Detection of Win32.Malware.gen virus

Solved
Frya -  
 Anonymous user -
Hello,

I've been getting a virus detected by my AVAST! antivirus called WIN32:Malware-gen found in iexplorer.exe for about two days now.

Honestly, I've had people tell me that this virus is dangerous. I've reformatted my computer twice already and it's 5 years old, poor thing. Especially the thought of losing all my data.

I've seen that I'm not the only one experiencing this kind of issue, so I created my own message to avoid duplicates on the old ones.

I hope you can help me.

Have a good evening.
Configuration: Windows XP Firefox 3.0.16

20 answers

  1. Anonymous user
     
    All viruses are dangerous. For your information, a simple format does not remove all viruses; some, like VIRUT, resist it. So do not decide to format before discussing it with us.
    To learn more about your infection, download RSIT (from random/random) to your desktop here:
    http://images.malwareremoval.com/random/RSIT.exe

    - Double click on RSIT.exe on your desktop
    - Click on Continue in the window
    - RSIT will download HijackThis if it's not present or detected, so you will need to accept the license
    - Post the contents of the two reports, log.txt and info.txt (minimized in the taskbar) at the end of the analysis

    The reports are in the folder here C:\rsit
    0
    1. Frya
       
      Thank you for this quick response.

      Here are the copied texts.

      The log:

      Microsoft Windows XP Home Edition Service Pack 3
      System drive C: has 35 GB (44%) free of 78 GB
      Total RAM: 447 MB (26% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:23:16, on 01/02/2010
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.exe
      C:\WINDOWS\iexplore.exe
      C:\Program Files\VIA\RAID\raid_tool.exe
      C:\WINDOWS\system32\VTtrayp.exe
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\BboxUpdate\BTLiveUpdate.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\VPro620.exe
      C:\Program Files\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\LORENZATI\Desktop\RSIT.exe
      C:\Program Files\trend micro\LORENZATI.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/en-us/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bouyguestelecom.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/en-us/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/en-us/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
      F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\iexplore.exe -start
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
      O2 - BHO: Windows Live Sign-in Assistant Help Program - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
      O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
      O4 - HKLM\..\Run: [BboxUpdate] C:\Program Files\BboxUpdate\BTLiveUpdate.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: VPro620.lnk = C:\WINDOWS\VPro620.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: Easy-WebPrint Add to Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      O8 - Extra context menu item: Easy-WebPrint Quick Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      O9 - Extra button: Direct Add - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Direct Add in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

      --
      End of file - 9069 bytes

      ======Scheduled tasks folder======

      C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      C:\WINDOWS\tasks\User_Feed_Synchronization-{D74FC634-DF4E-4886-ACC5-00795F14FD45}.job

      ======Registry dump======

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
      Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
      Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
      Windows Live Sign-in Assistant Help Program - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
      Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-20 263280]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
      Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
      Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
      JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
      {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-20 263280]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
      "RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2005-04-27 589824]
      "VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-03-12 147456]
      "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]
      "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-03-26 794624]
      "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
      "Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
      "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
      "WireLessKeyboard"=C:\Program Files\Trust\Trust Keyboard 15036\StartAutorun.exe [2005-11-30 94208]
      "BboxUpdate"=C:\Program Files\BboxUpdate\BTLiveUpdate.exe [2008-08-06 103936]
      "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
      "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
      "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
      "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-21 68856]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
      C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe []

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WinUpdate]
      C:\WINDOWS\system32\msupdte.exe [2009-01-23 12633]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
      C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-21 68856]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
      C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]

      C:\Documents and Settings\All Users\Start Menu\Programs\Startup
      VPro620.lnk - C:\WINDOWS\VPro620.exe

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "dontdisplaylastusername"=0
      "legalnoticecaption"=
      "legalnoticetext"=
      "shutdownwithoutlogon"=1
      "undockwithoutlogon"=1

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "NoDriveTypeAutoRun"=0

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
      "HonorAutoRunSetting"=

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
      "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
      "C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC Application Sharing"
      "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
      "C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
      "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary"
      "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
      "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
      "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
      "D:\eSKernel.exe"="D:\eSKernel.exe:*:Enabled:Bbox installation assistance"
      "C:\Program Files\Bbox\eSKernel.exe"="C:\Program Files\Bbox\eSKernel.exe:*:Enabled:Bbox installation assistance"
      "C:\Program Files\BboxUpdate\BTLiveUpdate.exe"="C:\Program Files\BboxUpdate\BTLiveUpdate.exe:*:Enabled:Bbox - Bouygues Telecom - Update utility"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3946402-6b82-11dd-bad0-0013d456a52e}]
      shell\AutoRun\command - .\Recycled\Driveinfo.exe
      shell\Open\command - .\Recycled\Driveinfo.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3946403-6b82-11dd-bad0-0013d456a52e}]
      shell\AutoRun\command - .\Recycled\Driveinfo.exe
      shell\Open\command - .\Recycled\Driveinfo.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3946404-6b82-11dd-bad0-0013d456a52e}]
      shell\AutoRun\command - .\Recycled\Driveinfo.exe
      shell\Open\command - .\Recycled\Driveinfo.exe


      ======List of files/folders created in the last 1 months======

      2010-02-01 19:17:03 ----D---- C:\Program Files\trend micro
      2010-02-01 19:16:58 ----D---- C:\rsit
      2010-01-25 11:33:53 ----D---- C:\gPotato.eu
      2010-01-15 13:26:16 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
      2010-01-13 21:39:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

      ======List of files/folders modified in the last 1 months======

      2010-02-01 19:17:06 ----D---- C:\WINDOWS\Prefetch
      2010-02-01 19:17:03 ----RD---- C:\Program Files
      2010-02-01 17:46:37 ----D---- C:\Program Files\Mozilla Firefox
      2010-02-01 17:38:40 ----D---- C:\WINDOWS\Temp
      2010-02-01 17:34:57 ----D---- C:\WINDOWS
      2010-02-01 17:34:57 ----A---- C:\WINDOWS\log56.txt
      2010-01-31 20:48:54 ----A---- C:\WINDOWS\SchedLgU.Txt
      2010-01-31 20:48:52 ----D---- C:\WINDOWS\system32\CatRoot2
      2010-01-31 18:56:36 ----D---- C:\WINDOWS\system32\drivers
      2010-01-25 11:10:59 ----D---- C:\Documents and Settings\LORENZATI\Application Data\Azureus
      2010-01-25 10:34:07 ----D---- C:\Program Files\Azureus
      2010-01-23 09:57:49 ----D---- C:\WINDOWS\system32
      2010-01-23 09:10:29 ----HD---- C:\WINDOWS\inf
      2010-01-23 09:09:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
      2010-01-23 09:09:13 ----D---- C:\Program Files\Internet Explorer
      2010-01-23 09:07:40 ----D---- C:\WINDOWS\ie8updates
      2010-01-23 09:05:19 ----HD---- C:\WINDOWS\$hf_mig$
      2010-01-22 12:56:02 ----D---- C:\Program Files\Microsoft Silverlight
      2010-01-21 16:32:49 ----SHD---- C:\WINDOWS\Installer
      2010-01-20 17:35:27 ----D---- C:\Program Files\Windows Live Safety Center
      2010-01-15 13:26:30 ----A---- C:\WINDOWS\imsins.BAK
      2010-01-14 16:38:25 ----D---- C:\WINDOWS\AppPatch
      2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

      ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

      R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
      R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38912]
      R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
      R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
      R1 kbdhid;HID Keyboard Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
      R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\system32\drivers\SSHDRV85.sys []
      R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
      R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
      R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-08 116176]
      R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
      R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-07-23 42496]
      R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
      R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
      R3 mouhid;HID Mouse Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12288]
      R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
      R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-27 381056]
      R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-07 266880]
      R3 SPC620;Philips SPC620NC PC Camera; C:\WINDOWS\system32\drivers\SPC620.sys [2007-09-28 484352]
      0
  2. Anonymous user
     
    Scan with this antispyware:
    Malwarebytes + tutorial

    Install it; update it...(update tab)
    Now click on the scan tab and check the box:
    "Run a full scan".
    Then click on "scan".
    Let it scan the PC...
    At the end of the scan, click on Show results
    If any items were found:
    > click on remove selected. If it's asked to restart > click on "yes".
    At the end, a report will open;
    save it in a way that you can find it to post it on the forum.
    Please copy and paste the report.

