progra~1" ***   *** Searching folders in "D:\Documents and Settings\All Users\menudm~1" ***   *** Searching folders in "d:\docume~1\alluse~1\applic~1" ***   *** Searching folders in "D:\Documents and Settings\POLO\applic~1" ***   *** Searching folders in "D:\DOCUME~1\INVIT~1\applic~1" ***   *** Searching folders in "D:\DOCUME~1\LOGMEI~1\applic~1" ***   *** Searching folders in "D:\DOCUME~1\Mika\applic~1" ***   *** Searching folders in "D:\Documents and Settings\POLO\locals~1\applic~1" ***   *** Searching folders in "D:\DOCUME~1\INVIT~1\locals~1\applic~1" ***   *** Searching folders in "D:\DOCUME~1\LOGMEI~1\locals~1\applic~1" ***   *** Searching folders in "D:\DOCUME~1\Mika\locals~1\applic~1" ***   *** Searching folders in "D:\Documents and Settings\POLO\menudm~1\progra~1" ***   *** Searching folders in "D:\DOCUME~1\LOGMEI~1\menudm~1\progra~1" ***   *** Searching folders in "D:\DOCUME~1\Mika\menudm~1\progra~1" ***   *** Searching with Catchme-rootkit/stealth malware detector by gmer *** for more info: http://www.gmer.net    *** Searching with GenericNaviSearch *** !!! All these results may reveal legitimate files!!! !!! Must be verified before any manual deletion!!!  * Searching in "D:\WINDOWS\system32" *  * Searching in "D:\Documents and Settings\POLO\locals~1\applic~1" *  * Searching in "D:\DOCUME~1\INVIT~1\locals~1\applic~1" *  * Searching in "D:\DOCUME~1\LOGMEI~1\locals~1\applic~1" *  * Searching in "D:\DOCUME~1\Mika\locals~1\applic~1" *    *** Searching files ***    *** Searching specific keys in the Registry *** !! The keys found are not necessarily infected!!   *** Additional Search Module *** (Searching specific files)  1)Searching new Instant Access files:   2)Heuristic Search:  * In "D:\WINDOWS\system32":   * In "D:\Documents and Settings\POLO\locals~1\applic~1":   * In "D:\DOCUME~1\INVIT~1\locals~1\applic~1":   * In "D:\DOCUME~1\LOGMEI~1\locals~1\applic~1":   * In "D:\DOCUME~1\Mika\locals~1\applic~1":   3)Searching Certificates:  Certificate Egroup absent! Certificate Electronic-Group absent! Certificate Montorgueil absent! Certificate OOO-Favorit absent! Certificate Sunny-Day-Design-Ltd absent!  4)Searching other known folders and files:    *** Analysis completed on 03/06/2009 at 23:05:49.28 ***

darkpoet · Answer

bizarre tu peux refaire un sit svp -- enseigner c'est toujours apprendre

darkpoet · Answer

---> Disable your antivirus during the process because OTMoveIt3 is wrongly detected as an infection.  ---> Download OTMoveIt3 (OldTimer) to your Desktop. http://oldtimer.geekstogo.com/OTMoveIt3.exe  ---> Double-click on OTMoveIt3.exe to run it.  ---> Copy (Ctrl+C) the following text below:      :processes explorer.exe  :files D:\Program Files\BitLord  :reg [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ygyysue]  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] D:\Program Files\BitLord\BitLord.exe"="-  :commands [purity] [emptytemp] [reboot]      ---> Paste (Ctrl+V) the previously copied text into the box Paste Instructions for Items to be Moved.  ---> Now click the MoveIt! button and then close OTMoveIt3.  If a file or folder cannot be deleted immediately, the software will ask you to restart. Accept by clicking YES.  ---> Post the report located in this folder: C:\_OTMoveIt\MovedFiles\ The report name corresponds to the time of its creation: date_time.log -- to teach is to always learn

turbulent13 · Answer

Hello, so actually I had a little battery issue which caused my PC to shut down about 20 seconds after launching OTMoveIt3. After turning it back on, I tried to relaunch the program, but when I clicked on it, it immediately generated a report, so I'm sending it to you hoping it's the right one. Thanks  ========= PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== D:\Program Files\BitLord\Torrents moved successfully. D:\Program Files\BitLordules moved successfully. D:\Program Files\BitLord\lang moved successfully. D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT moved successfully. D:\Program Files\BitLord\Downloads\Dexter.S01E01-06.FRENCH.DVDRip.XviD-JMT moved successfully. D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E19-20.FRENCH.HDTV.XviD-JMT moved successfully. D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT moved successfully. D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S moved successfully. D:\Program Files\BitLord\Downloads moved successfully. D:\Program Files\BitLord moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ygyysue\ deleted successfully. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\D:\Program Files\BitLord\BitLord.exe"|"- /E : value set successfully! ========== COMMANDS ========== File delete failed. D:\DOCUME~1\POLO\LOCALS~1\Temp\etilqs_b3HMEDK9GAM0M7gzggvX scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. D:\Documents and Settings\POLO\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. Network Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. File delete failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied.  OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06042009_203342  Files moved on Reboot... File D:\DOCUME~1\POLO\LOCALS~1\Temp\etilqs_b3HMEDK9GAM0M7gzggvX not found! File move failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_001_ scheduled to be moved on reboot. File move failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_002_ scheduled to be moved on reboot. File move failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_003_ scheduled to be moved on reboot. File move failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot. File move failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\urlclassifier3.sqlite scheduled to be moved on reboot. File move failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\XUL.mfl scheduled to be moved on reboot.

darkpoet · Answer

ok a new rsit please -- to teach is to always learn

turbulent13 · Answer

Here is the new  ========= PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== Folder move failed. D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT scheduled to be moved on reboot. Folder move failed. D:\Program Files\BitLord\Downloads\Dexter.S01E01-06.FRENCH.DVDRip.XviD-JMT scheduled to be moved on reboot. Folder move failed. D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E19-20.FRENCH.HDTV.XviD-JMT scheduled to be moved on reboot. Folder move failed. D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT scheduled to be moved on reboot. Folder move failed. D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S scheduled to be moved on reboot. Folder move failed. D:\Program Files\BitLord\Downloads scheduled to be moved on reboot. Folder move failed. D:\Program Files\BitLord scheduled to be moved on reboot. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ygyysue\ not found. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\D:\Program Files\BitLord\BitLord.exe"|"- /E : value set successfully! ========== COMMANDS ========== File delete failed. D:\DOCUME~1\POLO\LOCALS~1\Temp\hsperfdata_POLO\2864 scheduled to be deleted on reboot. File delete failed. D:\DOCUME~1\POLO\LOCALS~1\Temp\etilqs_UdUKr7ezfg92lN7CU1Yp scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. D:\Documents and Settings\POLO\Local Settings\Temporary Internet Files\Content.IE5\5LGHIR9Z\client[1].htm scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\POLO\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. Network Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. File delete failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied.  OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06042009_221126  Files moved on Reboot... D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT moved successfully. D:\Program Files\BitLord\Downloads\Dexter.S01E01-06.FRENCH.DVDRip.XviD-JMT moved successfully. D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E19-20.FRENCH.HDTV.XviD-JMT moved successfully. D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT moved successfully. D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S moved successfully. D:\Program Files\BitLord\Downloads moved successfully. D:\Program Files\BitLord moved successfully. File D:\DOCUME~1\POLO\LOCALS~1\Temp\hsperfdata_POLO\2864 not found! File D:\DOCUME~1\POLO\LOCALS~1\Temp\etilqs_UdUKr7ezfg92lN7CU1Yp not found! D:\Documents and Settings\POLO\Local Settings\Temporary Internet Files\Content.IE5\5LGHIR9Z\client[1].htm moved successfully. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_001_ moved successfully. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_002_ moved successfully. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_003_ moved successfully. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\Cache\_CACHE_MAP_ moved successfully. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\urlclassifier3.sqlite moved successfully. D:\Documents and Settings\POLO\Local Settings\Application Data\Mozilla\Firefox\Profiles\p2g8qcd4.default\XUL.mfl moved successfully.

darkpoet · Answer

- Download Random's System Information Tool (RSIT) (by random/random) to your Desktop. http://images.malwareremoval.com/random/RSIT.exe  - Double-click on RSIT.exe to launch the program.  - Click on Continue at the Disclaimer screen.  - If the HijackThis tool (updated version) is not present or not detected on the computer, RSIT will download it (allow access in your firewall if prompted) and you will need to accept the license.  - When the scan is complete, two text files will open. Post the content of log.txt (the one that appears on the screen) as well as info.txt (which you will see in the taskbar).  Note: Reports are saved in the folder C:\rsit. -- to teach is to always learn

