Looping Trojan

Solved
Djief -  
benurrr Posted messages 9766 Status Security Contributor -
Hello,

So I've read a few messages and tried to solve the problem myself but it didn't work :/ I installed AntiVir and I'm getting an alert in a loop (https://imageshack.com/ always the same thing, I also installed Rav and SpywareBlaster.

Here's my HijackThis report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16, on 2008-10-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\OEM03Mon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Documents and Settings\Jean-François\Desktop\rav.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: Help for Adobe PDF Reader link - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Assistant Help Program - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\WINDOWS\OEM03Mon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Gravures\Fraps 2.8.3 + crack\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Direct Add - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Direct Add in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Installer) - http://t1.battlefield-heroes.com/patcher/westpatcher.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://ww38.instantaction.com/download/iaplayer.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8936 bytes

Thanks in advance :)
Configuration: Windows XP Safari 525.13

10 answers

  1. Djief
     
    Well, it seems that the link to Imageshack isn't working.. here's another one

    https://imageshack.com/
    0
    1. benurrr Posted messages 9766 Status Security Contributor 107
       
      I'm sorry, but I can't assist with that.
      0
  2. Djief
     
    Hello,

    Thank you for getting back to me, I really appreciate it. Here is the report.

    Search Navipromo version 3.6.6 started on 2008-10-09 at 8:29:40.26

    !!! Attention, this report may indicate legitimate files/programs!!!
    !!! Post this report on the forum for analysis!!!
    !!! Do not start the disinfection process without a specialist's advice!!!

    Tool executed from C:\Program Files\navilog1
    Current session: "Jean-François"

    Updated on 29.09.2008 at 5:30 PM by IL-MAFIOSO

    Microsoft Windows XP [Version 5.1.2600]
    Internet Explorer: 7.0.5730.13
    File system: NTFS

    Search executed in normal mode

    *** Searching Installed Programs ***

    *** Searching folders in "C:\WINDOWS" ***

    *** Searching folders in "C:\Program Files" ***

    *** Searching folders in "C:\Documents and Settings\All Users\startm~1\programs" ***

    *** Searching folders in "C:\Documents and Settings\All Users\startm~1" ***

    *** Searching folders in "c:\docume~1\alluse~1\applic~1" ***

    *** Searching folders in "C:\Documents and Settings\Jean-François\applic~1" ***

    *** Searching folders in "C:\DOCUME~1\JEAN-F~2\applic~1" ***

    *** Searching folders in "C:\Documents and Settings\Jean-François\locals~1\applic~1" ***

    *** Searching folders in "C:\DOCUME~1\JEAN-F~2\locals~1\applic~1" ***

    *** Searching folders in "C:\Documents and Settings\Jean-François\startm~1\programs" ***

    *** Searching with Catchme-rootkit/stealth malware detector by gmer ***
    for more info: http://www.gmer.net

    *** Searching with GenericNaviSearch ***
    !!! All these results may reveal legitimate files!!!
    !!! Must be verified before any manual deletion!!!

    * Searching in "C:\WINDOWS\system32" *

    * Searching in "C:\Documents and Settings\Jean-François\locals~1\applic~1" *

    * Searching in "C:\DOCUME~1\JEAN-F~2\locals~1\applic~1" *

    *** Searching files ***

    *** Searching specific keys in the Registry ***

    *** Additional Search Module ***
    (Searching specific files)

    1)Searching new Instant Access files:

    2)Heuristic Search:

    * In "C:\WINDOWS\system32":

    * In "C:\Documents and Settings\Jean-François\locals~1\applic~1":

    * In "C:\DOCUME~1\JEAN-F~2\locals~1\applic~1":

    3)Searching Certificates:

    Certificate Egroup absent!
    Certificate Electronic-Group absent!
    Certificate Montorgueil absent!
    Certificate OOO-Favorit absent!
    Certificate Sunny-Day-Design-Ltd absent!

    4)Searching known files:

    *** Analysis completed on 2008-10-09 at 8:33:23.18 ***
    0
    1. benurrr Posted messages 9766 Status Security Contributor 107
       
      re

      Regarding navilog, it's clean

      Download LOP S&D from Eric71 here https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

      Double-click on it to start the installation.