    See you later
    0
    1. Frya
       
      Thank you for Malwarebytes.

      But now I have a problem. I have Avast! which is giving me a warning about the virus and is blocking access to Malwarebytes. Which option should I choose?

      - Move/Rename

      - Delete

      - Repair

      - Quarantine

      or the last option:

      - Do nothing.

      Thank you.
      0
  3. Anonymous user
     
    Put in quarantine OR if it can't, delete it.

    And during the scan, do not touch the PC.
    0
    1. Frya
       
      Here is the analysis report:

      Malwarebytes' Anti-Malware 1.44
      Database version: 3673
      Windows 5.1.2600 Service Pack 3
      Internet Explorer 8.0.6001.18702

      01/02/2010 21:14:55
      mbam-log-2010-02-01 (21-14-40).txt

      Scan type: Full scan (C:\|)
      Items scanned: 188427
      Elapsed time: 1 hour(s), 37 minute(s), 43 second(s)

      Infected memory process(es): 0
      Infected memory module(s): 0
      Infected Registry key(s): 0
      Infected Registry value(s): 0
      Infected Registry data item(s): 0
      Infected folder(s): 0
      Infected file(s): 2

      Infected memory process(es):
      (No harmful items detected)

      Infected memory module(s):
      (No harmful items detected)

      Infected Registry key(s):
      (No harmful items detected)

      Infected Registry value(s):
      (No harmful items detected)

      Infected Registry data item(s):
      (No harmful items detected)

      Infected folder(s):
      (No harmful items detected)

      Infected file(s):
      C:\WINDOWS\system32\msupdte.exe (Backdoor.Bot) -> No action taken.
      C:\Documents and Settings\LORENZATI\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (Trojan.Agent) -> No action taken.
      0
  4. Anonymous user
     
    ▶ Download Dr.Web CureIt! to your Desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    ▶ Double-click on drweb-cureit.exe and click on Start scan.
    ▶ This quick scan analyzes the processes loaded in memory; if it finds infected processes, click Yes to All at the prompt.
    ▶ When the quick scan is finished, click Options > Change configuration.
    ▶ Select the Scanner tab, and uncheck Heuristic analysis.
    ▶ Back in the main window: choose Full analysis.
    ▶ Click the green arrow on the right and the scan will begin. An advertisement may appear sometimes, close it.
    ▶ Click Yes to All if a file is detected.
    ▶ At the end of the scan, if infections are found, click Select All, then click Disinfect. If disinfection is impossible, click Quarantine.
    ▶ In the main menu of the tool, at the top left, click on the File menu and choose Save report.
    ▶ Save the report to your Desktop. It will be named DrWeb.csv.
    ▶ Close Dr.Web CureIt!
    ▶ Restart your computer (very important) because some files may be moved/fixed upon restart.
    ▶ Post (Copy/Paste) the content of the Dr.Web tool report into a notepad.

    Then:

    ▶ Go to this free hosting address: http://www.cijoint.fr/
    ▶ Click on browse, find the DrWeb.txt report then click here to upload the file.
    ▶ Once the link is created, right-click on it and copy the link address to paste it into your response.
    0
    1. Frya
       
      Just another little problem :s it seems I keep collecting them... During the quick scan, I get an error message:

      dwwin.exe - Entry point not found

      The procedure entry point [gibberish then coded] could not be located in the dynamic link library GDI32.dll

      No matter how many times I click ok, the window keeps coming back.
      0
      1. Frya > Frya
         
        Well, the window finally closed, but the software crashed.
        0
  5. Anonymous user
     
    Let’s forget about this scan; Avast always issues alerts about other problems besides that?
    • Download USBFIX
    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe­­

    <bold> (!) Connect your external data sources to your PC (USB flash drive, external hard drive, etc.) that may have been infected without opening them

    • Double click on the UsbFix shortcut on your desktop.

    • In the main menu, choose option " F " for French and hit [enter].

    • In the second menu, choose option " 2 " (deletion) and hit [enter]

    • Let the tool work.

    • Then post the UsbFix.txt report that will appear.

    • Note: The UsbFix.txt report is saved at the root of the disk. ( C:\UsbFix.txt )

    ( CTRL+A to select all, CTRL+C to copy and CTRL+V to paste )

    • Note: "Process.exe", a component of the tool, is detected by some antivirus software (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
    It is not a virus, but a utility designed to terminate processes.
    In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.

    Sorry for the inconvenience!
    0
    1. Frya
       
      Thank you very much. It's done except that Internet Explorer, which opens by default, blocked my access to send the file and I saw another link here on this forum to send it to Chiquitines, I hope I didn't make any mistakes :s

      Otherwise, Avast! hasn't reappeared since the malwarebytes scan. On one hand, I had the warning that twice during the day, compared to this weekend.

      Anyway, I'm going to bed, tomorrow is a long day and I won't be able to connect. So I will only be able to see the responses to this topic by Wednesday late afternoon.

      Thank you for everything and especially for dedicating your precious time ^^

      On that note, have a good evening. I will be there Wednesday at 5 p.m. without fail.
      0
  6. Anonymous user
     
    Did you do the scan? If so, post the report!
    0
    1. Frya
       
      I'm sorry, but I can't assist with that.
      0
  7. Anonymous user
     
    1- ! Disconnect from the internet and close all running applications!

    Imperative:
    Connect all your external units to your PC (USB key, external hard drive, flash disk, MP3 player, SD card, etc...) that may have been infected (but do not open them!).

    # Double-click on UsbFix.exe on your desktop to launch the tool.

    # This time, choose option 2 (Removal).

    > Your desktop will disappear and the PC will restart (that's normal).

    # Upon restarting, UsbFix will scan your PC, let the tool work and do not touch anything.

    # Once finished, post the new UsbFix.txt report that will appear with the desktop.

    (The report is also saved at the root of the master disk > C:\UsbFix.txt).

    /!\ If the desktop does not reappear, press Ctrl + Alt + Delete to open the Task Manager > Tab "File", "New Task", type explorer.exe and confirm) /!\
    0
    1. Frya
       
      Thank you, here is the new UsbFix report:


      ############################## | UsbFix V6.084 |

      User: LORENZATI (Administrators) # LORENZATI150919
      Update on 01/02/2010 by El Desaparecido, C_XX & Chimay8
      Start at: 19:50:02 | 02/02/2010
      Website: http://pagesperso-orange.fr/NosTools/index.html
      Contact: FindyKill.Contact@gmail.com

      AMD Sempron(tm) Processor 2600+
      Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
      Internet Explorer 8.0.6001.18702
      Windows Firewall Status: Enabled
      AV: avast! antivirus 4.8.1368 [VPS 100202-0] 4.8.1368 [ Enabled | Updated ]

      A:\ -> 3.5-inch Floppy Drive
      C:\ -> Local Fixed Drive # 76.33 GB (34.09 GB free) # NTFS
      D:\ -> CD-ROM Drive
      E:\ -> Removable Drive # 7.47 GB (2.83 GB free) [MALLAURY1] # FAT32
      F:\ -> Removable Drive # 7.45 GB (721.88 MB free) [MALLAURY] # FAT32

      ############################## | Active Processes |

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## | Infectious Elements |

      Deleted! C:\Recycler\S-1-5-21-1409082233-515967899-1417001333-1004

      ################## | Registry |


      ################## | Mountpoints2 |


      ################## | Listing of Present Files |

      [13/08/2008 17:11|--a------|0] C:\AUTOEXEC.BAT
      [20/09/2009 14:33|---hs----|216] C:\boot.ini
      [14/04/2008 13:00|-rahs----|4952] C:\Bootfont.bin
      [13/08/2008 17:11|--a------|0] C:\CONFIG.SYS
      [13/08/2008 17:11|-rahs----|0] C:\IO.SYS
      [13/08/2008 17:11|-rahs----|0] C:\MSDOS.SYS
      [14/04/2008 13:00|-rahs----|47564] C:\NTDETECT.COM
      [14/04/2008 13:00|-rahs----|252240] C:\ntldr
      [?|?|?] C:\pagefile.sys
      [04/01/2009 12:24|--a------|156061] C:\playground.log
      [02/02/2010 19:54|--a------|2627] C:\UsbFix.txt
      [01/02/2010 22:40|--a------|562753] C:\UsbFix_Upload_Me_LORENZATI150919.zip
      [06/07/2008 18:16|--a------|257755136] F:\sensitive_pornograph_vosta_nocens.avi

      ################## | Vaccination |

      # C:\autorun.inf -> Folder created by UsbFix.
      # E:\autorun.inf -> Folder created by UsbFix.
      # F:\autorun.inf -> Folder created by UsbFix.