turbulent13 · Answer

Ouch, I only have one of the two reports; I can't find the other one. I only had one, and I can't find "rsit" on my C drive. Here's the one I have  Logfile of random's system information tool 1.06 (written by random/random) Run by POLO at 2009-06-04 22:28:48 Microsoft Windows XP Professional Service Pack 2 System drive D: has 13 GB (38%) free of 35 GB Total RAM: 1791 MB (74% free)  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:28:49, on 04/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal  Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe D:\WINDOWS\system32
vsvc32.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\WgaTray.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Real\RealPlayer\RealPlay.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe E:\_OTMoveIt\MovedFiles\06042009_203342\Program Files\BitLord\BitLord.exe D:\Program Files\Mozilla Firefox\firefox.exe E:\RSIT(2).exe D:\Program Files\Trend Micro\HijackThis\POLO.exe  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing) R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan	bTor1.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan	bTor1.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Assistant Help Program - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar	oolbar.dll (file missing) O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan	bTor1.dll O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: &AOL Toolbar Search - res://D:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to AMV Converter... - C:\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menu item: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar	oolbar.dll (file missing) O9 - Extra 'Tools' menu item: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar	oolbar.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\windows\system32
wprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{CB32D5A6-B35C-4DD8-8A18-D5C55C029EC9}: NameServer = 86.64.145.144,84.103.237.144 O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - E:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\maconfservice.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32
vsvc32.exe  -- End of file - 5867 bytes  ======Scheduled tasks folder======  D:\WINDOWS	asks\WGASetup.job  ======Registry dump======  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] TorrentMan Toolbar - D:\Program Files\TorrentMan	bTor1.dll [2009-06-03 2094616]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Assistant Help Program - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - D:\Program Files\AOL Toolbar	oolbar.dll [] {7c5c0f58-e061-457d-9033-77307f5ed00c} - TorrentMan Toolbar - D:\Program Files\TorrentMan	bTor1.dll [2009-06-03 2094616]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RealTray"=D:\Program Files\Real\RealPlayer\RealPlay.exe [2009-04-04 26112] "NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664] "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] "msnmsgr"=D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe [2004-04-08 496752]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] D:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-02-22 72192]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] D:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE /splash []  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] D:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW []  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] D:\WINDOWS\RTHDCPL.EXE [2009-04-30 17881088]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] C:\Office10\OSA.EXE [2001-02-13 83360]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk] D:\DOCUME~1\POLO\APPLIC~1\MICROS~1\NOTIFI~1\lsnfier.exe [2009-04-30 135680]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk] D:\WINDOWS\BRICOP~1\VISTAI~1\ROCKET~1\ROCKET~1.EXE [2007-03-19 630784]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] D:\WINDOWS\system32\LMIinit.dll [2008-05-19 87352]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] D:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutorun"=67108863 "NoDrives"=0  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"=  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\WINDOWS\system32\usmt\migwiz.exe"="D:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres" "D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "D:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "D:\Program Files\BitLord\BitLord.exe"=""="" "E:\BitLord\BitLord.exe"="E:\BitLord\BitLord.exe:*:Enabled:BitLord" "E:\_OTMoveIt\MovedFiles\06042009_203342\Program Files\BitLord\BitLord.exe"="E:\_OTMoveIt\MovedFiles\06042009_203342\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord" "D:\ToolBar SD\Backup-TB\Program Files\BitLord\BitLord.exe"="D:\ToolBar SD\Backup-TB\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "D:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "C:\AOL 9.0a\waol.exe"="C:\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"  ======List of files/folders created in the last 1 month======  2009-06-04 22:16:00 ----D---- D:\Program Files\BitLord 2009-06-04 20:33:50 ----SHD---- D:\RECYCLER 2009-06-03 23:02:52 ----A---- D:\fixnavi.txt 2009-06-03 23:02:15 ----D---- D:\Program Files\Navilog1 2009-06-03 19:32:17 ----D---- D:\WINDOWS	emp 2009-06-03 19:32:15 ----A---- D:\ComboFix.txt 2009-06-03 19:26:39 ----A---- D:\WINDOWS\zip.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWXCACLS.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWSC.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWREG.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\sed.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\PEV.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\NIRCMD.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\grep.exe 2009-06-03 19:26:33 ----D---- D:\WINDOWS\ERDNT 2009-06-03 19:26:32 ----SD---- D:\ComboFix 2009-06-03 19:25:57 ----D---- D:\Qoobox 2009-06-03 18:52:58 ----D---- D:\Program Files\LimeWire 2009-06-03 11:17:51 ----D---- D:\Program Files\TorrentMan 2009-06-03 10:35:31 ----D---- D:sit 2009-06-03 10:18:57 ----D---- D:\Program Files\Fichiers communs\ODBC 2009-06-02 22:32:19 ----A---- D:\TB.txt 2009-06-02 22:31:46 ----D---- D:\ToolBar SD 2009-06-02 21:49:50 ----D---- D:\Documents and Settings\POLO\Application Data\Ableton 2009-06-02 21:49:50 ----D---- D:\Documents and Settings\All Users\Application Data\Ableton 2009-06-02 17:53:54 ----A---- D:\WINDOWS
tbtlog.txt 2009-06-02 17:51:43 ----D---- D:\Program Files\Malwarebytes' Anti-Malware 2009-06-01 23:17:20 ----D---- D:\Program Files\Avira 2009-06-01 21:02:58 ----D---- D:\Program Files\Ad-remover 2009-06-01 19:01:51 ----D---- D:\Program Files\Trend Micro 2009-05-31 13:32:35 ----D---- D:\Documents and Settings\POLO\Application Data\Lavasoft 2009-05-29 14:09:03 ----D---- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-05-29 13:21:38 ----D---- D:\Program Files\NT Registry Optimizer 2009-05-28 22:23:17 ----D---- D:\Documents and Settings\POLO\Application Data\Malwarebytes 2009-05-28 22:23:10 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-05-28 22:08:19 ----D---- D:\WINDOWS\pss 2009-05-28 22:00:41 ----D---- D:\Program Files\VS Revo Group 2009-05-25 03:03:55 ----HDC---- D:\WINDOWS\$NtUninstallKB923689$ 2009-05-25 03:00:55 ----HDC---- D:\WINDOWS\$NtUninstallKB936782_WMP10$ 2009-05-22 21:00:45 ----D---- D:\WINDOWS\system32\URTTEMP 2009-05-22 17:40:04 ----D---- D:\Documents and Settings\POLO\Application Data\vlc 2009-05-22 14:00:38 ----D---- D:\WINDOWS\system32\RTCOM 2009-05-22 14:00:17 ----A---- D:\WINDOWS\vncutil.exe 2009-05-22 14:00:17 ----A---- D:\WINDOWS\SOUNDMAN.EXE 2009-05-22 14:00:17 ----A---- D:\WINDOWS\SkyTel.exe 2009-05-22 14:00:15 ----A---- D:\WINDOWS\RtlUpd.exe 2009-05-22 14:00:14 ----A---- D:\WINDOWS\RTLCPL.EXE 2009-05-22 14:00:12 ----A---- D:\WINDOWS\system32\RtkCoInstXP.dll 2009-05-22 14:00:12 ----A---- D:\WINDOWS\RtkAudioService.exe 2009-05-22 14:00:09 ----A---- D:\WINDOWS\RTHDCPL.EXE 2009-05-22 14:00:07 ----A---- D:\WINDOWS\MicCal.exe 2009-05-22 14:00:03 ----D---- D:\Program Files\Realtek 2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCWZRD.EXE 2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCMTR.EXE 2009-05-22 13:59:55 ----A---- D:\WINDOWS\RtlExUpd.dll 2009-05-22 13:53:51 ----D---- D:\Documents and Settings\All Users\Application Data\ma-config.com 2009-05-17 13:09:48 ----D---- D:\Documents and Settings\All Users\Application Data\Babylon 2009-05-17 13:09:47 ----D---- D:\Documents and Settings\POLO\Application Data\Babylon 2009-05-16 20:48:35 ----D---- D:\Documents and Settings\POLO\Application Data\Serif 2009-05-15 21:34:35 ----A---- D:\WINDOWS\wininit.ini 2009-05-15 13:38:32 ----D---- D:\Documents and Settings\POLO\Application Data\F-Secure 2009-05-15 13:33:37 ----D---- D:\Program Files\Orange 2009-05-15 13:33:14 ----D---- D:\Documents and Settings\All Users\Application Data\fssg 2009-05-15 13:32:25 ----D---- D:\Documents and Settings\All Users\Application Data\f-secure 2009-05-13 18:15:38 ----D---- D:\Documents and Settings\POLO\Application Data\Icones 2009-05-12 19:02:10 ----D---- D:\Program Files\Securitoo 2009-05-12 19:01:30 ----A---- D:\WINDOWS\system32\w32n50.dll 2009-05-12 19:01:20 ----D---- D:\Program Files\OrangeHSS 2009-05-12 18:59:49 ----A---- D:\WINDOWS\system32\atl71.dll  ======List of files/folders modified in the last 1 month======  2009-06-04 22:28:22 ----D---- D:\WINDOWS\Prefetch 2009-06-04 22:16:39 ----D---- D:\Program Files\Mozilla Firefox 2009-06-04 22:16:00 ----RD---- D:\Program Files 2009-06-04 22:13:13 ----D---- D:\WINDOWS\system32\CatRoot2 2009-06-04 22:11:44 ----A---- D:\WINDOWS\SchedLgU.Txt 2009-06-04 02:03:56 ----D---- D:\Documents and Settings\POLO\Application Data\LimeWire 2009-06-03 23:05:46 ----D---- D:\WINDOWS\system32 2009-06-03 19:32:17 ----D---- D:\WINDOWS 2009-06-03 19:30:54 ----A---- D:\WINDOWS\system.ini 2009-06-03 19:30:24 ----D---- D:\WINDOWS\system32\drivers 2009-06-03 19:30:10 ----D---- D:\WINDOWS\AppPatch 2009-06-03 19:30:08 ----D---- D:\Program Files\Fichiers communs 2009-06-03 18:53:08 ----SHD---- D:\WINDOWS\Installer 2009-06-03 10:19:03 ----SD---- D:\Documents and Settings\POLO\Application Data\Microsoft 2009-06-03 10:18:57 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft 2009-06-02 17:54:05 ----D---- D:\Documents and Settings 2009-06-01 23:17:28 ----HD---- D:\WINDOWS\inf 2009-06-01 23:17:20 ----D---- D:\Documents and Settings\All Users\Application Data\Avira 2009-06-01 23:15:24 ----D---- D:\WINDOWS\WinSxS 2009-06-01 21:09:57 ----SD---- D:\WINDOWS\Downloaded Program Files 2009-05-31 14:40:53 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI 2009-05-29 13:16:31 ----D---- D:\WINDOWS\system32\config 2009-05-29 13:16:12 ----D---- D:\WINDOWS\system32\wbem 2009-05-29 13:16:12 ----D---- D:\WINDOWS\Registration 2009-05-28 23:18:54 ----D---- D:\WINDOWS\Debug 2009-05-28 22:09:50 ----A---- D:\WINDOWS\win.ini 2009-05-28 22:04:39 ----D---- D:\Program Files\Internet Explorer 2009-05-28 00:58:08 ----D---- D:\Documents and Settings\POLO\Application Data\dvdcss 2009-05-25 13:29:54 ----D---- D:\WINDOWS\security 2009-05-25 03:05:35 ----D---- D:\WINDOWS\system32\CatRoot 2009-05-25 03:04:30 ----RSHDC---- D:\WINDOWS\system32\dllcache 2009-05-22 21:01:12 ----RSD---- D:\WINDOWS\assembly 2009-05-22 17:49:27 ----D---- D:\Program Files\Windows Media Player 2009-05-22 17:49:16 ----D---- D:\WINDOWS\Help 2009-05-22 17:48:56 ----D---- D:\WINDOWS\RegisteredPackages 2009-05-22 14:16:17 ----D---- D:\Program Files\Messenger Plus! Live 2009-05-22 14:16:16 ----SHDC---- D:\Program Files\Fichiers communs\WindowsLiveInstaller 2009-05-22 14:00:03 ----HD---- D:\Program Files\InstallShield Installation Information 2009-05-18 09:47:05 ----A---- D:\WINDOWS\CDPlayer.ini 2009-05-16 20:47:27 ----RSD---- D:\WINDOWS\Fonts 2009-05-14 23:41:49 ----D---- D:\Program Files\Movie Maker 2009-05-07 09:16:29 ----A---- D:\WINDOWS\system32\MRT.exe 2009-05-05 22:55:47 ----A---- D:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt 2009-05-05 22:02:08 ----A---- D:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt 2009-05-05 21:45:02 ----A---- D:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt

darkpoet · Answer

I would advise you to remove Bitlord, which is detected as malicious  Change your program; there are plenty of options available.  Your version of Windows is a pirated version =DANGER: http://www.commentcamarche.net/faq/sujet2981 I am using a pirated version of Windows  Download ToolsCleaner to your desktop. --> http://www.commentcamarche.net/telecharger/telecharger34055291toolscleaner # Click on "Search" and let the scan run ... # Click on "Delete" to finalize. # You can, if you wish, make use of the optional options. # Click on Exit to obtain the report. # Post the report (TCleaner.txt) which is located at the root of your hard drive (C:\).  Then  Download =https://filehippo.com/download_ccleaner/ to your Desktop.   Click on "download the latest version" Install it by leaving only the following options checked: - [i]Add a shortcut on the Desktop/i - [i]Automatically check for CCleaner updates Run the [b]Cleaning/b Click on [b]Search for errors/b and save if you wish.  Help: =http://www.infos-du-net.com/forum/272336-7-Ccleaner-under-construction -- Teaching is always learning

turbulent13 · Answer

Honestly, I don't know how it happened, but once again, I didn't get a report when I removed it after deletion; nothing showed up. Can you explain to me how to find it on my C drive? What is the root of C?  Sorry for being such a noob in computing, but I’m learning, I'm learning... THANK YOU   P.S.: And for BitLord, it works; I'm going to delete it, but as I told you, we must have blocked something with a disinfecting program because for the past 3 days, nothing is working; it’s not downloading anymore. I tried LimeWire, and it’s the same...   I’m continuing now; I'm on the second part of your message.