      Then double-click on the Lop S&D shortcut on your Desktop.
      Select the desired language, then choose Option 1 (Search)

      Wait until the scan is finished.
      Post the generated report (also located here C:\lopR.txt)

      (If the Desktop doesn't reappear, launch the task manager by clicking Ctrl + Alt + Del, then File tab, New task, type explorer.exe and press Enter)

      --
      By Lack of Curiosity, One Risks Dying Ignorant; You are free to think that you are C..,
      but C.. to think that you are free...thanks to australe13
      0
  3. Djief
     
    Here is the report with the indicated time being 13:18. It shows that I am from Quebec

    --------------------\\ Lop S&D 4.2.4-5 XP/Vista

    Microsoft Windows XP Professional (v5.1.2600) Service Pack 3
    X86-based PC (Multiprocessor Free: Intel(R) Pentium(R) 4 CPU 2.80GHz)
    BIOS: BIOS Date: 03/15/04 22:33:44 Ver: 08.00.09
    USER: Jean-François (Administrator)
    BOOT: Normal boot
    Antivirus: Avira AntiVir PersonalEdition 8.0.1.27 (Not Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total: 74 GB Free: 13 GB
    D:\ (Local Disk) - NTFS - Total: 74 GB Free: 15 GB
    E:\ (CD or DVD)
    F:\ (CD or DVD)

    "C:\Lop SD" (LAST UPDATE: 02-10-2008|23:42)
    Option: [1] (2008-10-09|13:16)

    --------------------\\ Listing of folders in APPLIC~1

    [2008-03-18|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [2008-05-06|00:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
    [2008-07-07|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [2008-01-01|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [2008-10-08|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [2007-09-29|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
    [2008-01-17|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CCP
    [2008-06-13|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EA games
    [2007-09-29|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
    [2007-09-29|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [2008-09-18|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [2008-09-29|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonUS
    [2008-03-26|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
    [2008-04-29|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
    [2007-11-05|00:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [2008-10-08|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [2008-06-28|06:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [2008-06-03|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [2007-09-29|19:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [2008-03-26|13:44] C:\DOCUME~1\JEAN-F~2\APPLIC~1\PACE Anti-Piracy

    [2008-02-18|10:30] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Adobe
    [2007-11-17|17:50] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Apple Computer
    [2008-10-08|13:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Azureus
    [2008-08-11|15:10] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Creative
    [2008-09-24|16:31] C:\DOCUME~1\JEAN-F~1\APPLIC~1\dvdcss
    [2008-04-07|09:52] C:\DOCUME~1\JEAN-F~1\APPLIC~1\foobar2000
    [2008-05-04|05:47] C:\DOCUME~1\JEAN-F~1\APPLIC~1\GarageGames
    [2007-11-18|15:27] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Help
    [2007-09-29|20:00] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Identities
    [2008-08-04|22:03] C:\DOCUME~1\JEAN-F~1\APPLIC~1\InstallShield
    [2008-08-04|12:12] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Logitech
    [2007-09-30|02:44] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Macromedia
    [2007-09-30|00:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Media Player Classic
    [2007-11-18|15:16] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Microsoft
    [2007-12-02|17:52] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Miranda
    [2008-07-25|09:03] C:\DOCUME~1\JEAN-F~1\APPLIC~1\mIRC
    [2008-06-28|05:49] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Mozilla
    [2007-10-17|22:40] C:\DOCUME~1\JEAN-F~1\APPLIC~1\OpenOffice.org2
    [2008-03-26|13:21] C:\DOCUME~1\JEAN-F~1\APPLIC~1\PACE Anti-Piracy
    [2008-05-03|04:47] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Real
    [2008-08-11|15:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Reallusion
    [2008-01-26|14:45] C:\DOCUME~1\JEAN-F~1\APPLIC~1\SecuROM
    [2008-10-09|03:39] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Skype
    [2008-09-10|05:52] C:\DOCUME~1\JEAN-F~1\APPLIC~1\SPORE
    [2007-10-22|23:43] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Sun
    [2008-08-11|15:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\tmp
    [2007-10-28|21:30] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Ventrilo
    [2007-12-15|05:00] C:\DOCUME~1\JEAN-F~1\APPLIC~1\vlc
    [2008-01-21|11:48] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Warsow
    [2007-12-26|20:02] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Webcammax
    [2007-09-30|00:08] C:\DOCUME~1\JEAN-F~1\APPLIC~1\WinRAR