      ################## | Upload |

      Please send the file: C:\UsbFix_Upload_Me_LORENZATI150919.zip : https://www.ionos.fr/?affiliate_id=77097
      Thank you for your contribution.

      ################## | ! End of report # UsbFix V6.084 ! |
      0
  8. Anonymous user
     
    we continue then :

    1- If you haven't already done so, go to this page:
    > https://www.ionos.fr/?affiliate_id=77097

    * click on "browse" and navigate to the file UsbFix_Upload_Me_CELINE.zip that is on your desktop.

    * then click on "send file" ... wait for the transfer to complete ...

    * Once finished, you can delete the file UsbFix_Upload_Me_CELINE.zip

    thank you for making this report which will allow the authors of the tool to work on this type of infection and help UsbFix become more and more effective ... ^^

    2- Download Ad-remover (from C_XX) to your desktop:

    here http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
    or here https://www.androidworld.fr/

    ! Disconnect and close all running applications (including your browser)!

    • Double-click on Ad-remover.exe on your desktop to launch the tool.

    • In the main menu, choose the option "S" and press [enter].

    • the scan starts, let the tool run and don’t touch anything ...

    /!\ the tool may appear to have frozen and nothing seems to be happening, but that's not the case! (the scan is very discreet and quite long, so be patient ...)

    --> Post the report that appears at the end in your next message for analysis ...

    ( The report is also saved under C:\Ad-report-SCAN.log )
    ( CTRL+A to select all, CTRL+C to copy and CTRL+V to paste )

    Note: "Process.exe," a component of the tool, is detected by certain antivirus programs:
    (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
    It is not a virus but a utility designed to terminate processes.
    In the wrong hands, this utility could stop security software (Antivirus, Firewall...) which is why these antivirus programs issue an alert.

    Image help (Installation): http://pagesperso-orange.fr/NosTools/tuto_ad_r1.html
    Image help (Search): http://pagesperso-orange.fr/NosTools/tuto_ad_r2.html
    0
    1. Frya
       
      Thank you. Here is the Ad-Report:

      .
      ======= AD-REMOVER REPORT 1.1.4.6_J | WINDOWS XP/VISTA/7 ONLY =======
      .
      Updated by C_XX on 29.01.2010 at 16:43
      Contact: AdRemover.contact@gmail.com
      Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
      .
      Launched at: 20:11:36, 02/02/2010 | Normal Mode | Option: SCAN
      Executed from: C:\Ad-Remover\
      Operating System: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
      PC Name: LORENZATI150919 | Current User: LORENZATI
      .
      ============== ELEMENT(S) FOUND ==============
      .

      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
      .
      HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
      HKLM\software\Trymedia Systems
      .
      ============== Additional Scan ==============
      .
      .
      * Mozilla FireFox Version 3.0.16 [en] *
      .
      Profile name: e7uq0sne.default (LORENZATI)
      .
      (LORENZ~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\LORENZATI\Desktop
      (LORENZ~1, prefs.js) Browser.startup.homepage, hxxp://www.bbox.bouyguestelecom.fr/pid10/mon-portail.html
      (LORENZ~1, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.16
      .
      .
      * Internet Explorer Version 8.0.6001.18702 *
      .
      [HKEY_CURRENT_USER\..\Internet Explorer\Main]
      .
      Do404Search: 01000000
      Local Page: C:\WINDOWS\system32\blank.htm
      Show_ToolBar: yes
      Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Search Page: hxxp://www.google.com
      Use Search Asst: no
      Enable Browser Extensions: yes
      Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
      Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
      Start Page Redirect Cache_TIMESTAMP: 262e36ce85bac901
      Start Page Redirect Cache AcceptLangs: en
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
      .
      Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
      Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Delete_Temp_Files_On_Exit: yes
      Local Page: C:\WINDOWS\system32\blank.htm
      Start Page: hxxp://fr.msn.com/
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
      .
      Tabs: res://ieframe.dll/tabswelcome.htm
      .
      ============== Suspect (Cracks, Serials, ...) ==============
      .
      C:\Documents and Settings\LORENZATI\Application Data\Azureus\torrents\SpinTop Games - Mystery P.I. - The New York Fortune + Adnan_Boy 2008 + Precracked.torrent
      C:\Documents and Settings\LORENZATI\My Documents\Azureus Downloads\SpinTop Games - Mystery P.I. - The New York Fortune + Adnan_Boy 2008 + Precracked\Mystery P.I. - The New York Fortune.exe
      C:\Documents and Settings\LORENZATI\My Documents\programs and installations\Keygen Nero 8.0.3\KeyGen.exe
      C:\Documents and Settings\LORENZATI\My Documents\Torrents\The_Nightshift_Code_Precracked.torrent
      .
      ===================================
      .
      2975 Byte(s) - C:\Ad-Report-SCAN[1].log
      .
      3036 File(s) - C:\DOCUME~1\LORENZ~1\LOCALS~1\Temp
      79 File(s) - C:\WINDOWS\Temp
      129 File(s) - C:\WINDOWS\Prefetch
      .
      2 File(s) - C:\Ad-Remover\BACKUP
      0 File(s) - C:\Ad-Remover\QUARANTINE
      .
      End at: 20:15:12 | 02/02/2010 - SCAN[1]
      .
      ============== E.O.F ==============
      .
      0
  9. Anonymous user
     
    Remove all your cracks, they are sources of infection. You complain about being infected and having to format, yet you do everything to get infected by a virus!!

    How is your PC?

    The next steps:

    1- ! Disconnect and close all running applications (including the browser)!

    • Double click on Ad-remover.exe on your desktop to launch the tool.

    • In the main menu, choose this time option "L" and press [enter].

    • The cleaning starts > Let the tool work and don’t touch anything!...

    /!\ the tool may seem like it has crashed and that nothing is happening, but that’s not the case! (the scan is very discreet and quite long, so be patient...)

    --> Post the report that appears at the end in your next response for analysis...

    (The report is also saved under C:\Ad-Report-CLEAN.log)
    (CTRL+A to select all, CTRL+C to copy and CTRL+V to paste)
    0
    1. Frya
       
      I deleted all the cracks, but apparently one persists, even though I emptied the trash.

      Otherwise, my PC itself was not lagging at all. In fact, the Avast! warning about malware-gen appeared when I opened my MMORPG. When the game fully opened and I could play, I received the warning. I haven't tried again since, but I can do so just in case.

      Here is report number 2:

      .
      ======= AD-REMOVER REPORT 1.1.4.6_J | WINDOWS XP/VISTA/7 ONLY =======
      .
      Updated by C_XX on 29.01.2010 at 16:43
      Contact: AdRemover.contact@gmail.com
      Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
      .
      Run at: 20:24:09, 02/02/2010 | Normal Mode | Option: SCAN
      Executed from: C:\Ad-Remover\
      Operating System: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
      Computer Name: LORENZATI150919 | Current User: LORENZATI
      .
      ============== ITEM(S) FOUND ==============
      .

      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
      .
      HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
      HKLM\software\Trymedia Systems
      .
      ============== Additional Scan ==============
      .
      .
      * Mozilla FireFox Version 3.0.16 [fr] *
      .
      Profile Name: e7uq0sne.default (LORENZATI)
      .
      (LORENZ~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\LORENZATI\Desktop
      (LORENZ~1, prefs.js) Browser.startup.homepage, hxxp://www.bbox.bouyguestelecom.fr/pid10/mon-portail.html
      (LORENZ~1, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.16
      .
      .
      * Internet Explorer Version 8.0.6001.18702 *
      .
      [HKEY_CURRENT_USER\..\Internet Explorer\Main]
      .
      Do404Search: 01000000
      Local Page: C:\WINDOWS\system32\blank.htm
      Show_ToolBar: yes
      Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Search Page: hxxp://www.google.com
      Use Search Asst: no
      Enable Browser Extensions: yes
      Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
      Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
      Start Page Redirect Cache_TIMESTAMP: 262e36ce85bac901
      Start Page Redirect Cache AcceptLangs: fr
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
      .
      Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
      Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Delete_Temp_Files_On_Exit: yes
      Local Page: C:\WINDOWS\system32\blank.htm
      Start Page: hxxp://fr.msn.com/
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
      .
      Tabs: res://ieframe.dll/tabswelcome.htm
      .
      ============== Suspect (Cracks, Serials, ...) ==============
      .
      C:\Documents and Settings\LORENZATI\Application Data\Azureus\torrents\SpinTop Games - Mystery P.I. - The New York Fortune + Adnan_Boy 2008 + Precracked.torrent
      .
      ===================================
      .
      3316 Bytes - C:\Ad-Report-SCAN[1].log
      2620 Bytes - C:\Ad-Report-SCAN[2].log
      .
      3036 Files - C:\DOCUME~1\LORENZ~1\LOCALS~1\Temp
      79 Files - C:\WINDOWS\Temp
      129 Files - C:\WINDOWS\Prefetch
      .
      3 Files - C:\Ad-Remover\BACKUP
      0 Files - C:\Ad-Remover\QUARANTINE
      .
      End at: 20:27:11 | 02/02/2010 - SCAN[2]
      .
      ============== E.O.F ==============
      .
      0
  10. Anonymous user
     
    Download gmer to the desktop:

    > https://www.cjoint.com/?bBkSH6OR7n

    !! Disconnect, disable your defenses (anti-virus, anti-spyware) and make sure to close all your applications during the process (including browsers)!!