turbulent13 · Answer

It's done for CCleaner...

turbulent13 · Answer

Ouch, I only have one of the two reports, can't find the other one, I only had one and I can't find "rsit" on my C drive. Here's the one I have  Logfile of random's system information tool 1.06 (written by random/random) Run by POLO at 2009-06-04 22:28:48 Microsoft Windows XP Professional Service Pack 2 System drive D: has 13 GB (38%) free of 35 GB Total RAM: 1791 MB (74% free)  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:28:49, on 04/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal  Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe D:\WINDOWS\system32
vsvc32.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\WgaTray.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Real\RealPlayer\RealPlay.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe E:\_OTMoveIt\MovedFiles\06042009_203342\Program Files\BitLord\BitLord.exe D:\Program Files\Mozilla Firefox\firefox.exe E:\RSIT(2).exe D:\Program Files\Trend Micro\HijackThis\POLO.exe  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing) R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan	bTor1.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan	bTor1.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-In Assistant Help Program - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar	oolbar.dll (file missing) O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan	bTor1.dll O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: &AOL Toolbar Search - res://D:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to AMV Converter... - C:\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar	oolbar.dll (file missing) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar	oolbar.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\windows\system32
wprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{CB32D5A6-B35C-4DD8-8A18-D5C55C029EC9}: NameServer = 86.64.145.144,84.103.237.144 O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - E:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\maconfservice.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32
vsvc32.exe  -- End of file - 5867 bytes  ======Scheduled tasks folder======  D:\WINDOWS	asks\WGASetup.job  ======Registry dump======  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] TorrentMan Toolbar - D:\Program Files\TorrentMan	bTor1.dll [2009-06-03 2094616]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-In Assistant Help Program - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - D:\Program Files\AOL Toolbar	oolbar.dll [] {7c5c0f58-e061-457d-9033-77307f5ed00c} - TorrentMan Toolbar - D:\Program Files\TorrentMan	bTor1.dll [2009-06-03 2094616]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RealTray"=D:\Program Files\Real\RealPlayer\RealPlay.exe [2009-04-04 26112] "NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664] "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] "msnmsgr"=D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe [2004-04-08 496752]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] D:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-02-22 72192]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] D:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE /splash []  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] D:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW []  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] D:\WINDOWS\RTHDCPL.EXE [2009-04-30 17881088]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] C:\Office10\OSA.EXE [2001-02-13 83360]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk] D:\DOCUME~1\POLO\APPLIC~1\MICROS~1\NOTIFI~1\lsnfier.exe [2009-04-30 135680]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk] D:\WINDOWS\BRICOP~1\VISTAI~1\ROCKET~1\ROCKET~1.EXE [2007-03-19 630784]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] D:\WINDOWS\system32\LMIinit.dll [2008-05-19 87352]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] D:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutorun"=67108863 "NoDrives"=0  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"=  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\WINDOWS\system32\usmt\migwiz.exe"="D:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:File and Settings Transfer Assistant" "D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "D:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "D:\Program Files\BitLord\BitLord.exe"=""="" "E:\BitLord\BitLord.exe"="E:\BitLord\BitLord.exe:*:Enabled:BitLord" "E:\_OTMoveIt\MovedFiles\06042009_203342\Program Files\BitLord\BitLord.exe"="E:\_OTMoveIt\MovedFiles\06042009_203342\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord" "D:\ToolBar SD\Backup-TB\Program Files\BitLord\BitLord.exe"="D:\ToolBar SD\Backup-TB\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord" "D:\Program Files\BitLord\BitLord.exe"="D:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "D:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "C:\AOL 9.0a\waol.exe"="C:\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"  ======List of files/folders created in the last 1 months======  2009-06-04 22:16:00 ----D---- D:\Program Files\BitLord 2009-06-04 20:33:50 ----SHD---- D:\RECYCLER 2009-06-03 23:02:52 ----A---- D:\fixnavi.txt 2009-06-03 23:02:15 ----D---- D:\Program Files\Navilog1 2009-06-03 19:32:17 ----D---- D:\WINDOWS	emp 2009-06-03 19:32:15 ----A---- D:\ComboFix.txt 2009-06-03 19:26:39 ----A---- D:\WINDOWS\zip.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWXCACLS.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWSC.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWREG.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\sed.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\PEV.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\NIRCMD.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\grep.exe 2009-06-03 19:26:33 ----D---- D:\WINDOWS\ERDNT 2009-06-03 19:26:32 ----SD---- D:\ComboFix 2009-06-03 19:25:57 ----D---- D:\Qoobox 2009-06-03 18:52:58 ----D---- D:\Program Files\LimeWire 2009-06-03 11:17:51 ----D---- D:\Program Files\TorrentMan 2009-06-03 10:35:31 ----D---- D:sit 2009-06-03 10:18:57 ----D---- D:\Program Files\Fichiers communs\ODBC 2009-06-02 22:32:19 ----A---- D:\TB.txt 2009-06-02 22:31:46 ----D---- D:\ToolBar SD 2009-06-02 21:49:50 ----D---- D:\Documents and Settings\POLO\Application Data\Ableton 2009-06-02 21:49:50 ----D---- D:\Documents and Settings\All Users\Application Data\Ableton 2009-06-02 17:53:54 ----A---- D:\WINDOWS
tbtlog.txt 2009-06-02 17:51:43 ----D---- D:\Program Files\Malwarebytes' Anti-Malware 2009-06-01 23:17:20 ----D---- D:\Program Files\Avira 2009-06-01 21:02:58 ----D---- D:\Program Files\Ad-remover 2009-06-01 19:01:51 ----D---- D:\Program Files\Trend Micro 2009-05-31 13:32:35 ----D---- D:\Documents and Settings\POLO\Application Data\Lavasoft 2009-05-29 14:09:03 ----D---- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-05-29 13:21:38 ----D---- D:\Program Files\NT Registry Optimizer 2009-05-28 22:23:17 ----D---- D:\Documents and Settings\POLO\Application Data\Malwarebytes 2009-05-28 22:23:10 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-05-28 22:08:19 ----D---- D:\WINDOWS\pss 2009-05-28 22:00:41 ----D---- D:\Program Files\VS Revo Group 2009-05-25 03:03:55 ----HDC---- D:\WINDOWS\$NtUninstallKB923689$ 2009-05-25 03:00:55 ----HDC---- D:\WINDOWS\$NtUninstallKB936782_WMP10$ 2009-05-22 21:00:45 ----D---- D:\WINDOWS\system32\URTTEMP 2009-05-22 17:40:04 ----D---- D:\Documents and Settings\POLO\Application Data\vlc 2009-05-22 14:00:38 ----D---- D:\WINDOWS\system32\RTCOM 2009-05-22 14:00:17 ----A---- D:\WINDOWS\vncutil.exe 2009-05-22 14:00:17 ----A---- D:\WINDOWS\SOUNDMAN.EXE 2009-05-22 14:00:17 ----A---- D:\WINDOWS\SkyTel.exe 2009-05-22 14:00:15 ----A---- D:\WINDOWS\RtlUpd.exe 2009-05-22 14:00:14 ----A---- D:\WINDOWS\RTLCPL.EXE 2009-05-22 14:00:12 ----A---- D:\WINDOWS\system32\RtkCoInstXP.dll 2009-05-22 14:00:12 ----A---- D:\WINDOWS\RtkAudioService.exe 2009-05-22 14:00:09 ----A---- D:\WINDOWS\RTHDCPL.EXE 2009-05-22 14:00:07 ----A---- D:\WINDOWS\MicCal.exe 2009-05-22 14:00:03 ----D---- D:\Program Files\Realtek 2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCWZRD.EXE 2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCMTR.EXE 2009-05-22 13:59:55 ----A---- D:\WINDOWS\RtlExUpd.dll 2009-05-22 13:53:51 ----D---- D:\Documents and Settings\All Users\Application Data\ma-config.com 2009-05-17 13:09:48 ----D---- D:\Documents and Settings\All Users\Application Data\Babylon 2009-05-17 13:09:47 ----D---- D:\Documents and Settings\POLO\Application Data\Babylon 2009-05-16 20:48:35 ----D---- D:\Documents and Settings\POLO\Application Data\Serif 2009-05-15 21:34:35 ----A---- D:\WINDOWS\wininit.ini 2009-05-15 13:38:32 ----D---- D:\Documents and Settings\POLO\Application Data\F-Secure 2009-05-15 13:33:37 ----D---- D:\Program Files\Orange 2009-05-15 13:33:14 ----D---- D:\Documents and Settings\All Users\Application Data\fssg 2009-05-15 13:32:25 ----D---- D:\Documents and Settings\All Users\Application Data\f-secure 2009-05-13 18:15:38 ----D---- D:\Documents and Settings\POLO\Application Data\Icones 2009-05-12 19:02:10 ----D---- D:\Program Files\Securitoo 2009-05-12 19:01:30 ----A---- D:\WINDOWS\system32\w32n50.dll 2009-05-12 19:01:20 ----D---- D:\Program Files\OrangeHSS 2009-05-12 18:59:49 ----A---- D:\WINDOWS\system32\atl71.dll  ======List of files/folders modified in the last 1 months======  2009-06-04 22:28:22 ----D---- D:\WINDOWS\Prefetch 2009-06-04 22:16:39 ----D---- D:\Program Files\Mozilla Firefox 2009-06-04 22:16:00 ----RD---- D:\Program Files 2009-06-04 22:13:13 ----D---- D:\WINDOWS\system32\CatRoot2 2009-06-04 22:11:44 ----A---- D:\WINDOWS\SchedLgU.Txt 2009-06-04 02:03:56 ----D---- D:\Documents and Settings\POLO\Application Data\LimeWire 2009-06-03 23:05:46 ----D---- D:\WINDOWS\system32 2009-06-03 19:32:17 ----D---- D:\WINDOWS 2009-06-03 19:30:54 ----A---- D:\WINDOWS\system.ini 2009-06-03 19:30:24 ----D---- D:\WINDOWS\system32\drivers 2009-06-03 19:30:10 ----D---- D:\WINDOWS\AppPatch 2009-06-03 19:30:08 ----D---- D:\Program Files\Fichiers communs 2009-06-03 18:53:08 ----SHD---- D:\WINDOWS\Installer 2009-06-03 10:19:03 ----SD---- D:\Documents and Settings\POLO\Application Data\Microsoft 2009-06-03 10:18:57 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft 2009-06-02 17:54:05 ----D---- D:\Documents and Settings 2009-06-01 23:17:28 ----HD---- D:\WINDOWS\inf 2009-06-01 23:17:20 ----D---- D:\Documents and Settings\All Users\Application Data\Avira 2009-06-01 23:15:24 ----D---- D:\WINDOWS\WinSxS 2009-06-01 21:09:57 ----SD---- D:\WINDOWS\Downloaded Program Files 2009-05-31 14:40:53 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI 2009-05-29 13:16:31 ----D---- D:\WINDOWS\system32\config 2009-05-29 13:16:12 ----D---- D:\WINDOWS\system32\wbem 2009-05-29 13:16:12 ----D---- D:\WINDOWS\Registration 2009-05-28 23:18:54 ----D---- D:\WINDOWS\Debug 2009-05-28 22:09:50 ----A---- D:\WINDOWS\win.ini 2009-05-28 22:04:39 ----D---- D:\Program Files\Internet Explorer 2009-05-28 00:58:08 ----D---- D:\Documents and Settings\POLO\Application Data\dvdcss 2009-05-25 13:29:54 ----D---- D:\WINDOWS\security 2009-05-25 03:05:35 ----D---- D:\WINDOWS\system32\CatRoot 2009-05-25 03:04:30 ----RSHDC---- D:\WINDOWS\system32\dllcache 2009-05-22 21:01:12 ----RSD---- D:\WINDOWS\assembly 2009-05-22 17:49:27 ----D---- D:\Program Files\Windows Media Player 2009-05-22 17:49:16 ----D---- D:\WINDOWS\Help 2009-05-22 17:48:56 ----D---- D:\WINDOWS\RegisteredPackages 2009-05-22 14:16:17 ----D---- D:\Program Files\Messenger Plus! Live 2009-05-22 14:16:16 ----SHDC---- D:\Program Files\Fichiers communs\WindowsLiveInstaller 2009-05-22 14:00:03 ----HD---- D:\Program Files\InstallShield Installation Information 2009-05-18 09:47:05 ----A---- D:\WINDOWS\CDPlayer.ini 2009-05-16 20:47:27 ----RSD---- D:\WINDOWS\Fonts 2009-05-14 23:41:49 ----D---- D:\Program Files\Movie Maker 2009-05-07 09:16:29 ----A---- D:\WINDOWS\system32\MRT.exe 2009-05-05 22:55:47 ----A---- D:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt 2009-05-05 22:02:08 ----A---- D:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt 2009-05-05 21:45:02 ----A---- D:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt

darkpoet · Answer

no problem, please make a new toolbar  Download https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 to your Desktop.  Run the program installation by executing the downloaded file. Double-click now on the Toolbar-S&D shortcut. Select your desired language by typing the letter of your choice and then validating with the Enter key. Now choose option 1 (Search). Wait until the search is complete. Post the generated report. (C:\TB.txt) -- teaching is always learning

DllD · Answer

Hey you two,  Darkpoet, I'm replying to you here for: "DllD, why is bitlord considered harmful?"  Because it's an adware, not that harmful...  https://blog.emsisoft.com/en/7472/emsisoft-malware-library/  They're quite paranoid at A2, hence their amazing score: https://www.emsisoft.com/images/antivirustest_mrg_200904_fr.png  Maybe soon they'll consider Antivir as adware too because during updates it displays an ad for an upgrade to the paid version ;-)  In any case, it's better to get rid of it. -- Hack what good

turbulent13 · Answer

Hello, I just got back from work, here is the report Toolbar    -----------\ ToolBar S&D 1.2.8 XP/Vista   Microsoft Windows XP Professional (v5.1.2600) Service Pack 2  X86-based PC (Uniprocessor Free: Mobile AMD Sempron(tm) Processor 3600+)  BIOS: PhoenixBIOS 4.0 Release 6.1  USER: POLO (Administrator)  BOOT: Normal boot  Antivirus: AntiVir Desktop 9.0.1.26 (Activated)  C:\ (Local Disk) - NTFS - Total: 69 Go (Free: 32 Go)  D:\ (Local Disk) - NTFS - Total: 34 Go (Free: 14 Go)  E:\ (Local Disk) - NTFS - Total: 35 Go (Free: 5 Go)  F:\ (CD or DVD)   "D:\ToolBar SD" (UPDATE: 21-12-2008|20:47)  Option: [1] (05/06/2009|19:30)   -----------\ File / Folder Search ...   D:\WINDOWS\Prefetch\BITLORD_1.01.EXE-32F7B7E8.pf  D:\DOCUME~1\POLO\Cookies\polo@bitlord[1].txt   -----------\ Extensions   (POLO) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar  (POLO) - {7c5c0f58-e061-457d-9033-77307f5ed00c} => torrentman  (POLO) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper    -----------\ [..\Internet Explorer\Main]   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]  "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"  "Local Page"="D:\WINDOWS\system32\blank.htm"  "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"  "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"  "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]  "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"  "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"  "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"  "Local Page"="D:\WINDOWS\system32\blank.htm"  "Start Page"="https://www.msn.com/fr-fr/"  "Search bar"="http://www.bing.com/spresults.aspx"    --------------------\ Searching for other infections    No other infections found!    1 - "D:\ToolBar SD\TB_1.txt" - 05/06/2009|19:31 - Option: [1]   -----------\ End of report at 19:31:32,04

darkpoet · Answer

thank you DllD  turbulent13 is restarting toolbarsd option 2 as DllD said it's better to get rid of (bitlord) -- to teach is always to learn

turbulent13 · Answer

ok ok it's done here is the ToolBar report but can you please help me understand why I can no longer download anything, neither with BitLord nor with eMule... because deleting BitLord personally is not an issue, but whatever program I use, the download is not working. THANK YOU. ToolBar report:    -----------\ ToolBar S&D 1.2.8 XP/Vista   Microsoft Windows XP Professional (v5.1.2600) Service Pack 2  X86-based PC (Uniprocessor Free: Mobile AMD Sempron(tm) Processor 3600+)  BIOS: PhoenixBIOS 4.0 Release 6.1  USER: POLO (Administrator)  BOOT: Normal boot  Antivirus: AntiVir Desktop 9.0.1.26 (Activated)  C:\ (Local Disk) - NTFS - Total: 69 Go (Free: 32 Go)  D:\ (Local Disk) - NTFS - Total: 34 Go (Free: 13 Go)  E:\ (Local Disk) - NTFS - Total: 35 Go (Free: 5 Go)  F:\ (CD or DVD)  G:\ (Local Disk) - NTFS - Total: 465 Go (Free: 350 Go)   "D:\ToolBar SD" (UPDATE: 21-12-2008|20:47)  Option: [2] (06/06/2009|13:33)   -----------\ REMOVAL   Remove! - D:\WINDOWS\Prefetch\BITLORD_1.01.EXE-32F7B7E8.pf   -----------\ File / Folder Search...   D:\Program Files\BitLord  D:\Program Files\BitLord\BitLord.exe  D:\Program Files\BitLord\BitLord.url  D:\Program Files\BitLord\BitLord.xml  D:\Program Files\BitLord\Downloads  D:\Program Files\BitLord\Downloads.xml  D:\Program Files\BitLord\lang  D:\Program Files\BitLord\License.txt  D:\Program Files\BitLordules  D:\Program Files\BitLord\Torrents  D:\Program Files\BitLord\uninst.exe  D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S  D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT  D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT  D:\Program Files\BitLord\Downloads\JCVD[2008]DvDrip[Eng]-FXG  D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E11.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!  D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E12.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!  D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E13.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!  D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E14.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!  D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E15.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!  D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S\CSI.Las.Vegas.S07E16.FRENCH.DVDRiP.XViD-ANDR0S.avi.bc!  D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT\CSI.Las.Vegas.S07E17.FRENCH.HDTV.XviD-JMT.avi.bc!  D:\Program Files\BitLord\Downloads\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT\CSI.Las.Vegas.S07E18.FRENCH.HDTV.XviD-JMT.avi.bc!  D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E07.FRENCH.DVDRip.XviD-JMT.avi.bc!  D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E08.FRENCH.DVDRip.XviD-JMT.avi.bc!  D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E09.FRENCH.DVDRip.XviD-JMT.avi.bc!  D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E10.FRENCH.DVDRip.XviD-JMT.avi.bc!  D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E11.FRENCH.DVDRip.XviD-JMT.avi.bc!  D:\Program Files\BitLord\Downloads\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT\Dexter.S01E12.FiNAL.FRENCH.DVDRip.XviD-JMT.avi.bc!  D:\Program Files\BitLord\Downloads\JCVD[2008]DvDrip[Eng]-FXG\FXGâ„c.nfo  D:\Program Files\BitLord\Downloads\JCVD[2008]DvDrip[Eng]-FXG\JCVD[2008]DvDrip[Eng]-FXG.avi  D:\Program Files\BitLord\Downloads\JCVD[2008]DvDrip[Eng]-FXG\JCVD[Eng][Subs].srt  D:\Program Files\BitLord\lang\lang_ar_ae.xml  D:\Program Files\BitLord\lang\lang_bg_bg.xml  D:\Program Files\BitLord\lang\lang_ca_es.xml  D:\Program Files\BitLord\lang\lang_cz_cz.xml  D:\Program Files\BitLord\lang\lang_da_dk.xml  D:\Program Files\BitLord\lang\lang_de_de.xml  D:\Program Files\BitLord\lang\lang_el_gr.xml  D:\Program Files\BitLord\lang\lang_en_us.xml  D:\Program Files\BitLord\lang\lang_es_ar.xml  D:\Program Files\BitLord\lang\lang_es_es.xml  D:\Program Files\BitLord\lang\lang_et_ee.xml  D:\Program Files\BitLord\lang\lang_fi_fi.xml  D:\Program Files\BitLord\lang\lang_fr_fr.xml  D:\Program Files\BitLord\lang\lang_gl_es.xml  D:\Program Files\BitLord\lang\lang_he_il.xml  D:\Program Files\BitLord\lang\lang_hu_hu.xml  D:\Program Files\BitLord\lang\lang_it_it.xml  D:\Program Files\BitLord\lang\lang_jp_jp.xml  D:\Program Files\BitLord\lang\lang_ko_kr.xml  D:\Program Files\BitLord\lang\lang_nb_no.xml  D:\Program Files\BitLord\lang\lang_nl_nl.xml  D:\Program Files\BitLord\lang\lang_pl_pl.xml  D:\Program Files\BitLord\lang\lang_pt_br.xml  D:\Program Files\BitLord\lang\lang_pt_pt.xml  D:\Program Files\BitLord\lang\lang_ro_ro.xml  D:\Program Files\BitLord\lang\lang_ru_ru.xml  D:\Program Files\BitLord\lang\lang_sk_sk.xml  D:\Program Files\BitLord\lang\lang_sl_si.xml  D:\Program Files\BitLord\lang\lang_sr_sr.xml  D:\Program Files\BitLord\lang\lang_sv_se.xml  D:\Program Files\BitLord\lang\lang_th_th.xml  D:\Program Files\BitLord\lang\lang_tr_tr.xml  D:\Program Files\BitLord\lang\lang_va_es.xml  D:\Program Files\BitLord\lang\lang_zh_tw.xml  D:\Program Files\BitLordules\ipfilter.dat  D:\Program Files\BitLordules	racker.dat  D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S.torrent  D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E11-16.FRENCH.DVDRiP.XViD-ANDR0S.xml  D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT.torrent  D:\Program Files\BitLord\Torrents\CSI.Las.Vegas.S07E17-18.FRENCH.HDTV.XviD-JMT.xml  D:\Program Files\BitLord\Torrents\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT.torrent  D:\Program Files\BitLord\Torrents\Dexter.S01E07-12.FRENCH.DVDRip.XviD-JMT.xml  D:\Program Files\BitLord\Torrents\JCVD[2008]DvDrip[Eng]-FXG.torrent  D:\Program Files\BitLord\Torrents\JCVD[2008]DvDrip[Eng]-FXG.xml  D:\DOCUME~1\POLO\Desktop\BitLord.lnk  D:\WINDOWS\Prefetch\BITLORD.EXE-27A8448C.pf  D:\WINDOWS\Prefetch\BITLORD_1.01(4).EXE-08101BD2.pf  D:\DOCUME~1\POLO\Menu Démarrer\Programmes\BitLord  D:\DOCUME~1\POLO\Cookies\polo@bitlord[2].txt   -----------\ Extensions   (POLO) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar  (POLO) - {7c5c0f58-e061-457d-9033-77307f5ed00c} => torrentman  (POLO) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper    -----------\ [..\Internet Explorer\Main]   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]  "Local Page"="D:\WINDOWS\system32\blank.htm"  "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"  "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"  "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"  "Start Page"="http://www.emule-france.com"   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]  "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"  "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"  "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"  "Local Page"="D:\WINDOWS\system32\blank.htm"  "Start Page"="https://www.msn.com/fr-fr/"  "Search bar"="http://www.bing.com/spresults.aspx"    --------------------\ Searching for other infections    No other infection found!    1 - "D:\ToolBar SD\TB_1.txt" - 05/06/2009|19:31 - Option: [1]  2 - "D:\ToolBar SD\TB_2.txt" - 06/06/2009|13:34 - Option: [2]   -----------\ End of report at 13:34:09.84