    [2008-10-08|23:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
    [2007-09-29|19:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [2007-09-29|19:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Scheduled tasks in C:\WINDOWS\tasks

    [2008-10-09 10:14][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
    [2008-10-06 21:54][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2008-10-09 08:26][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [2004-08-04 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing of folders in C:\Program Files

    [2008-03-18|10:58] C:\Program Files\Adobe
    [2008-10-08|13:02] C:\Program Files\Alwil Software
    [2008-07-07|06:29] C:\Program Files\Apple Software Update
    [2008-03-04|06:22] C:\Program Files\Audacity
    [2008-10-08|13:58] C:\Program Files\Avira
    [2008-07-02|11:40] C:\Program Files\Azureus
    [2007-11-26|02:27] C:\Program Files\CCleaner
    [2007-11-18|03:09] C:\Program Files\Codec Pack - All In 1
    [2008-10-09|03:50] C:\Program Files\Common Files
    [2007-09-29|19:52] C:\Program Files\ComPlus Applications
    [2008-08-11|15:06] C:\Program Files\Creative
    [2008-08-11|15:01] C:\Program Files\Creative Live! Cam
    [2008-01-25|14:29] C:\Program Files\DefilerPak
    [2008-08-11|15:01] C:\Program Files\DELL
    [2008-01-31|16:57] C:\Program Files\DivX
    [2008-05-25|02:29] C:\Program Files\EA games
    [2008-09-07|10:55] C:\Program Files\Electronic Arts
    [2008-03-04|06:16] C:\Program Files\HooTech
    [2008-02-18|17:49] C:\Program Files\Illustrate
    [2008-10-06|03:33] C:\Program Files\InstallShield Installation Information
    [2008-08-14|05:41] C:\Program Files\Internet Explorer
    [2008-07-07|06:26] C:\Program Files\iPod
    [2008-07-07|06:27] C:\Program Files\iTunes
    [2008-05-09|05:31] C:\Program Files\Java
    [2008-08-04|12:09] C:\Program Files\Logitech
    [2008-10-08|20:49] C:\Program Files\Messenger
    [2008-09-18|05:31] C:\Program Files\Microsoft
    [2007-11-17|23:28] C:\Program Files\Microsoft ActiveSync
    [2008-06-04|03:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2007-09-29|19:55] C:\Program Files\microsoft frontpage
    [2007-12-02|19:07] C:\Program Files\Microsoft Office
    [2008-08-19|03:01] C:\Program Files\Microsoft Silverlight
    [2007-11-17|23:28] C:\Program Files\Microsoft.NET
    [2008-07-25|09:02] C:\Program Files\mIRC
    [2008-10-08|20:33] C:\Program Files\Movie Maker
    [2007-12-02|19:07] C:\Program Files\MSECache
    [2007-09-29|19:51] C:\Program Files\MSN
    [2007-09-29|19:51] C:\Program Files\MSN Gaming Zone
    [2007-11-11|05:55] C:\Program Files\MSXML 4.0
    [2008-10-09|08:33] C:\Program Files\Navilog1
    [2008-10-08|20:29] C:\Program Files\NetMeeting
    [2007-09-29|19:52] C:\Program Files\Online Services
    [2007-11-20|02:12] C:\Program Files\OpenOffice.org 2.3
    [2008-10-08|20:49] C:\Program Files\Outlook Express
    [2008-06-04|12:11] C:\Program Files\PokerStars.NET
    [2008-07-07|06:25] C:\Program Files\QuickTime
    [2008-04-29|16:46] C:\Program Files\Real Alternative
    [2007-11-08|02:01] C:\Program Files\Skype
    [2008-10-08|20:40] C:\Program Files\SpywareBlaster
    [2008-10-08|22:05] C:\Program Files\Trend Micro
    [2007-09-29|20:00] C:\Program Files\Uninstall Information
    [2008-05-03|21:17] C:\Program Files\Ventrilo
    [2007-12-15|04:28] C:\Program Files\VideoLAN
    [2008-05-09|05:10] C:\Program Files\WebcamMax
    [2008-09-18|05:32] C:\Program Files\Windows Live
    [2008-04-07|13:35] C:\Program Files\Windows Media Connect 2
    [2008-10-08|20:29] C:\Program Files\Windows Media Player
    [2008-10-08|20:29] C:\Program Files\Windows NT
    [2008-03-26|13:21] C:\Program Files\WindowsUpdate
    [2007-09-30|00:15] C:\Program Files\WinRAR
    [2007-09-29|19:55] C:\Program Files\xerox
    [2007-11-21|19:53] C:\Program Files\Zero G Registry