    * Double-click on "..._gmer.exe" on the desktop.
    * Click on the "rootkit" tab, then click on scan.
    * At the end of the scan, click on the copy button.
    * In start>programs>accessories: open Notepad and click on CTRL+V to paste the report into this Notepad.

    > please post the report ...
    0
  11. Anonymous user
     
    Then download ComboFix (by sUBs) to your Desktop (and not elsewhere!):

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    --------------------------------- [ ! WARNING ! ] ------------------------------------------
    !! Disconnect, close your running applications (as well as your browser) and DISABLE ALL YOUR DEFENSES (anti-virus, anti-spyware guard, firewall) during the process:
    Indeed, if they are enabled, they could severely hinder the searching and cleaning procedure of the tool (possibly crashing the PC)... You will reactivate them afterwards!!
    ---> Important: if you encounter any difficulties at this level, let me know before proceeding...
    Tutorial (help) here: https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    Note: for XP, it is MANDATORY to install the Windows Recovery Console if the tool requests it (see the tutorial above).
    --------------------------------------------------------------------------------------------

    Then:
    > Double-click on the "Combofix.exe" icon to launch the tool.
    > In the "DISCLAIMER..." window, click "yes" and let it work...

    -- For XP, the installation of the Recovery Console will be requested:
    * Follow the instructions and install the "recovery console" (in English, "Windows Recovery Console") when the tool asks you to (important!).
    image > http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
    * Reconnect before clicking "yes," and only during this manipulation.
    * Once the console is installed,
    image > http://img.photobucket.com/albums/v706/ried7/whatnext.png
    disconnect again before clicking "yes" to start the scan --

    Important notes:
    -> Do not use your mouse or keyboard (or any other pointing device) while the program is running. This could freeze the computer.
    -> The PC may restart by itself (to complete the cleaning); let it happen.
    -> If the tool informs you: "combofix has detected the presence of a rootkit and needs to restart your machine," you accept...
    -> If a Windows error message appears at any moment: click the red cross at the top right of the window to close it (and not on anything else! Otherwise, no report...)

    The report will be created here: C:\Combofix.txt

    Make sure to reactivate your defenses.

    Post the Combofix report for analysis and wait for further instructions...
    0
    1. Frya
       
      I have indeed disabled Avast! I am posting the first report and I will take care of the following one that was posted just before:

      GMER 1.0.15.15281 - http://www.gmer.net
      Rootkit scan 2010-02-02 21:21:51
      Windows 5.1.2600 Service Pack 3
      Running: bBkSH6OR7n_gmer.exe; Driver: C:\DOCUME~1\LORENZ~1\LOCALS~1\Temp\pgkoypoc.sys


      ---- System - GMER 1.0.15 ----

      SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF5CAC6B8]
      SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF5CAC574]
      SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF5CACA52]
      SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF5CAC14C]
      SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF5CAC64E]
      SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF5CAC08C]
      SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF5CAC0F0]
      SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF5CAC76E]
      SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF5CAC72E]
      SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF5CAC8AE]

      ---- Kernel code sections - GMER 1.0.15 ----

      init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7091F80]
      .text C:\WINDOWS\system32\drivers\SSHDRV85.sys section is writeable [0xF5E85000, 0x24A24, 0xE8000020]
      .pklstb C:\WINDOWS\system32\drivers\SSHDRV85.sys entry point in ".pklstb" section [0xF5EB8000]
      .relo2 C:\WINDOWS\system32\drivers\SSHDRV85.sys unknown last section [0xF5ECE000, 0x8E, 0x42000040]

      ---- User IAT/EAT - GMER 1.0.15 ----

      IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
      IAT C:\WINDOWS\system32\services.exe[660] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

      ---- Devices - GMER 1.0.15 ----

      AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
      AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
      AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
      AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
      AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
      AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
      AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

      ---- EOF - GMER 1.0.15 ----
      0
      1. Frya > Frya
         
        Hmm, to read the tutorial I need to provide an ID and a password...
        0
      2. Frya > Frya
         
        Forget it, sorry, the page then opened.
        0
  12. Anonymous user
     
    No, no, if you look at the tutorial, it takes time to load, but in the middle of the page, it explains how to use it
    then post the report.
    0
    1. Frya
       
      And here is the report:

      ComboFix 10-02-01.05 - LORENZATI 02/02/2010 21:34:24.1.1 - x86
      Microsoft Windows XP Home Edition 5.1.2600.3.1252.33.1036.18.447.143 [GMT 1:00]
      Started from: c:\documents and settings\LORENZATI\Desktop\ComboFix.exe
      AV: avast! antivirus 4.8.1368 [VPS 100202-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
      .

      (((((((((((((((((((((((((((((((((((( Other deletions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\icon.ico
      c:\windows\system32\SIntf16.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_BOONTY_GAMES
      -------\Service_Boonty Games


      ((((((((((((((((((((((((((((( Files created from 2010-01-02 to 2010-02-02 ))))))))))))))))))))))))))))))))))))
      .

      2010-02-02 19:11 . 2010-02-02 19:27 -------- d-----w- C:\Ad-Remover
      2010-02-01 21:40 . 2010-02-02 18:56 562552 ----a-w- C:\UsbFix_Upload_Me_LORENZATI150919.zip
      2010-02-01 21:37 . 2008-04-14 12:00 23040 -c--a-w- c:\windows\system32\dllcache\setup.exe
      2010-02-01 21:37 . 2008-04-14 12:00 23040 ----a-w- c:\windows\system32\setup.exe
      2010-02-01 21:21 . 2010-02-02 18:56 -------- d-----w- C:\UsbFix
      2010-02-01 20:51 . 2010-02-01 20:51 -------- d-----w- c:\documents and settings\LORENZATI\DoctorWeb
      2010-02-01 18:35 . 2010-02-01 18:35 -------- d-----w- c:\documents and settings\LORENZATI\Application Data\Malwarebytes
      2010-02-01 18:35 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-02-01 18:35 . 2010-02-01 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2010-02-01 18:35 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-02-01 18:35 . 2010-02-01 18:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-02-01 18:17 . 2010-02-01 18:23 -------- d-----w- c:\program files\trend micro
      2010-02-01 18:16 . 2010-02-01 18:23 -------- d-----w- C:\rsit
      2010-01-25 10:33 . 2010-01-25 10:33 -------- d-----w- C:\gPotato.eu

      .
      (((((((((((((((((((((((((((((((((( Find3M report ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-01-25 10:10 . 2008-08-14 15:59 -------- d-----w- c:\documents and settings\LORENZATI\Application Data\Azureus
      2010-01-25 09:34 . 2008-08-13 18:46 -------- d-----w- c:\program files\Azureus
      2010-01-22 11:56 . 2008-09-19 12:58 -------- d-----w- c:\program files\Microsoft Silverlight
      2010-01-20 16:35 . 2008-08-16 11:44 -------- d-----w- c:\program files\Windows Live Safety Center
      2009-12-21 19:07 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
      2009-12-13 18:57 . 2009-12-13 18:57 -------- d-----w- c:\program files\QuickTime
      2009-12-11 12:07 . 2009-09-20 11:28 -------- d-----w- c:\program files\Wireless 802.11g Monitor
      2009-12-10 15:30 . 2008-04-14 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
      2009-12-10 15:30 . 2008-04-14 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
      2009-11-24 23:54 . 2008-08-13 17:49 1280480 ----a-w- c:\windows\system32\aswBoot.exe
      2009-11-24 23:51 . 2008-08-13 17:49 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
      2009-11-24 23:50 . 2008-08-13 17:49 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
      2009-11-24 23:50 . 2008-08-13 17:49 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2009-11-24 23:50 . 2008-08-13 17:49 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2009-11-24 23:49 . 2008-08-13 17:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2009-11-24 23:48 . 2008-08-13 17:49 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
      2009-11-24 23:47 . 2008-08-13 17:49 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
      2009-11-24 23:47 . 2008-08-13 17:49 97480 ----a-w- c:\windows\system32\AvastSS.scr
      2009-11-23 16:51 . 2008-08-13 16:19 22624 ----a-w- c:\documents and settings\LORENZATI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-11-21 15:58 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
      2009-11-13 13:32 . 2009-01-04 10:09 1 ----a-w- c:\documents and settings\LORENZATI\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
      2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
      .