darkpoet · Answer

ok redo this again please  -- to teach is always to learn

crapoulou · Answer

Hi, With darkpoet's agreement, for personal reasons, I will finish your disinfection. You can post a new RSIT. In the meantime, I will check what you have done. Crapoulou. -- Got a problem? Head over to CCM! There’s no problem without a solution.

turbulent13 · Answer

OK hello to you crapoulou and thanks for the helping hand here are the 2 RSIT reports to start the log:  Logfile of random's system information tool 1.06 (written by random/random) Run by POLO at 2009-06-07 01:00:18 Microsoft Windows XP Professional Service Pack 2 System drive D: has 12 GB (35%) free of 35 GB Total RAM: 1791 MB (72% free)  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:00:29, on 07/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal  Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe D:\WINDOWS\system32
vsvc32.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\WgaTray.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Real\RealPlayer\RealPlay.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\Mozilla Firefox\firefox.exe E:\RSIT.exe D:\Program Files	rend micro\POLO.exe  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emule-france.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan	bTor1.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan	bTor1.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan	bTor1.dll O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: &AOL Toolbar Search - res://D:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to AMV Converter... - C:\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menu item: Java Console (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menu item: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\windows\system32
wprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{CB32D5A6-B35C-4DD8-8A18-D5C55C029EC9}: NameServer = 86.64.145.144,84.103.237.144 O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\Common Files\AOL\ACS\AOLacsd.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - E:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\maconfservice.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32
vsvc32.exe  -- End of file - 5709 bytes  ======Scheduled tasks folder======  D:\WINDOWS	asks\WGASetup.job  ======Registry dump======  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] TorrentMan Toolbar - D:\Program Files\TorrentMan	bTor1.dll [2009-06-03 2094616]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Assistant Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4982D40A-C53B-4615-B15B-B5B5E98D167C} {7c5c0f58-e061-457d-9033-77307f5ed00c} - TorrentMan Toolbar - D:\Program Files\TorrentMan	bTor1.dll [2009-06-03 2094616]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RealTray"=D:\Program Files\Real\RealPlayer\RealPlay.exe [2009-04-04 26112] "NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664] "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] "msnmsgr"=D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-04-08 496752]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-02-22 72192]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] D:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE /splash []  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] D:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW []  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] D:\WINDOWS\RTHDCPL.EXE [2009-04-30 17881088]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] C:\Office10\OSA.EXE [2001-02-13 83360]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk] D:\DOCUME~1\POLO\APPLIC~1\MICROS~1\NOTIFI~1\lsnfier.exe [2009-04-30 135680]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk] D:\WINDOWS\BRICOP~1\VISTAI~1\ROCKET~1\ROCKET~1.EXE [2007-03-19 630784]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] D:\WINDOWS\system32\LMIinit.dll [2008-05-19 87352]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] D:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\vsmon]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutorun"=67108863 "NoDrives"=0  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"=  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\WINDOWS\system32\usmt\migwiz.exe"="D:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:File and Settings Transfer Assistant" "D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "D:\Program Files\BitLord\BitLord.exe"=""="" "D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule" "D:\Program Files\BitLord\BitLord.exe"="D:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="D:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "C:\AOL 9.0a\waol.exe"="C:\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"  ======List of files/folders created in the last 1 months======  2009-06-07 01:00:18 ----D---- D:sit 2009-06-06 17:20:12 ----D---- D:\Documents and Settings\POLO\Application Data\.ABC 2009-06-06 17:20:02 ----D---- D:\Program Files\ABC 2009-06-06 16:45:20 ----D---- D:\Documents and Settings\All Users\Application Data\MailFrontier 2009-06-06 16:44:58 ----A---- D:\WINDOWS\system32\SpOrder.dll 2009-06-06 16:43:05 ----D---- D:\WINDOWS\Internet Logs 2009-06-06 15:18:32 ----D---- D:\Program Files\BitLord 2009-06-06 14:23:04 ----D---- D:\Documents and Settings\POLO\Application Data\vlc 2009-06-05 20:54:31 ----D---- D:\Program Files\eMule 2009-06-05 19:30:48 ----A---- D:\TB.txt 2009-06-05 19:29:16 ----D---- D:\ToolBar SD 2009-06-04 23:17:12 ----D---- D:\Program Files\CCleaner 2009-06-04 23:05:23 ----A---- D:\TCleaner.txt 2009-06-04 20:33:50 ----SHD---- D:\RECYCLER 2009-06-03 19:32:17 ----D---- D:\WINDOWS	emp 2009-06-03 19:26:39 ----A---- D:\WINDOWS\zip.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWXCACLS.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWSC.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWREG.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\sed.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\PEV.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\NIRCMD.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\grep.exe 2009-06-03 19:26:33 ----D---- D:\WINDOWS\ERDNT 2009-06-03 11:17:51 ----D---- D:\Program Files\TorrentMan 2009-06-03 10:18:57 ----D---- D:\Program Files\Common Files\ODBC 2009-06-02 21:49:50 ----D---- D:\Documents and Settings\POLO\Application Data\Ableton 2009-06-02 21:49:50 ----D---- D:\Documents and Settings\All Users\Application Data\Ableton 2009-06-02 17:51:43 ----D---- D:\Program Files\Malwarebytes' Anti-Malware 2009-06-01 23:17:20 ----D---- D:\Program Files\Avira 2009-06-01 19:01:51 ----D---- D:\Program Files\Trend Micro 2009-05-31 13:32:35 ----D---- D:\Documents and Settings\POLO\Application Data\Lavasoft 2009-05-29 14:09:03 ----D---- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-05-29 13:21:38 ----D---- D:\Program Files\NT Registry Optimizer 2009-05-28 22:23:17 ----D---- D:\Documents and Settings\POLO\Application Data\Malwarebytes 2009-05-28 22:23:10 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-05-28 22:08:19 ----D---- D:\WINDOWS\pss 2009-05-28 22:00:41 ----D---- D:\Program Files\VS Revo Group 2009-05-25 03:03:55 ----HDC---- D:\WINDOWS\$NtUninstallKB923689$ 2009-05-25 03:00:55 ----HDC---- D:\WINDOWS\$NtUninstallKB936782_WMP10$ 2009-05-22 21:00:45 ----D---- D:\WINDOWS\system32\URTTEMP 2009-05-22 14:00:38 ----D---- D:\WINDOWS\system32\RTCOM 2009-05-22 14:00:17 ----A---- D:\WINDOWS\vncutil.exe 2009-05-22 14:00:17 ----A---- D:\WINDOWS\SOUNDMAN.EXE 2009-05-22 14:00:17 ----A---- D:\WINDOWS\SkyTel.exe 2009-05-22 14:00:15 ----A---- D:\WINDOWS\RtlUpd.exe 2009-05-22 14:00:14 ----A---- D:\WINDOWS\RTLCPL.EXE 2009-05-22 14:00:12 ----A---- D:\WINDOWS\system32\RtkCoInstXP.dll 2009-05-22 14:00:12 ----A---- D:\WINDOWS\RtkAudioService.exe 2009-05-22 14:00:09 ----A---- D:\WINDOWS\RTHDCPL.EXE 2009-05-22 14:00:07 ----A---- D:\WINDOWS\MicCal.exe 2009-05-22 14:00:03 ----D---- D:\Program Files\Realtek 2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCWZRD.EXE 2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCMTR.EXE 2009-05-22 13:59:55 ----A---- D:\WINDOWS\RtlExUpd.dll 2009-05-22 13:53:51 ----D---- D:\Documents and Settings\All Users\Application Data\ma-config.com 2009-05-17 13:09:48 ----D---- D:\Documents and Settings\All Users\Application Data\Babylon 2009-05-17 13:09:47 ----D---- D:\Documents and Settings\POLO\Application Data\Babylon 2009-05-16 20:48:35 ----D---- D:\Documents and Settings\POLO\Application Data\Serif 2009-05-15 21:34:35 ----A---- D:\WINDOWS\wininit.ini 2009-05-15 13:38:32 ----D---- D:\Documents and Settings\POLO\Application Data\F-Secure 2009-05-15 13:33:37 ----D---- D:\Program Files\Orange 2009-05-15 13:33:14 ----D---- D:\Documents and Settings\All Users\Application Data\fssg 2009-05-15 13:32:25 ----D---- D:\Documents and Settings\All Users\Application Data\f-secure 2009-05-13 18:15:38 ----D---- D:\Documents and Settings\POLO\Application Data\Icons 2009-05-12 19:02:10 ----D---- D:\Program Files\Securitoo 2009-05-12 19:01:30 ----A---- D:\WINDOWS\system32\w32n50.dll 2009-05-12 19:01:20 ----D---- D:\Program Files\OrangeHSS 2009-05-12 18:59:49 ----A---- D:\WINDOWS\system32\atl71.dll  ======List of files/folders modified in the last 1 months======  2009-06-07 01:00:24 ----D---- D:\WINDOWS\Prefetch 2009-06-07 00:52:16 ----D---- D:\Program Files\Mozilla Firefox 2009-06-07 00:50:49 ----D---- D:\WINDOWS\system32\CatRoot2 2009-06-07 00:50:26 ----RD---- D:\Program Files 2009-06-07 00:50:26 ----D---- D:\WINDOWS\system32\drivers 2009-06-07 00:50:26 ----D---- D:\WINDOWS\system32 2009-06-07 00:49:34 ----A---- D:\WINDOWS\SchedLgU.Txt 2009-06-07 00:48:32 ----D---- D:\WINDOWS 2009-06-06 16:44:53 ----HD---- D:\WINDOWS\inf 2009-06-04 02:03:56 ----D---- D:\Documents and Settings\POLO\Application Data\LimeWire 2009-06-03 19:30:54 ----A---- D:\WINDOWS\system.ini 2009-06-03 19:30:10 ----D---- D:\WINDOWS\AppPatch 2009-06-03 19:30:08 ----D---- D:\Program Files\Common Files 2009-06-03 18:53:08 ----SHD---- D:\WINDOWS\Installer 2009-06-03 10:19:03 ----SD---- D:\Documents and Settings\POLO\Application Data\Microsoft 2009-06-03 10:18:57 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft 2009-06-02 17:54:05 ----D---- D:\Documents and Settings 2009-06-01 23:17:20 ----D---- D:\Documents and Settings\All Users\Application Data\Avira 2009-06-01 23:15:24 ----D---- D:\WINDOWS\WinSxS 2009-06-01 21:09:57 ----SD---- D:\WINDOWS\Downloaded Program Files 2009-05-31 14:40:53 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI 2009-05-29 13:16:31 ----D---- D:\WINDOWS\system32\config 2009-05-29 13:16:12 ----D---- D:\WINDOWS\system32\wbem 2009-05-29 13:16:12 ----D---- D:\WINDOWS\Registration 2009-05-28 23:18:54 ----D---- D:\WINDOWS\Debug 2009-05-28 22:09:50 ----A---- D:\WINDOWS\win.ini 2009-05-28 22:04:39 ----D---- D:\Program Files\Internet Explorer 2009-05-28 00:58:08 ----D---- D:\Documents and Settings\POLO\Application Data\dvdcss 2009-05-25 13:29:54 ----D---- D:\WINDOWS\security 2009-05-25 03:05:35 ----D---- D:\WINDOWS\system32\CatRoot 2009-05-25 03:04:30 ----RSHDC---- D:\WINDOWS\system32\dllcache 2009-05-22 21:01:12 ----RSD---- D:\WINDOWS\assembly 2009-05-22 17:49:27 ----D---- D:\Program Files\Windows Media Player 2009-05-22 17:49:16 ----D---- D:\WINDOWS\Help 2009-05-22 17:48:56 ----D---- D:\WINDOWS\RegisteredPackages 2009-05-22 14:16:17 ----D---- D:\Program Files\Messenger Plus! Live 2009-05-22 14:16:16 ----SHDC---- D:\Program Files\Common Files\WindowsLiveInstaller 2009-05-22 14:00:03 ----HD---- D:\Program Files\InstallShield Installation Information 2009-05-18 09:47:05 ----A---- D:\WINDOWS\CDPlayer.ini 2009-05-16 20:47:27 ----RSD---- D:\WINDOWS\Fonts 2009-05-14 23:41:49 ----D---- D:\Program Files\Movie Maker  ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======  R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832] R2 ASCTRM;ASCTRM; D:\WINDOWS\system32\drivers\ASCTRM.sys [2009-04-04 8552] R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 LMIRfsDriver;LogMeIn Remote Driver; D:\WINDOWS\system32\DRIVERS\lmirmdrv.sys [2009-04-04 17776]