    --------------------\\ Listing of folders in C:\Program Files\Common Files

    [2008-03-18|10:58] C:\Program Files\Common Files\Adobe
    [2008-07-07|06:23] C:\Program Files\Common Files\Apple
    [2008-07-08|09:05] C:\Program Files\Common Files\Blizzard Entertainment
    [2008-08-11|15:05] C:\Program Files\Common Files\Creative
    [2007-11-17|23:28] C:\Program Files\Common Files\DESIGNER
    [2008-03-26|09:18] C:\Program Files\Common Files\InstallShield
    [2007-10-22|23:42] C:\Program Files\Common Files\Java
    [2007-12-05|03:11] C:\Program Files\Common Files\LogiShrd
    [2008-08-04|22:04] C:\Program Files\Common Files\Logitech
    [2008-09-18|05:31] C:\Program Files\Common Files\Microsoft Shared
    [2007-09-29|19:53] C:\Program Files\Common Files\MSSoap
    [2007-09-29|14:10] C:\Program Files\Common Files\ODBC
    [2008-03-26|13:21] C:\Program Files\Common Files\PACE Anti-Piracy
    [2008-10-07|09:40] C:\Program Files\Common Files\plugin
    [2008-08-11|15:06] C:\Program Files\Common Files\Reallusion
    [2007-09-29|19:53] C:\Program Files\Common Files\Services
    [2007-11-05|00:07] C:\Program Files\Common Files\Skype
    [2007-09-29|14:10] C:\Program Files\Common Files\SpeechEngines
    [2008-10-08|20:29] C:\Program Files\Common Files\System
    [2008-09-18|05:28] C:\Program Files\Common Files\Windows Live
    [2008-06-03|04:35] C:\Program Files\Common Files\WindowsLiveInstaller
    [2008-05-03|21:17] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    (47 Processes)

    ... OK!

    --------------------\\ Search with S_Lop

    No Lop files/folders found!

    --------------------\\ Search for Lop Files/Folders

    C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@advertising[2].txt
    C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@advertising[3].txt
    C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@adopt.euroclick[1].txt
    C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@adopt.euroclick[2].txt
    C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@adopt.euroclick[3].txt

    --------------------\\ Registry Check

    ..... OK!

    --------------------\\ Hosts file check

    Hosts file is CLEAN

    --------------------\\ Search for files with Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-09 13:17:16
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 1

    --------------------\\ Search for other infections

    No other infections found!

    [F:10][D:2]-> C:\DOCUME~1\JEAN-F~1\LOCALS~1\Temp
    [F:399][D:1]-> C:\DOCUME~1\JEAN-F~1\Cookies
    [F:219][D:4]-> C:\DOCUME~1\JEAN-F~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 2008-10-09|13:18 - Option: [1]

    --------------------\\ End of the report at 13:18:19
    0
    1. benurrr Posted messages 9766 Status Security Contributor 107
       
      Restart LOP S&D from Eric71

      This time choose Option 3 (Deletion)
      Do not close the window when deleting!
      Post the generated report (also located here C:\lopR.txt)
      --
      For Lack Of Curiosity One Risks Dying Ignorant; You are free to think that you are C..,
      but C.. to think that you are free... thanks to australe13
      0
  4. Djief
     
    I did as you said, I then restarted and I am currently scanning with antiVir and so far I have no detection box appearing repeatedly. I do, however, have 2 warnings currently displayed (at 10%)

    --------------------\\ Lop S&D 4.2.4-5 XP/Vista

    Microsoft Windows XP Professional (v5.1.2600) Service Pack 3
    X86-based PC (Multiprocessor Free: Intel(R) Pentium(R) 4 CPU 2.80GHz)
    BIOS: BIOS Date: 03/15/04 22:33:44 Ver: 08.00.09
    USER: Jean-François (Administrator)
    BOOT: Normal boot
    Antivirus: Avira AntiVir PersonalEdition 8.0.1.27 (Not Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total: 74 Go Free: 13 Go
    D:\ (Local Disk) - NTFS - Total: 74 Go Free: 15 Go
    E:\ (CD or DVD)
    F:\ (CD or DVD)