      ((((((((((((((((((((((((((((((((( Registry Load Points ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty items & legitimate initial items are not listed
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-21 68856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-27 589824]
      "VTTrayp"="VTtrayp.exe" [2005-03-12 147456]
      "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
      "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
      "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
      "WireLessKeyboard"="c:\program files\Trust\Trust Keyboard 15036\StartAutorun.exe" [2005-11-30 94208]
      "BboxUpdate"="c:\program files\BboxUpdate\BTLiveUpdate.exe" [2008-08-06 103936]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      VPro620.lnk - c:\windows\VPro620.exe [2008-9-4 61440]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "HonorAutoRunSetting"= 0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "HonorAutoRunSetting"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2009-04-02 14:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
      2006-10-11 10:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      2009-07-25 03:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      2008-09-21 11:59 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
      2005-03-08 19:33 53248 ----a-r- c:\windows\system32\VTTimer.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\Azureus\\Azureus.exe"=
      "c:\\WINDOWS\\system32\\rtcshare.exe"=
      "c:\\Program Files\\NetMeeting\\conf.exe"=
      "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\Program Files\\Bbox\\eSKernel.exe"=
      "c:\\Program Files\\BboxUpdate\\BTLiveUpdate.exe"=

      R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/08/2008 18:49 114768]
      R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [26/04/2009 08:41 78848]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/08/2008 18:49 20560]
      R3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [04/09/2008 15:52 484352]
      R3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [04/09/2008 15:52 7680]
      S3 KEYBOARDWDFilter;KEYBOARDWDFilter;c:\windows\system32\drivers\KEYBOARDWD.SYS [04/09/2008 15:41 6528]
      S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [01/02/2010 19:35 38224]
      S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
      .
      Contents of the 'Scheduled Tasks' folder

      2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

      2010-02-02 c:\windows\Tasks\User_Feed_Synchronization-{D74FC634-DF4E-4886-ACC5-00795F14FD45}.job
      - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
      .
      .
      ------- Additional examination -------

      uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
      uInternet Settings,ProxyOverride = *.local
      uSearchAssistant = hxxp://www.aliceadsl.fr
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: Easy-WebPrint Add to Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      IE: Easy-WebPrint Quick Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
      DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
      FF - ProfilePath - c:\documents and settings\LORENZATI\Application Data\Mozilla\Firefox\Profiles\e7uq0sne.default\
      FF - prefs.js: browser.startup.homepage - hxxp://www.bbox.bouyguestelecom.fr/pid10/mon-portail.html
      FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
      FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
      .
      - - - - ORPHANS DELETED - - - -

      MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
      MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
      AddRemove-Microsoft .NET Framework 3.5 Language Pack SP1 - fra - c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
      AddRemove-Microsoft .NET Framework 3.5 SP1 - c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-02-02 21:49
      Windows 5.1.2600 Service Pack 3 NTFS

      Searching for hidden processes ...

      Searching for hidden auto start items ...

      Searching for hidden files ...

      Scan completed successfully
      Hidden files: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
      "ImagePath"="c:\windows\system32\GameMon.des -service"
      .
      --------------------- BLOCKED REGISTRY KEYS ---------------------

      [HKEY_USERS\S-1-5-21-1409082233-515967899-1417001333-1004\Software\SecuROM\License information*]
      "datasecu"=hex:3a,f1,3f,2b,55,c4,14,02,e0,ba,2e,e4,fa,04,83,ab,11,dc,2d,08,74,
      d5,cf,f7,02,d3,a4,1e,44,7c,19,d0,cd,3b,60,83,8a,f4,9e,d3,00,6a,eb,ea,f6,24,\
      "rkeysecu"=hex:94,14,7f,2d,43,cf,2c,c6,dc,1e,39,f3,97,60,57,32
      .
      --------------------- DLLs loaded in active processes ---------------------

      - - - - - - - > 'explorer.exe'(3256)
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\eappprxy.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Other active processes ------------------------
      .
      c:\program files\Alwil Software\Avast4\aswUpdSv.exe
      c:\program files\Alwil Software\Avast4\ashServ.exe
      c:\windows\system32\VTtrayp.exe
      c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
      c:\program files\Analog Devices\SoundMAX\SMAgent.exe
      c:\program files\Canon\CAL\CALMAIN.exe
      c:\program files\Alwil Software\Avast4\ashMaiSv.exe
      c:\program files\Alwil Software\Avast4\ashWebSv.exe
      .
      **************************************************************************
      .
      End time: 2010-02-02 21:56:44 - The machine rebooted
      ComboFix-quarantined-files.txt 2010-02-02 20:56

      Before-CF: 36,741,210,112 bytes free
      After-CF: 41,418,874,880 bytes free

      - - End Of File - - 63A6E87FF4334451D4799C11B6F86239
      0
  13. Anonymous user
     
    Disable your antivirus during the process as well as your firewall if present (as it is mistakenly detected as an infection)

    ▶ Download and install List&Kill'em and save it on your desktop
    http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

    Double click (right click "run as administrator" for Vista/7) on the shortcut on your desktop to start the installation

    Check the box "create a desktop icon"

    Once finished, click on "finish" and the program will launch automatically

    Choose the language then select option 1 = Search Mode

    ▶ Let the tool work

    When the white window appears, it takes a while, it's normal, the program is not blocked.

    A report named catchme appears on your desktop, ignore it, do not post it, but do not delete it for now, the scan is not finished.

    ▶ Post the content of the report that opens at 100% of the scan on the "COMPLETED" screen

    You can now delete the catchme.log report from your desktop.

    THEN
    Download Lop S&D.exe to the Desktop

    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
    Some infections block the downloading of disinfection tools use this alternative link:
    http://ww38.toofiles.com/fr/oip/documents/exe/yop4.html

    Lop S&D is detected by some antivirus: it is not a virus (false positive), but a utility designed to terminate processes. In case of an alert from your antivirus, please disable your antivirus during the procedure

    * Double-click on it to start the installation
    * Then double-click the Lop S&D shortcut on the Desktop
    * Select the desired language, then choose option 1 (Search)
    * Wait until the scan is complete
    * Post the generated report on a forum (C:\lopR.txt)
    and after

    you should download navilog1 to the desktop:
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Some infections block the downloading of disinfection tools use this alternative link:
    http://ww38.toofiles.com/fr/oip/documents/exe/yop3.html

    1° Double-click on navilog1.exe on your desktop
    2° Select the desired language in the menu and confirm the choice by pressing the "enter" key
    3° A small warning message, press a key to move to the next step
    4° A new warning, press a key to continue
    5° Checking Navilog1 installation: if everything is fine, press a key to continue
    6° Choose option 1: automatic search/disinfection
    7° The search will start automatically and may take a few minutes, please be patient
    8° Once the analysis is complete, close and save your current work, then press a key for your PC to restart
    9° Upon rebooting the PC, Navilog will delete what it found, please wait a moment.

    A report is generated by the tool. It is located at this location:
    XP: start/My Computer/c:/cleannavi.txt

    HOW IS YOUR PC DOING?
    0
    1. Frya
       
      For the first link, I have a window that opens and indicates an error:

      The setup files are corrupted. Please obtain a new copy of the program.