crapoulou · Answer

As it has been said and repeated to you enough, you need to uninstall Bitlord: D:\Program Files\BitLord\uninst.exe Restart option 2 of Toolbar S&D to get rid of it! Post the generated report.  *********  Your Windows is hacked: big security flaw. Moreover, you are downloading on P2P: reinfection is almost guaranteed but hey, it's you who has the troubles, not me.  ********  Do you have Antivir and F secure simultaneously on the machine? Uninstall F-Secure, it's less effective.  -- Got a problem? Come to CCM! There's no problem without a solution.

turbulent13 · Answer

Hi So, just for clarification, it’s a colleague who gave me XP to replace Vista, but given the problems it causes, I assure you that if it were possible, I would gladly go back to my real Vista. Otherwise, here’s the toolbar report after removal:  -----------\ ToolBar S&D 1.2.8 XP/Vista   Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2  X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) Processor 3600+ )  BIOS : PhoenixBIOS 4.0 Release 6.1  USER : POLO ( Administrator )  BOOT : Normal boot  Antivirus : AntiVir Desktop 9.0.1.26 (Activated)  C:\ (Local Disk) - NTFS - Total:69 Go (Free:32 Go)  D:\ (Local Disk) - NTFS - Total:34 Go (Free:7 Go)  E:\ (Local Disk) - NTFS - Total:35 Go (Free:32 Go)  F:\ (CD or DVD)   "D:\ToolBar SD" ( LAST UPDATED : 12-21-2008|20:47 )  Option : [2] ( 06/08/2009| 2:03 )   -----------\ REMOVAL   Deleting! - D:\Program Files\BitLord\BitLord.exe  Deleting! - D:\Program Files\BitLord\BitLord.url  Deleting! - D:\Program Files\BitLord\BitLord.xml  Deleting! - D:\Program Files\BitLord\Downloads  Deleting! - D:\Program Files\BitLord\Downloads.xml  Deleting! - D:\Program Files\BitLord\lang  Deleting! - D:\Program Files\BitLord\License.txt  Deleting! - D:\Program Files\BitLordules  Deleting! - D:\Program Files\BitLord\Torrents  Deleting! - D:\Program Files\BitLord\uninst.exe  Deleting! - D:\DOCUME~1\POLO\Desktop\BitLord.lnk  Deleting! - D:\WINDOWS\Prefetch\BITLORD.EXE-27A8448C.pf  Deleting! - D:\WINDOWS\Prefetch\BITLORD_1.01(2).EXE-2BD92A6D.pf  Deleting! - D:\DOCUME~1\POLO\MENUDM~1\PROGRA~1\BitLord  Deleting! - D:\DOCUME~1\POLO\Cookies\polo@bitlord[1].txt  Deleting! - D:\DOCUME~1\POLO\Cookies\polo@bitlord[2].txt  Deleting! - D:\Program Files\BitLord   -----------\ Searching for Files / Folders ...    -----------\ Extensions   (POLO) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar  (POLO) - {7c5c0f58-e061-457d-9033-77307f5ed00c} => torrentman  (POLO) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper    -----------\ [..\Internet Explorer\Main]   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]  "Local Page"="D:\WINDOWS\system32\blank.htm"  "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"  "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"  "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"  "Start Page"="http://www.emule-france.com"   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]  "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"  "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"  "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"  "Local Page"="D:\WINDOWS\system32\blank.htm"  "Start Page"="https://www.msn.com/fr-fr/"  "Search bar"="http://www.bing.com/spresults.aspx"    --------------------\ Searching for other infections    No other infections found!    1 - "D:\ToolBar SD\TB_1.txt" - 06/05/2009|19:31 - Option : [1]  2 - "D:\ToolBar SD\TB_2.txt" - 06/06/2009|13:34 - Option : [2]  3 - "D:\ToolBar SD\TB_3.txt" - 06/08/2009| 2:02 - Option : [1]  4 - "D:\ToolBar SD\TB_4.txt" - 06/08/2009| 2:03 - Option : [2]   -----------\ End of report at 2:03:56.06

crapoulou · Answer

Post a new RSIT report to see where we stand. -- Got a problem? Check out CCM! There's no problem without a solution.