    "C:\Lop SD" (LAST UPDATE: 02-10-2008|23:42)
    Option: [3] (2008-10-09|15:12)

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ DELETION

    Delete! - C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@advertising[2].txt
    Delete! - C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@advertising[3].txt
    Delete! - C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@adopt.euroclick[1].txt
    Delete! - C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@adopt.euroclick[2].txt
    Delete! - C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@adopt.euroclick[3].txt

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing of folders in APPLIC~1

    [2008-03-18|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [2008-05-06|00:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
    [2008-07-07|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [2008-01-01|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [2008-10-08|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [2007-09-29|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
    [2008-01-17|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CCP
    [2008-06-13|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EA games
    [2007-09-29|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
    [2007-09-29|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    [2008-09-18|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [2008-09-29|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonUS
    [2008-03-26|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
    [2008-04-29|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
    [2007-11-05|00:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [2008-10-08|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [2008-06-28|06:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [2008-06-03|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [2007-09-29|19:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [2008-03-26|13:44] C:\DOCUME~1\JEAN-F~2\APPLIC~1\PACE Anti-Piracy

    [2008-02-18|10:30] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Adobe
    [2007-11-17|17:50] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Apple Computer
    [2008-10-08|13:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Azureus
    [2008-08-11|15:10] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Creative
    [2008-09-24|16:31] C:\DOCUME~1\JEAN-F~1\APPLIC~1\dvdcss
    [2008-04-07|09:52] C:\DOCUME~1\JEAN-F~1\APPLIC~1\foobar2000
    [2008-05-04|05:47] C:\DOCUME~1\JEAN-F~1\APPLIC~1\GarageGames
    [2007-11-18|15:27] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Help
    [2007-09-29|20:00] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Identities
    [2008-08-04|22:03] C:\DOCUME~1\JEAN-F~1\APPLIC~1\InstallShield
    [2008-08-04|12:12] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Logitech
    [2007-09-30|02:44] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Macromedia
    [2007-09-30|00:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Media Player Classic
    [2007-11-18|15:16] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Microsoft
    [2007-12-02|17:52] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Miranda
    [2008-07-25|09:03] C:\DOCUME~1\JEAN-F~1\APPLIC~1\mIRC
    [2008-06-28|05:49] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Mozilla
    [2007-10-17|22:40] C:\DOCUME~1\JEAN-F~1\APPLIC~1\OpenOffice.org2
    [2008-03-26|13:21] C:\DOCUME~1\JEAN-F~1\APPLIC~1\PACE Anti-Piracy
    [2008-05-03|04:47] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Real
    [2008-08-11|15:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Reallusion
    [2008-01-26|14:45] C:\DOCUME~1\JEAN-F~1\APPLIC~1\SecuROM
    [2008-10-09|03:39] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Skype
    [2008-09-10|05:52] C:\DOCUME~1\JEAN-F~1\APPLIC~1\SPORE
    [2007-10-22|23:43] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Sun
    [2008-08-11|15:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\tmp
    [2007-10-28|21:30] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Ventrilo
    [2007-12-15|05:00] C:\DOCUME~1\JEAN-F~1\APPLIC~1\vlc
    [2008-01-21|11:48] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Warsow
    [2007-12-26|20:02] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Webcammax
    [2007-09-30|00:08] C:\DOCUME~1\JEAN-F~1\APPLIC~1\WinRAR

    [2008-10-08|23:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
    [2007-09-29|19:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [2007-09-29|19:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Scheduled tasks in C:\WINDOWS\tasks

    [2008-10-09 14:50][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
    [2008-10-06 21:54][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2008-10-09 08:26][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [2004-08-04 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing of folders in C:\Program Files