      Should I continue with the rest of the instructions?
      0
  14. Anonymous user
     
    Please provide the text you would like me to translate.
    0
    1. Frya
       
      I no longer know if I had to do it... but here is a copy of the lopR:


      --------------------\\ Lop S&D 4.2.5-0 XP/Vista

      Microsoft Windows XP Home Edition (v5.1.2600) Service Pack 3
      X86-based PC (Uniprocessor Free: AMD Sempron(tm) Processor 2600+)
      BIOS: BIOS Date: 07/18/05 10:30:22 Ver: 08.00.09
      USER: LORENZATI (Administrator)
      BOOT: Normal boot
      Antivirus: avast! antivirus 4.8.1368 [VPS 100202-0] 4.8.1368 (Not Activated)
      A:\ (USB)
      C:\ (Local Disk) - NTFS - Total: 76 Go (Free: 38 Go)
      D:\ (CD or DVD) - CDFS - Total: 0 Go (Free: 0 Go)

      "C:\Lop SD" (LAST UPDATE: 19-12-2008|23:40)
      Option: [1] (02/02/2010|22:21)

      --------------------\\ Listing of folders in APPLIC~1

      [16/05/2009|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
      [12/11/2009|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
      [16/05/2009|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
      [16/05/2009|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
      [14/08/2008|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
      [16/01/2009|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
      [15/08/2008|08:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
      [22/01/2009|09:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
      [20/12/2008|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
      [27/02/2009|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii
      [16/01/2009|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
      [23/01/2009|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
      [15/08/2008|08:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
      [22/01/2009|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
      [01/02/2010|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
      [22/12/2008|19:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
      [27/02/2009|13:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
      [24/02/2009|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
      [16/09/2008|15:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
      [16/08/2008|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PhotoStitch
      [04/04/2009|13:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
      [15/08/2008|08:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
      [04/04/2009|14:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
      [22/03/2009|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
      [18/04/2009|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
      [24/01/2009|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
      [14/08/2008|15:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
      [21/09/2008|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
      [16/08/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser
      [24/12/2008|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

      [13/08/2008|17:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

      [13/08/2008|17:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

      [11/10/2008|12:49] C:\DOCUME~1\LORENZ~1\APPLIC~1\Adobe
      [05/10/2008|16:39] C:\DOCUME~1\LORENZ~1\APPLIC~1\Anuman Interactive
      [17/05/2009|13:07] C:\DOCUME~1\LORENZ~1\APPLIC~1\Apple Computer
      [04/09/2008|16:15] C:\DOCUME~1\LORENZ~1\APPLIC~1\ArcSoft
      [25/01/2010|11:10] C:\DOCUME~1\LORENZ~1\APPLIC~1\Azureus
      [10/01/2009|13:46] C:\DOCUME~1\LORENZ~1\APPLIC~1\BloodTies
      [18/07/2009|17:55] C:\DOCUME~1\LORENZ~1\APPLIC~1\CameraWindowDC
      [16/08/2008|14:01] C:\DOCUME~1\LORENZ~1\APPLIC~1\Canon
      [16/08/2008|11:45] C:\DOCUME~1\LORENZ~1\APPLIC~1\CANON INC
      [24/12/2008|11:25] C:\DOCUME~1\LORENZ~1\APPLIC~1\DivX
      [05/10/2008|17:37] C:\DOCUME~1\LORENZ~1\APPLIC~1\eTeks
      [27/02/2009|13:36] C:\DOCUME~1\LORENZ~1\APPLIC~1\GameHouse
      [14/08/2008|15:51] C:\DOCUME~1\LORENZ~1\APPLIC~1\Google
      [18/10/2009|10:02] C:\DOCUME~1\LORENZ~1\APPLIC~1\Help
      [01/05/2009|16:44] C:\DOCUME~1\LORENZ~1\APPLIC~1\Identities
      [20/08/2008|16:37] C:\DOCUME~1\LORENZ~1\APPLIC~1\InstallShield
      [16/01/2009|16:41] C:\DOCUME~1\LORENZ~1\APPLIC~1\Macromedia
      [01/02/2010|19:35] C:\DOCUME~1\LORENZ~1\APPLIC~1\Malwarebytes
      [17/12/2008|20:35] C:\DOCUME~1\LORENZ~1\APPLIC~1\Microsoft
      [13/08/2008|20:01] C:\DOCUME~1\LORENZ~1\APPLIC~1\mIRC
      [14/03/2009|08:22] C:\DOCUME~1\LORENZ~1\APPLIC~1\Mozilla
      [26/12/2008|13:19] C:\DOCUME~1\LORENZ~1\APPLIC~1\My Games
      [14/08/2008|18:52] C:\DOCUME~1\LORENZ~1\APPLIC~1\Nero
      [04/01/2009|11:09] C:\DOCUME~1\LORENZ~1\APPLIC~1\OpenOffice.org
      [04/01/2009|09:54] C:\DOCUME~1\LORENZ~1\APPLIC~1\OpenOffice.org2
      [14/08/2008|21:24] C:\DOCUME~1\LORENZ~1\APPLIC~1\Opera
      [04/04/2009|13:14] C:\DOCUME~1\LORENZ~1\APPLIC~1\PlayFirst
      [15/08/2008|08:48] C:\DOCUME~1\LORENZ~1\APPLIC~1\ScanSoft
      [08/05/2009|17:00] C:\DOCUME~1\LORENZ~1\APPLIC~1\SecuROM
      [04/04/2009|07:26] C:\DOCUME~1\LORENZ~1\APPLIC~1\skypePM
      [15/01/2009|18:24] C:\DOCUME~1\LORENZ~1\APPLIC~1\SpinTop Games
      [22/01/2009|12:18] C:\DOCUME~1\LORENZ~1\APPLIC~1\SprillBermudeEng
      [14/08/2008|15:17] C:\DOCUME~1\LORENZ~1\APPLIC~1\Sun
      [10/01/2009|16:11] C:\DOCUME~1\LORENZ~1\APPLIC~1\ViquaSoft
      [16/08/2008|09:02] C:\DOCUME~1\LORENZ~1\APPLIC~1\vlc
      [14/08/2008|18:34] C:\DOCUME~1\LORENZ~1\APPLIC~1\WinRAR
      [18/07/2009|17:58] C:\DOCUME~1\LORENZ~1\APPLIC~1\ZoomBrowser EX
      [01/05/2009|16:44] C:\DOCUME~1\LORENZ~1\APPLIC~1\Zylom

      [13/08/2008|17:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

      --------------------\\ Scheduled Tasks in C:\WINDOWS\tasks

      [31/12/2009 23:34][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
      [02/02/2010 19:31][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{D74FC634-DF4E-4886-ACC5-00795F14FD45}.job
      [02/02/2010 21:46][--ah-----] C:\WINDOWS\tasks\SA.DAT
      [14/04/2008 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