turbulent13 · Answer

voila nouveau rsit, merci  Logfile of random's system information tool 1.06 (written by random/random) Run by POLO at 2009-06-09 00:30:58 Microsoft Windows XP Professional Service Pack 2 System drive D: has 14 GB (41%) free of 35 GB Total RAM: 1791 MB (79% free)  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:31:02, on 09/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal  Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe D:\WINDOWS\system32
vsvc32.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\WgaTray.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Real\RealPlayer\RealPlay.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe E:\RSIT(2).exe D:\Program Files	rend micro\POLO.exe  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emule-france.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan	bTor1.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan	bTor1.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - D:\Program Files\TorrentMan	bTor1.dll O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: &Recherche AOL Toolbar - res://D:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add to AMV Converter... - C:\AMVConverter\grab.html O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\windows\system32
wprovau.dll O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8884.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CB32D5A6-B35C-4DD8-8A18-D5C55C029EC9}: NameServer = 86.64.145.144,84.103.237.144 O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - E:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\maconfservice.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32
vsvc32.exe  -- End of file - 5795 bytes  ======Scheduled tasks folder======  D:\WINDOWS	asks\WGASetup.job  ======Registry dump======  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] TorrentMan Toolbar - D:\Program Files\TorrentMan	bTor1.dll [2009-06-03 2094616]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Assistant Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4982D40A-C53B-4615-B15B-B5B5E98D167C} {7c5c0f58-e061-457d-9033-77307f5ed00c} - TorrentMan Toolbar - D:\Program Files\TorrentMan	bTor1.dll [2009-06-03 2094616]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RealTray"=D:\Program Files\Real\RealPlayer\RealPlay.exe [2009-04-04 26112] "NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664] "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] "msnmsgr"=D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-04-08 496752]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-02-22 72192]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] D:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE /splash []  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] D:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe /CHECKALL /WAITFORSW []  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] D:\WINDOWS\system32\NvCpl.dll [2007-06-25 8433664]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] D:\WINDOWS\RTHDCPL.EXE [2009-04-30 17881088]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] C:\Office10\OSA.EXE [2001-02-13 83360]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^Notification de cadeaux MSN.lnk] D:\DOCUME~1\POLO\APPLIC~1\MICROS~1\NOTIFI~1\lsnfier.exe [2009-04-30 135680]  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^POLO^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk] D:\WINDOWS\BRICOP~1\VISTAI~1\ROCKET~1\ROCKET~1.EXE [2007-03-19 630784]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] D:\WINDOWS\system32\LMIinit.dll [2008-05-19 87352]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] D:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\vsmon]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\Wdf01000.sys]  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutorun"=67108863 "NoDrives"=0  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"=  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\WINDOWS\system32\usmt\migwiz.exe"="D:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:File and Settings Transfer Assistant" "D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "D:\Program Files\BitLord\BitLord.exe""="" "D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule" "D:\Program Files\BitLord\BitLord.exe"="D:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord" "D:\Program Files\ABC\abc.exe"="D:\Program Files\ABC\abc.exe:*:Enabled:abc"  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="D:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" "C:\AOL 9.0a\waol.exe"="C:\AOL 9.0a\waol.exe:*:Enabled:AOL 9.0a"  ======List of files/folders created in the last 1 months======  2009-06-08 13:30:20 ----A---- D:\WINDOWS\system32\d3dx9_36.dll 2009-06-07 01:00:18 ----D---- D:sit 2009-06-06 17:20:12 ----D---- D:\Documents and Settings\POLO\Application Data\.ABC 2009-06-06 17:20:02 ----D---- D:\Program Files\ABC 2009-06-06 16:45:20 ----D---- D:\Documents and Settings\All Users\Application Data\MailFrontier 2009-06-06 16:44:58 ----A---- D:\WINDOWS\system32\SpOrder.dll 2009-06-06 16:43:05 ----D---- D:\WINDOWS\Internet Logs 2009-06-06 14:23:04 ----D---- D:\Documents and Settings\POLO\Application Data\vlc 2009-06-05 20:54:31 ----D---- D:\Program Files\eMule 2009-06-05 19:30:48 ----A---- D:\TB.txt 2009-06-05 19:29:16 ----D---- D:\ToolBar SD 2009-06-04 23:17:12 ----D---- D:\Program Files\CCleaner 2009-06-04 23:05:23 ----A---- D:\TCleaner.txt 2009-06-04 20:33:50 ----SHD---- D:\RECYCLER 2009-06-03 19:32:17 ----D---- D:\WINDOWS	emp 2009-06-03 19:26:39 ----A---- D:\WINDOWS\zip.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWXCACLS.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWSC.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\SWREG.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\sed.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\PEV.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\NIRCMD.exe 2009-06-03 19:26:39 ----A---- D:\WINDOWS\grep.exe 2009-06-03 19:26:33 ----D---- D:\WINDOWS\ERDNT 2009-06-03 11:17:51 ----D---- D:\Program Files\TorrentMan 2009-06-03 10:18:57 ----D---- D:\Program Files\Common Files\ODBC 2009-06-02 21:49:50 ----D---- D:\Documents and Settings\POLO\Application Data\Ableton 2009-06-02 21:49:50 ----D---- D:\Documents and Settings\All Users\Application Data\Ableton 2009-06-02 17:51:43 ----D---- D:\Program Files\Malwarebytes' Anti-Malware 2009-06-01 23:17:20 ----D---- D:\Program Files\Avira 2009-06-01 19:01:51 ----D---- D:\Program Files\Trend Micro 2009-05-31 13:32:35 ----D---- D:\Documents and Settings\POLO\Application Data\Lavasoft 2009-05-29 14:09:03 ----D---- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-05-29 13:21:38 ----D---- D:\Program Files\NT Registry Optimizer 2009-05-28 22:23:17 ----D---- D:\Documents and Settings\POLO\Application Data\Malwarebytes 2009-05-28 22:23:10 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-05-28 22:08:19 ----D---- D:\WINDOWS\pss 2009-05-28 22:00:41 ----D---- D:\Program Files\VS Revo Group 2009-05-25 03:03:55 ----HDC---- D:\WINDOWS\$NtUninstallKB923689$ 2009-05-25 03:00:55 ----HDC---- D:\WINDOWS\$NtUninstallKB936782_WMP10$ 2009-05-22 21:00:45 ----D---- D:\WINDOWS\system32\URTTEMP 2009-05-22 14:00:38 ----D---- D:\WINDOWS\system32\RTCOM 2009-05-22 14:00:17 ----A---- D:\WINDOWS\vncutil.exe 2009-05-22 14:00:17 ----A---- D:\WINDOWS\SOUNDMAN.EXE 2009-05-22 14:00:17 ----A---- D:\WINDOWS\SkyTel.exe 2009-05-22 14:00:15 ----A---- D:\WINDOWS\RtlUpd.exe 2009-05-22 14:00:14 ----A---- D:\WINDOWS\RTLCPL.EXE 2009-05-22 14:00:12 ----A---- D:\WINDOWS\system32\RtkCoInstXP.dll 2009-05-22 14:00:12 ----A---- D:\WINDOWS\RtkAudioService.exe 2009-05-22 14:00:09 ----A---- D:\WINDOWS\RTHDCPL.EXE 2009-05-22 14:00:07 ----A---- D:\WINDOWS\MicCal.exe 2009-05-22 14:00:03 ----D---- D:\Program Files\Realtek 2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCWZRD.EXE 2009-05-22 14:00:03 ----A---- D:\WINDOWS\ALCMTR.EXE 2009-05-22 13:59:55 ----A---- D:\WINDOWS\RtlExUpd.dll 2009-05-22 13:53:51 ----D---- D:\Documents and Settings\All Users\Application Data\ma-config.com 2009-05-17 13:09:48 ----D---- D:\Documents and Settings\All Users\Application Data\Babylon 2009-05-17 13:09:47 ----D---- D:\Documents and Settings\POLO\Application Data\Babylon 2009-05-16 20:48:35 ----D---- D:\Documents and Settings\POLO\Application Data\Serif 2009-05-15 21:34:35 ----A---- D:\WINDOWS\wininit.ini 2009-05-15 13:38:32 ----D---- D:\Documents and Settings\POLO\Application Data\F-Secure 2009-05-15 13:33:37 ----D---- D:\Program Files\Orange 2009-05-15 13:33:14 ----D---- D:\Documents and Settings\All Users\Application Data\fssg 2009-05-15 13:32:25 ----D---- D:\Documents and Settings\All Users\Application Data\f-secure 2009-05-13 18:15:38 ----D---- D:\Documents and Settings\POLO\Application Data\Icons 2009-05-12 19:02:10 ----D---- D:\Program Files\Securitoo 2009-05-12 19:01:30 ----A---- D:\WINDOWS\system32\w32n50.dll 2009-05-12 19:01:20 ----D---- D:\Program Files\OrangeHSS 2009-05-12 18:59:49 ----A---- D:\WINDOWS\system32\atl71.dll  ======List of files/folders modified in the last 1 months======  2009-06-09 00:31:01 ----D---- D:\WINDOWS\Prefetch 2009-06-09 00:27:49 ----D---- D:\Program Files\Mozilla Firefox 2009-06-08 20:43:56 ----D---- D:\WINDOWS\system32\CatRoot2 2009-06-08 16:04:00 ----D---- D:\WINDOWS 2009-06-08 14:25:22 ----A---- D:\WINDOWS\SchedLgU.Txt 2009-06-08 13:30:26 ----SD---- D:\WINDOWS\Downloaded Program Files 2009-06-08 13:30:22 ----D---- D:\WINDOWS\system32 2009-06-08 13:30:21 ----HD---- D:\WINDOWS\inf 2009-06-08 13:30:19 ----D---- D:\WINDOWS\system32\DirectX 2009-06-08 02:03:31 ----RD---- D:\Program Files 2009-06-07 00:50:26 ----D---- D:\WINDOWS\system32\drivers 2009-06-04 02:03:56 ----D---- D:\Documents and Settings\POLO\Application Data\LimeWire 2009-06-03 19:30:54 ----A---- D:\WINDOWS\system.ini 2009-06-03 19:30:10 ----D---- D:\WINDOWS\AppPatch 2009-06-03 19:30:08 ----D---- D:\Program Files\Common Files 2009-06-03 18:53:08 ----SHD---- D:\WINDOWS\Installer 2009-06-03 10:19:03 ----SD---- D:\Documents and Settings\POLO\Application Data\Microsoft 2009-06-03 10:18:57 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft 2009-06-02 17:54:05 ----D---- D:\Documents and Settings 2009-06-01 23:17:20 ----D---- D:\Documents and Settings\All Users\Application Data\Avira 2009-06-01 23:15:24 ----D---- D:\WINDOWS\WinSxS 2009-05-31 14:40:53 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI 2009-05-29 13:16:31 ----D---- D:\WINDOWS\system32\config 2009-05-29 13:16:12 ----D---- D:\WINDOWS\system32\wbem 2009-05-29 13:16:12 ----D---- D:\WINDOWS\Registration 2009-05-28 23:18:54 ----D---- D:\WINDOWS\Debug 2009-05-28 22:09:50 ----A---- D:\WINDOWS\win.ini 2009-05-28 22:04:39 ----D---- D:\Program Files\Internet Explorer 2009-05-28 00:58:08 ----D---- D:\Documents and Settings\POLO\Application Data\dvdcss 2009-05-25 13:29:54 ----D---- D:\WINDOWS\security 2009-05-25 03:05:35 ----D---- D:\WINDOWS\system32\CatRoot 2009-05-25 03:04:30 ----RSHDC---- D:\WINDOWS\system32\dllcache 2009-05-22 21:01:12 ----RSD---- D:\WINDOWS\assembly 2009-05-22 17:49:27 ----D---- D:\Program Files\Windows Media Player 2009-05-22 17:49:16 ----D---- D:\WINDOWS\Help 2009-05-22 17:48:56 ----D---- D:\WINDOWS\RegisteredPackages 2009-05-22 14:16:17 ----D---- D:\Program Files\Messenger Plus! Live 2009-05-22 14:16:16 ----SHDC---- D:\Program Files\Common Files\WindowsLiveInstaller 2009-05-22 14:00:03 ----HD---- D:\Program Files\InstallShield Installation Information 2009-05-18 09:47:05 ----A---- D:\WINDOWS\CDPlayer.ini 2009-05-16 20:47:27 ----RSD---- D:\WINDOWS\Fonts 2009-05-14 23:41:49 ----D---- D:\Program Files\Movie Maker  ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======  R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832] R2 ASCTRM;ASCTRM; D:\WINDOWS\system32\drivers\ASCTRM.sys [2009-04-04 8552] R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\D:\WINDOWS\system32\drivers\LMIRfsDriver.sys [] R2 mdmxsdk;mdmxsdk; D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-05-17 12672] R2 NwlnkIpx;Ipx Protocol; D:\WINDOWS\system32\DRIVERS\NwlnkIpx.sys [2004-08-04 8792]

crapoulou · Answer

Please run a full scan with Antivir and post the report, please... -- Do you have a problem? Head over to CCM! There is no problem without a solution.