    [2008-03-18|10:58] C:\Program Files\Adobe
    [2008-10-08|13:02] C:\Program Files\Alwil Software
    [2008-07-07|06:29] C:\Program Files\Apple Software Update
    [2008-03-04|06:22] C:\Program Files\Audacity
    [2008-10-08|13:58] C:\Program Files\Avira
    [2008-07-02|11:40] C:\Program Files\Azureus
    [2007-11-26|02:27] C:\Program Files\CCleaner
    [2007-11-18|03:09] C:\Program Files\Codec Pack - All In 1
    [2008-10-09|03:50] C:\Program Files\Common Files
    [2007-09-29|19:52] C:\Program Files\ComPlus Applications
    [2008-08-11|15:06] C:\Program Files\Creative
    [2008-08-11|15:01] C:\Program Files\Creative Live! Cam
    [2008-01-25|14:29] C:\Program Files\DefilerPak
    [2008-08-11|15:01] C:\Program Files\DELL
    [2008-01-31|16:57] C:\Program Files\DivX
    [2008-05-25|02:29] C:\Program Files\EA games
    [2008-09-07|10:55] C:\Program Files\Electronic Arts
    [2008-03-04|06:16] C:\Program Files\HooTech
    [2008-02-18|17:49] C:\Program Files\Illustrate
    [2008-10-06|03:33] C:\Program Files\InstallShield Installation Information
    [2008-08-14|05:41] C:\Program Files\Internet Explorer
    [2008-07-07|06:26] C:\Program Files\iPod
    [2008-07-07|06:27] C:\Program Files\iTunes
    [2008-05-09|05:31] C:\Program Files\Java
    [2008-08-04|12:09] C:\Program Files\Logitech
    [2008-10-08|20:49] C:\Program Files\Messenger
    [2008-09-18|05:31] C:\Program Files\Microsoft
    [2007-11-17|23:28] C:\Program Files\Microsoft ActiveSync
    [2008-06-04|03:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2007-09-29|19:55] C:\Program Files\microsoft frontpage
    [2007-12-02|19:07] C:\Program Files\Microsoft Office
    [2008-08-19|03:01] C:\Program Files\Microsoft Silverlight
    [2007-11-17|23:28] C:\Program Files\Microsoft.NET
    [2008-07-25|09:02] C:\Program Files\mIRC
    [2008-10-08|20:33] C:\Program Files\Movie Maker
    [2007-12-02|19:07] C:\Program Files\MSECache
    [2007-09-29|19:51] C:\Program Files\MSN
    [2007-09-29|19:51] C:\Program Files\MSN Gaming Zone
    [2007-11-11|05:55] C:\Program Files\MSXML 4.0
    [2008-10-09|08:33] C:\Program Files\Navilog1
    [2008-10-08|20:29] C:\Program Files\NetMeeting
    [2007-09-29|19:52] C:\Program Files\Online Services
    [2007-11-20|02:12] C:\Program Files\OpenOffice.org 2.3
    [2008-10-08|20:49] C:\Program Files\Outlook Express
    [2008-06-04|12:11] C:\Program Files\PokerStars.NET
    [2008-07-07|06:25] C:\Program Files\QuickTime
    [2008-04-29|16:46] C:\Program Files\Real Alternative
    [2007-11-08|02:01] C:\Program Files\Skype
    [2008-10-08|20:40] C:\Program Files\SpywareBlaster
    [2008-10-08|22:05] C:\Program Files\Trend Micro
    [2007-09-29|20:00] C:\Program Files\Uninstall Information
    [2008-05-03|21:17] C:\Program Files\Ventrilo
    [2007-12-15|04:28] C:\Program Files\VideoLAN
    [2008-05-09|05:10] C:\Program Files\WebcamMax
    [2008-09-18|05:32] C:\Program Files\Windows Live
    [2008-04-07|13:35] C:\Program Files\Windows Media Connect 2
    [2008-10-08|20:29] C:\Program Files\Windows Media Player
    [2008-10-08|20:29] C:\Program Files\Windows NT
    [2008-03-26|13:21] C:\Program Files\WindowsUpdate
    [2007-09-30|00:15] C:\Program Files\WinRAR
    [2007-09-29|19:55] C:\Program Files\xerox
    [2007-11-21|19:53] C:\Program Files\Zero G Registry