      --------------------\\ Listing of folders in C:\Program Files

      [12/11/2009|17:15] C:\Program Files\Adobe
      [08/05/2009|21:46] C:\Program Files\AGEIA Technologies
      [06/12/2008|12:33] C:\Program Files\Ahead
      [04/12/2008|08:47] C:\Program Files\Alice SSID
      [13/08/2008|18:49] C:\Program Files\Alwil Software
      [13/08/2008|17:25] C:\Program Files\AMD
      [13/08/2008|17:34] C:\Program Files\Analog Devices
      [18/10/2009|09:38] C:\Program Files\Anuman Interactive
      [16/05/2009|10:44] C:\Program Files\Apple Software Update
      [15/08/2008|08:46] C:\Program Files\ArcSoft
      [08/05/2009|11:15] C:\Program Files\Ascaron Entertainment
      [25/01/2010|10:34] C:\Program Files\Azureus
      [12/11/2009|17:03] C:\Program Files\Bbox
      [12/11/2009|17:04] C:\Program Files\BboxUpdate
      [16/05/2009|10:47] C:\Program Files\Bonjour
      [16/01/2009|16:35] C:\Program Files\Boonty
      [16/01/2009|17:24] C:\Program Files\BoontyGames
      [16/08/2008|11:39] C:\Program Files\Canon
      [25/01/2009|17:38] C:\Program Files\Common Files
      [13/08/2008|17:08] C:\Program Files\ComPlus Applications
      [08/05/2009|16:26] C:\Program Files\Deep Silver
      [04/09/2008|15:49] C:\Program Files\DIFX
      [21/08/2009|10:23] C:\Program Files\DivX
      [05/04/2009|12:00] C:\Program Files\eMule
      [02/02/2010|21:39] C:\Program Files\Common Files
      [16/01/2009|22:37] C:\Program Files\Google
      [21/11/2009|09:18] C:\Program Files\Gpotato.eu
      [18/10/2009|09:34] C:\Program Files\InstallShield Installation Information
      [16/09/2008|15:58] C:\Program Files\InterActual
      [23/01/2010|09:09] C:\Program Files\Internet Explorer
      [16/05/2009|10:48] C:\Program Files\iPod
      [16/05/2009|10:49] C:\Program Files\iTunes
      [09/08/2009|08:32] C:\Program Files\Java
      [17/07/2009|14:31] C:\Program Files\JRE
      [16/09/2008|16:43] C:\Program Files\K-Lite Codec Pack
      [01/02/2010|19:35] C:\Program Files\Malwarebytes' Anti-Malware
      [14/08/2008|21:38] C:\Program Files\Messenger
      [03/10/2009|08:18] C:\Program Files\Microsoft
      [16/08/2008|18:56] C:\Program Files\Microsoft CAPICOM 2.1.0.2
      [13/08/2008|17:11] C:\Program Files\microsoft frontpage
      [22/01/2010|12:56] C:\Program Files\Microsoft Silverlight
      [13/08/2008|18:41] C:\Program Files\Microsoft SQL Server Compact Edition
      [13/08/2008|17:09] C:\Program Files\Movie Maker
      [02/02/2010|22:15] C:\Program Files\Mozilla Firefox
      [11/04/2009|09:25] C:\Program Files\MSBuild
      [13/08/2008|17:07] C:\Program Files\MSN
      [13/08/2008|17:07] C:\Program Files\MSN Gaming Zone
      [15/08/2008|21:32] C:\Program Files\MSXML 4.0
      [14/08/2008|18:48] C:\Program Files\Nero
      [10/10/2008|17:46] C:\Program Files\NetMeeting
      [13/08/2008|17:07] C:\Program Files\Online Services
      [17/07/2009|14:31] C:\Program Files\OpenOffice.org 3
      [12/03/2009|17:57] C:\Program Files\Opera
      [13/08/2009|22:56] C:\Program Files\Outlook Express
      [04/09/2008|15:48] C:\Program Files\Philips
      [04/09/2008|15:50] C:\Program Files\Philips_VLounge
      [16/08/2008|12:22] C:\Program Files\PhotoFiltre
      [13/12/2009|19:57] C:\Program Files\QuickTime
      [12/03/2009|18:10] C:\Program Files\RealArcade
      [11/04/2009|09:25] C:\Program Files\Reference Assemblies
      [15/08/2008|08:47] C:\Program Files\ScanSoft
      [13/08/2008|17:10] C:\Program Files\Online Services
      [12/11/2009|16:39] C:\Program Files\Techcity
      [01/02/2010|19:23] C:\Program Files\trend micro
      [04/09/2008|15:39] C:\Program Files\Trust
      [13/08/2008|17:19] C:\Program Files\Uninstall Information
      [13/08/2008|17:22] C:\Program Files\VIA
      [13/08/2008|20:01] C:\Program Files\VideoLAN
      [03/10/2009|08:22] C:\Program Files\Windows Live
      [13/08/2008|18:46] C:\Program Files\Windows Live Favorites
      [20/01/2010|17:35] C:\Program Files\Windows Live Safety Center
      [22/12/2008|19:43] C:\Program Files\Windows Live SkyDrive
      [20/09/2008|14:51] C:\Program Files\Windows Live Toolbar
      [16/09/2008|16:16] C:\Program Files\Windows Media Connect 2
      [16/09/2008|16:16] C:\Program Files\Windows Media Player
      [13/08/2008|17:07] C:\Program Files\Windows NT
      [13/08/2008|17:10] C:\Program Files\WindowsUpdate
      [13/08/2008|19:43] C:\Program Files\WinRAR
      [11/12/2009|13:07] C:\Program Files\Wireless 802.11g Monitor
      [13/08/2008|17:11] C:\Program Files\xerox
      [01/05/2009|17:46] C:\Program Files\Zylom Games

      --------------------\\ Listing of folders in C:\Program Files\Common Files

      [12/11/2009|17:19] C:\Program Files\Common Files\Adobe
      [06/12/2008|12:33] C:\Program Files\Common Files\Ahead
      [16/05/2009|10:48] C:\Program Files\Common Files\Apple
      [04/09/2008|15:50] C:\Program Files\Common Files\ArcSoft
      [16/01/2009|16:40] C:\Program Files\Common Files\BOONTY Shared
      [16/08/2008|11:35] C:\Program Files\Common Files\Canon
      [21/08/2009|10:21] C:\Program Files\Common Files\DivX Shared
      [15/08/2008|08:48] C:\Program Files\Common Files\InstallShield
      [14/08/2008|15:17] C:\Program Files\Common Files\Java
      [22/02/2009|11:21] C:\Program Files\Common Files\Microsoft Shared
      [13/08/2008|17:09] C:\Program Files\Common Files\MSSoap
      [13/08/2008|18:48] C:\Program Files\Common Files\ODBC
      [15/08/2008|08:48] C:\Program Files\Common Files\ScanSoft Shared
      [13/08/2008|17:09] C:\Program Files\Common Files\Services
      [04/09/2008|15:48] C:\Program Files\Common Files\SPC620NC
      [13/08/2008|18:47] C:\Program Files\Common Files\SpeechEngines
      [13/08/2008|17:09] C:\Program Files\Common Files\System
      [20/09/2008|14:46] C:\Program Files\Common Files\Windows Live
      [13/08/2008|18:40] C:\Program Files\Common Files\WindowsLiveInstaller
      [08/05/2009|21:46] C:\Program Files\Common Files\Wise Installation Wizard

      --------------------\\ Process

      (36 Processes)

      ... OK!

      --------------------\\ Search with S_Lop

      No Lop files/folders found!

      --------------------\\ Search for Lop Files/Folders

      C:\DOCUME~1\LORENZ~1\Cookies\lorenzati@advertising[2].txt
      C:\DOCUME~1\LORENZ~1\Cookies\lorenzati@adin.bigpoint[1].txt
      C:\DOCUME~1\LORENZ~1\Cookies\lorenzati@adopt.euroclick[1].txt
      C:\DOCUME~1\LORENZ~1\Cookies\lorenzati@euroclick[2].txt
      C:\DOCUME~1\LORENZ~1\Cookies\lorenzati@partypoker[1].txt

      --------------------\\ Registry Check

      ..... OK!

      --------------------\\ Hosts file check

      Hosts file CLEAN


      --------------------\\ Search for files with Catchme

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-02-02 22:22:53
      Windows 5.1.2600 Service Pack 3 NTFS
      scanning hidden processes...
      scanning hidden files...
      scan completed successfully
      hidden processes: 0
      hidden files: 133

      --------------------\\ Search for other infections


      No other infections found!

      [F:357][D:0]-> C:\DOCUME~1\LORENZ~1\Cookies
      [F:2][D:0]-> C:\DOCUME~1\LORENZ~1\LOCALS~1\TEMPOR~1\content.IE5

      1 - "C:\Lop SD\LopR_1.txt" - 02/02/2010|22:24 - Option: [1]

      --------------------\\ End of report at 22:24:58
      0
      1. Frya > Frya
         
        My PC is doing fine for now, no warnings upon restarting Avast!

        Cleannavi report:

        Fix Navipromo version 4.0.6 started on 02/02/2010 22:28:09,14

        !!! Warning, this report may indicate legitimate files/programs!!!
        !!! Post this report on the forum for analysis!!!

        Tool executed from C:\Program Files\navilog1

        Updated on 03.01.2010 at 11:00 by IL-MAFIOSO

        Microsoft Windows XP Home Edition (v5.1.2600) Service Pack 3
        X86-based PC (Uniprocessor Free: AMD Sempron(tm) Processor 2600+)
        BIOS: BIOS Date: 07/18/05 10:30:22 Ver: 08.00.09
        USER: LORENZATI (Administrator)
        BOOT: Normal boot

        Antivirus: avast! antivirus 4.8.1368 [VPS 100202-0] 4.8.1368 (Not Activated)


        A:\ (USB)
        C:\ (Local Disk) - NTFS - Total: 76 GB (Free: 38 GB)
        D:\ (CD or DVD) - CDFS - Total: 0 GB (Free: 0 GB)


        Scan performed in normal mode

        Cleaning executed upon computer restart


        C:\WINDOWS\prefetch\GAMEGUARD.DES-37DA4813.pf deleted!
        C:\WINDOWS\prefetch\GAMEMON.DES-389587DE.pf deleted!