turbulent13 · Answer

Good evening, here is the Avira report; apparently, it found one or more viruses, and I had it repaired. It seems to have worked. Avira AntiVir Personal Report file creation date: Tuesday, June 9, 2009, 8:47 PM The scan covers 1,459,945 virus strains. License holder: Avira AntiVir Personal - FREE Antivirus Serial number: 0000149996-ADJIE-0000001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Started normally Identifier: SYSTEM Computer name: PAULO Version information: BUILD.DAT: 9.0.0.65 17959 Bytes 04/22/2009 12:06:00 AVSCAN.EXE: 9.0.3.6 466689 Bytes 04/21/2009 12:20:54 AVSCAN.DLL: 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL: 9.0.3.2 209665 Bytes 02/20/2009 10:35:11 LUKERES.DLL: 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 ANTIVIR0.VDF: 7.1.0.0 15603712 Bytes 10/27/2008 11:30:36 ANTIVIR1.VDF: 7.1.2.12 3336192 Bytes 02/11/2009 07:33:26 ANTIVIR2.VDF: 7.1.4.38 2692096 Bytes 05/29/2009 09:18:02 ANTIVIR3.VDF: 7.1.4.71 287232 Bytes 06/08/2009 10:44:26 Engine version: 8.2.0.180 AEVDF.DLL: 8.1.1.1 106868 Bytes 06/02/2009 09:18:08 AESCRIPT.DLL: 8.1.2.0 389497 Bytes 06/02/2009 09:18:08 AESCN.DLL: 8.1.2.3 127347 Bytes 06/02/2009 09:18:07 AERDL.DLL: 8.1.1.3 438645 Bytes 10/29/2008 05:24:41 AEPACK.DLL: 8.1.3.18 401783 Bytes 06/02/2009 09:18:07 AEOFFICE.DLL: 8.1.0.36 196987 Bytes 02/26/2009 07:01:56 AEHEUR.DLL: 8.1.0.129 1761655 Bytes 06/02/2009 09:18:06 AEHELP.DLL: 8.1.2.2 119158 Bytes 02/26/2009 07:01:56 AEGEN.DLL: 8.1.1.44 348532 Bytes 06/02/2009 09:18:04 AEEMU.DLL: 8.1.0.9 393588 Bytes 10/09/2008 01:32:40 AECORE.DLL: 8.1.6.12 180599 Bytes 06/02/2009 09:18:03 AEBB.DLL: 8.1.0.3 53618 Bytes 10/09/2008 01:32:40 AVWINLL.DLL: 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL: 9.0.0.1 43777 Bytes 12/03/2008 10:39:26 AVREP.DLL: 8.0.0.3 155905 Bytes 01/20/2009 01:34:28 AVREG.DLL: 9.0.0.0 36609 Bytes 11/07/2008 02:24:42 AVARKT.DLL: 9.0.0.3 292609 Bytes 03/24/2009 02:05:22 AVEVTLOG.DLL: 9.0.0.7 167169 Bytes 01/30/2009 09:36:37 SQLITE3.DLL: 3.6.1.0 326401 Bytes 01/28/2009 02:03:49 SMTPLIB.DLL: 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL: 9.0.0.0 11521 Bytes 11/07/2008 02:40:59 RCIMAGE.DLL: 9.0.0.21 2438401 Bytes 02/17/2009 12:49:32 RCTEXT.DLL: 9.0.37.0 88321 Bytes 04/15/2009 09:07:05 Configuration for the current scan: Task name...............................: Full system scan Configuration file......................: d:\program files\avira\antivir desktop\sysscan.avp Documentation.................................: low Primary action.............................: interactive Secondary action.............................: ignore Scan master boot sectors..: on Scan boot sectors.........: on Boot sectors...........................: C:, D:, E:, Scan active programs..........: on Scanning registry.......: on Rootkit detection.........................: on System file integrity check......: off File search mode.....................: All files Search in archives....................: on Limit recursion depth..........: 20 Smart Archive Extensions......................: on Macrovirus heuristics.....................: on File heuristics...........................: medium Scan start: Tuesday, June 9, 2009 8:47 PM The search for hidden objects begins. An instance of the ARK library is already running. The search for started processes begins: Process scan 'avscan.exe' - '1' module(s) are being checked Process scan 'avscan.exe' - '1' module(s) are being checked Process scan 'avcenter.exe' - '1' module(s) are being checked Process scan 'firefox.exe' - '1' module(s) are being checked Process scan 'msnmsgr.exe' - '1' module(s) are being checked Process scan 'ctfmon.exe' - '1' module(s) are being checked Process scan 'avgnt.exe' - '1' module(s) are being checked Process scan 'realplay.exe' - '1' module(s) are being checked Process scan 'explorer.exe' - '1' module(s) are being checked Process scan 'WgaTray.exe' - '1' module(s) are being checked Process scan 'alg.exe' - '1' module(s) are being checked Process scan 'wdfmgr.exe' - '1' module(s) are being checked Process scan 'svchost.exe' - '1' module(s) are being checked Process scan 'nvsvc32.exe' - '1' module(s) are being checked Process scan 'AOLacsd.exe' - '1' module(s) are being checked Process scan 'avguard.exe' - '1' module(s) are being checked Process scan 'ACService.exe' - '1' module(s) are being checked Process scan 'svchost.exe' - '1' module(s) are being checked Process scan 'sched.exe' - '1' module(s) are being checked Process scan 'spoolsv.exe' - '1' module(s) are being checked Process scan 'svchost.exe' - '1' module(s) are being checked Process scan 'svchost.exe' - '1' module(s) are being checked Process scan 'svchost.exe' - '1' module(s) are being checked Process scan 'svchost.exe' - '1' module(s) are being checked Process scan 'svchost.exe' - '1' module(s) are being checked Process scan 'svchost.exe' - '1' module(s) are being checked Process scan 'lsass.exe' - '1' module(s) are being checked Process scan 'services.exe' - '1' module(s) are being checked Process scan 'winlogon.exe' - '1' module(s) are being checked Process scan 'csrss.exe' - '1' module(s) are being checked Process scan 'smss.exe' - '1' module(s) are being checked '31' processes have been checked with '31' modules The search for master boot sectors begins: Master boot sector HD0 [INFO] No virus found! The search for boot sectors begins: Boot sector 'C:\' [INFO] No virus found! Boot sector 'D:\' [INFO] No virus found! Boot sector 'E:\' [INFO] No virus found! The search for executable file references (registry) begins: The registry has been checked ( '50' files). The search for selected files begins: Search beginning in 'C:\' Search beginning in 'D:\' D:\pagefile.sys [WARNING] Unable to open the file! [NOTE] This file is a Windows system file. [NOTE] It is correct that this file cannot be opened for the scan. D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158647.exe [RESULT] Contains Trojan TR/Trash.Gen D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158650.DLL [RESULT] Contains Trojan TR/Trash.Gen D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158656.DLL [RESULT] Contains Trojan TR/Trash.Gen D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158661.dll [RESULT] Contains Trojan TR/Trash.Gen D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158664.EXE [RESULT] Contains Trojan TR/Trash.Gen D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158672.EXE [RESULT] Contains Trojan TR/Trash.Gen Search beginning in 'E:\' E:\WDM_R223.exe.part [0] Archive type: CAB SFX (self extracting) --> \data1.cab [WARNING] No other file could be decompressed from this archive. The archive is closed. [WARNING] No other file could be decompressed from this archive. The archive is closed. Start of disinfection: D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158647.exe [RESULT] Contains Trojan TR/Trash.Gen [NOTE] The file has been moved to the quarantine directory under the name '4a5fb7bc.qua'! D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158650.DLL [RESULT] Contains Trojan TR/Trash.Gen [NOTE] The file has been moved to the quarantine directory under the name '4bd4293d.qua'! D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158656.DLL [RESULT] Contains Trojan TR/Trash.Gen [NOTE] The file has been moved to the quarantine directory under the name '4bd9c025.qua'! D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158661.dll [RESULT] Contains Trojan TR/Trash.Gen [NOTE] The file has been moved to the quarantine directory under the name '4bd73095.qua'! D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158664.EXE [RESULT] Contains Trojan TR/Trash.Gen [NOTE] The file has been moved to the quarantine directory under the name '4bd6394d.qua'! D:\System Volume Information\_restore{64BD409B-71B8-4529-9E0E-682A29E94023}\RP231\A0158672.EXE [RESULT] Contains Trojan TR/Trash.Gen [NOTE] The file has been moved to the quarantine directory under the name '4bd52105.qua'! End of scan: Tuesday, June 9, 2009 9:27 PM Time taken: 22:29 Minute(s) The scan was performed in its entirety 5533 Directories were checked 149035 Files were checked 6 Viruses or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses or unwanted programs were repaired 6 Files were moved to quarantine 0 Files were renamed 1 Unable to check files 149028 Uninfected files 1243 Archives were checked 3 Warnings 7 Notes

crapoulou · Answer

Clear the Antivir quarantine. How's the PC? -- Do you have a problem? Check out CCM! There is no problem without a solution.

turbulent13 · Answer

Hi So to start off, I'm sorry for not getting back to you sooner, but usually when I get a message on CCM, I receive an email, which wasn't the case with your last message.   Anyway, I was actually going to ask you where we stood?  As of today the PC is working very well except for this downloading issue (I can download, but it’s ridiculous, like out of 20 downloads, I only manage to get one or two going, the others stay stuck at zero). Still, aside from this problem, everything seems fine. A huge THANK YOU to Darkpoet and to you, crapoulou, for all of this; fortunately, there are people like you who care about others...

crapoulou · Answer

Relaunch Hijackthis. Here: D:\Program Files rend micro\POLO.exe Click on "Do a system scan only". Check these lines: O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') Then click on fix checked. Close Hijackthis. *********** To remove all traces of the software used to address specific infections: Download toolscleaner to your Desktop = = = =>>> Click here <<<= = = = * Double-click on ToolsCleaner2.exe and let it work * Click on Search and let the scan finish. * Click on Delete to finalize. * You can, if you wish, use the Optional options. * Click on Quit so that the report can be generated. *********** You can keep Malwarebytes anti-malware as anti-malware; it is very effective. (Even if it doesn’t solve all problems, of course...!) However, it doesn’t have a resident scan in free mode! So, to use it, you need to launch it, perform updates, and do a full scan afterward. ********** * Download Ccleaner Slim: = = = = >>> Click here <<< = = = = * Install it. * Choose the Cleaner tab Exit your Internet browser before running it, uncheck the last box (Advanced if checked) then click on "run the cleaner" when it finishes scanning, click on the bottom right on "run the cleaner" and accept with yes. Be careful, it may empty your recycle bin: if you want to recover files accidentally deleted, it's better to do it now. * Choose the Registry tab - Click on Search for issues - Once the search is complete, click on Fix selected issues (by default, everything is selected, leave it as is) - When prompted Do you want to backup changes made to the registry, respond Yes and save the file in “.reg” format naming it by the date, for example, placing it on the desktop. Then continue. - In the window that opens next, click on Fix all selected issues then OK - Repeat until no issues appear (or only one recurring). - Close Ccleaner. * Image tutorial HERE if needed. Note: The backup allows you to restore the registry to its state before the manipulation in case there are issues, but this has never happened to me! It's better to take precautions, that’s all. ;-) -- Do you have a problem? Visit CCM! There's no problem without a solution.

turbulent13 · Answer

It's done, thank you again for everything. For the download, do you know what I can do?

crapoulou · Answer

I don't know, sorry. Delete toolscleaner. A+. -- Do you have a problem? Check out CCM! There's no problem without a solution.

HELP infected computer

57 réponses

How to get the character µ on the android keyboard.

Texture issues in enshrouded

Access issue to my "contact me" profile

Windows spotlight is not working.

My tv turns off and then on again repeatedly?

Executable from a python file

Pay in 4 installments cdiscount

The alt gr key is not working on my keyboard.

Code 80072efe how to get windows update working again

Video in ".3gp" format