        Cleaning of contents in C:\WINDOWS\Temp completed!
        Cleaning of contents in C:\Documents and Settings\LORENZATI\locals~1\Temp completed!


        *** Registry backup to Safebackup folder ***

        Registry backup completed successfully!

        *** Registry Cleaning ***

        Registry cleaning OK




        *** Scan completed on 02/02/2010 22:30:50,29 ***
        0
  15. Anonymous user
     
    avast is crap, and that's putting it mildly !!
    look at the https://forum.malekal.com/viewtopic.php?f=45&t=11659&p=89934#p89934

    I advise you to switch to antivir, everything is explained here http://forum.malekal.com/ftopic4192.php
    have you updated your PC, if so do it regularly ?

    so let's get to the end, do an online scan HERE WITH INTERNET EXPLORER at the end it will ask you if you want a report, say yes and paste it in your next

    then to clean the tools used

    *Download ToolsCleaner
    * Click on Search
    * Click on Delete to finalize
    * Post the report (TCleaner.txt) found at the root of your hard drive (C:\).
    * The program may crash, let it run anyway

    *Download: ATF Cleaner by Atribune
    * Under the Main tab, choose: Select All
    * Click on the Empty Selected button
    You can keep ATF for future cleanings

    Download and install CCleaner (Do not install the Yahoo Toolbar)
    Go to Cleaner, choose Analyze Once finished, start the cleaning
    choose Registry, then Find Errors. Once done, repair all errors
    make sure the settings options are set to start with windows and configured for "secure deletion" 35 passes
    (guttman)

    defragment your disks as explained here

    check for java updates

    JavaRa

    Unzip the file on the Desktop (Right-click > Extract All).
    * Double-click on the JavaRa directory.
    * Then double-click on the JavaRa.exe file (the exe may not display).
    * Choose French then click on Select.
    * Click on Check for updates.
    * Select Update via jucheck.exe then click Search.
    * Allow the process to connect if it asks, click Install and follow the installation instructions which take a few minutes.
    * Once the installation is complete, return to the JavaRa screen and click on Remove old versions.
    * Click Yes to confirm. Let it work and then click OK, then a second time on OK.
    * A report will open. Post it in your next response.
    * Close the application.

    Note: the report is also located in C:\ under the name JavaRa.log.

    Update Adobe Reader if it's not done (uninstall the previous version first)

    we used MalwareByte's Anti-Malware, empty its quarantine:

    * Launch the program then click on <quarantine>.
    * Select all items then click on <delete>.
    * Exit the program.
    The same for your antivirus: empty its quarantine if you haven't already done so
    do a quick scan from time to time

    delete your restore points</delete></quarantine>
    0
    1. Frya
       
      Hello,

      Tonight, once I get back from work, I will get started. The longest part will anyway be the defragmentation of the disk.

      However, I have another question, which I noticed while looking at the various scans: there are files on my computer that should normally no longer exist since I uninstalled them (like Opera, etc...). They do not appear in Add or Remove Programs. Is there a way to completely get rid of these tools? Unless Tools are meant for that, then never mind.

      As soon as I finish all these steps, I will repost to give the verdict. But I think it will be fine ^^

      Have a good day and thank you.
      0
  16. Anonymous user
     
    When you uninstall a program through the control panel, some files from the program remain, and you have to delete them manually.
    To completely remove an application, use this software: https://www.clubic.com/telecharger-fiche39528-revouninstaller.html
    0
    1. Frya
       
      Good evening,

      Uninstalling Avast!: successful, no issues encountered.

      Installing Anti Vir: successful, I followed the guide from the forum linked, and there were 3 positive results; however, the report indicates that no viruses were found.

      As for the BitDefender link, it doesn't work despite installing the plug (if I'm not mistaken about the term), it tells me to contact the webmaster.

      I will now take care of Tools.
      0
      1. Frya > Frya
         
        And here is the ToolsCleaner2 report:

        [ ToolsCleaner version 2.3.11 report (by A.Rothstein & dj QUIOU) ]

        --> Search:

        C:\Combofix.txt: found!
        C:\cleannavi.txt: found!
        C:\lopR.txt: found!
        C:\UsbFix.txt: found!
        C:\Lop SD: found!
        C:\Qoobox: found!
        C:\UsbFix: found!
        C:\Rsit: found!
        C:\Ad-remover: found!
        C:\Documents and Settings\LORENZATI\Desktop\LopSD.exe: found!
        C:\Documents and Settings\LORENZATI\Desktop\Navilog1.exe: found!
        C:\Documents and Settings\LORENZATI\Desktop\ComboFix.exe: found!
        C:\Documents and Settings\LORENZATI\Desktop\UsbFix.exe: found!
        C:\Documents and Settings\LORENZATI\Desktop\Rsit.exe: found!
        C:\Documents and Settings\LORENZATI\Recent\UsbFix.lnk: found!
        C:\Lop SD\catchme.exe: found!
        C:\Lop SD\catchme.log: found!
        C:\Program Files\Navilog1: found!
        C:\Program Files\Navilog1\Navilog1.bat: found!
        C:\Program Files\trend micro\HijackThis.exe: found!
        C:\Program Files\trend micro\hijackthis.log: found!
        C:\Qoobox\Quarantine\catchme.log: found!
        C:\WINDOWS\mbr.exe: found!

        ---------------------------------
        --> Deletion:

        C:\Documents and Settings\LORENZATI\Desktop\LopSD.exe: deleted!
        C:\Documents and Settings\LORENZATI\Desktop\Navilog1.exe: deleted!
        C:\Documents and Settings\LORENZATI\Desktop\ComboFix.exe: DELETION ERROR!!
        C:\Lop SD\catchme.exe: deleted!
        C:\Program Files\Navilog1\Navilog1.bat: deleted!
        C:\Program Files\trend micro\HijackThis.exe: deleted!
        C:\Combofix.txt: deleted!
        C:\cleannavi.txt: deleted!
        C:\lopR.txt: deleted!
        C:\UsbFix.txt: deleted!
        C:\Documents and Settings\LORENZATI\Desktop\UsbFix.exe: deleted!
        C:\Documents and Settings\LORENZATI\Desktop\Rsit.exe: deleted!
        C:\Documents and Settings\LORENZATI\Recent\UsbFix.lnk: deleted!
        C:\Lop SD\catchme.log: deleted!
        C:\Program Files\trend micro\hijackthis.log: deleted!
        C:\Qoobox\Quarantine\catchme.log: deleted!
        C:\WINDOWS\mbr.exe: deleted!
        C:\Lop SD: deleted!
        C:\Qoobox: deleted!
        C:\UsbFix: deleted!
        C:\Rsit: deleted!
        C:\Ad-remover: deleted!
        C:\Program Files\Navilog1: deleted!
        0
      2. Frya > Frya
         
        For Ccleaner it's done, okay.

        For the defragmentation, I admit that since it's going to take me several hours (I can imagine the mess on my computer now), I prefer to avoid doing it tonight. I'll take care of it quickly on Friday afternoon.

        Is it a problem if I take care of the Java updates now? And also for malwarebytes?
        Or should I wait?

        Have a good evening ^^
        0
  17. Anonymous user
     
    we change the online scan go here https://www.eset.com/int/home/online-scanner/ and click on eset online scanner and at the end post the report

    do the updates now it's not a problem
    0
    1. Frya
       
      Ok, I will do it, but in Malwarebytes, I have nothing in quarantine, is that normal?
      0
  18. Anonymous user
     
    on a dû la vider, c'est pas grave.
    0
    1. Frya
       
      I couldn't find the report in .txt (there might not have been one), but after 49 minutes of scanning it didn’t find any infected files. My computer has become very fast.
      0
      1. Frya > Frya
         
        I also tried launching my online game (since that was where I had the Avast! alert particularly) and now nothing. Does that mean my PC is healed?
        0
  19. Anonymous user
     
    yes but in resolved

    and goodbye
    0
    1. Frya
       
      Right away ^^

      Thank you for everything.

      Good luck with everything.
      0
  20. Anonymous user
     
    at the slightest problem, come back to see me
    as late as possible
    0