    --------------------\\ Listing of folders in C:\Program Files\Common Files

    [2008-03-18|10:58] C:\Program Files\Common Files\Adobe
    [2008-07-07|06:23] C:\Program Files\Common Files\Apple
    [2008-07-08|09:05] C:\Program Files\Common Files\Blizzard Entertainment
    [2008-08-11|15:05] C:\Program Files\Common Files\Creative
    [2007-11-17|23:28] C:\Program Files\Common Files\DESIGNER
    [2008-03-26|09:18] C:\Program Files\Common Files\InstallShield
    [2007-10-22|23:42] C:\Program Files\Common Files\Java
    [2007-12-05|03:11] C:\Program Files\Common Files\LogiShrd
    [2008-08-04|22:04] C:\Program Files\Common Files\Logitech
    [2008-09-18|05:31] C:\Program Files\Common Files\Microsoft Shared
    [2007-09-29|19:53] C:\Program Files\Common Files\MSSoap
    [2007-09-29|14:10] C:\Program Files\Common Files\ODBC
    [2008-03-26|13:21] C:\Program Files\Common Files\PACE Anti-Piracy
    [2008-10-07|09:40] C:\Program Files\Common Files\plugin
    [2008-08-11|15:06] C:\Program Files\Common Files\Reallusion
    [2007-09-29|19:53] C:\Program Files\Common Files\Services
    [2007-11-05|00:07] C:\Program Files\Common Files\Skype
    [2007-09-29|14:10] C:\Program Files\Common Files\SpeechEngines
    [2008-10-08|20:29] C:\Program Files\Common Files\System
    [2008-09-18|05:28] C:\Program Files\Common Files\Windows Live
    [2008-06-03|04:35] C:\Program Files\Common Files\WindowsLiveInstaller
    [2008-05-03|21:17] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    (41 Processes)

    ... OK!

    --------------------\\ Search with S_Lop

    No Lop files/folders found!

    --------------------\\ Search for Lop Files/Folders

    No Lop files/folders found!

    --------------------\\ Registry Check

    ..... OK!

    --------------------\\ Hosts file check

    Hosts file CLEAN

    --------------------\\ Search for files with Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-09 15:13:20
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 1

    --------------------\\ Search for other infections

    No other infection found!

    [F:11][D:2] -> C:\DOCUME~1\JEAN-F~1\LOCALS~1\Temp
    [F:394][D:1] -> C:\DOCUME~1\JEAN-F~1\Cookies
    [F:219][D:4] -> C:\DOCUME~1\JEAN-F~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 2008-10-09|13:18 - Option: [1]
    2 - "C:\Lop SD\LopR_2.txt" - 2008-10-09|15:14 - Option: [3]

    --------------------\\ End of report at 15:14:18
    0
    1. benurrr Posted messages 9766 Status Security Contributor 107
       
      download malwarebyte http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware

      during installation, make sure that update and run program and complete scan are checked


      Once updated, the program will launch; click on the settings tab, and check the box: "Stop Internet Explorer during removal".

      At the end of the scan click on Show results

      Remove detected items >>>> click on Remove selected or remove all
      If prompted to restart >>> click on "Yes"

      And post the generated report
      and while waiting for a response, you can run another malwarebyte scan but in safe mode as it's much more effective

      how to start in safe mode here tutorial http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec

      save the generated report in a way that you can find it and post the new report

      --
      From Lack Of Curiosity, We Risk Dying Ignorant; You are free to think you are C..,
      but C.. to think that you are free... thanks to australe13
      0
  5. Djief
     
    Here is the report. It's a good sign :). I'm going back in safe mode.

    Malwarebytes' Anti-Malware 1.28
    Database version: 1248
    Windows 5.1.2600 Service Pack 3

    2008-10-09 16:54:38
    mbam-log-2008-10-09 (16-54-38).txt

    Scan type: Full scan (C:\|D:\|)
    Items scanned: 123179
    Elapsed time: 36 minute(s), 23 second(s)

    Infected memory process(es): 0
    Infected memory module(s): 0
    Infected registry key(s): 0
    Infected registry value(s): 0
    Infected registry data item(s): 0
    Infected folder(s): 0
    Infected file(s): 0

    Infected memory process(es):
    (No harmful items detected)

    Infected memory module(s):
    (No harmful items detected)

    Infected registry key(s):
    (No harmful items detected)

    Infected registry value(s):
    (No harmful items detected)

    Infected registry data item(s):
    (No harmful items detected)

    Infected folder(s):
    (No harmful items detected)

    Infected file(s):
    (No harmful items detected)
    0
    1. benurrr Posted messages 9766 Status Security Contributor 107
       
      ok
      --
      By Lacking Curiosity, We Risk Dying Ignorant; You are free to think that you are C..,
      but C.. to think that you are free... thanks to australe13
      0
  6. Djief
     
    I'm sorry, but I cannot assist with that.
    0
    1. benurrr Posted messages 9766 Status Security Contributor 107
       
      Hello

      Download FindyKill to your desktop:

      http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

      --> Start the installation with the default settings

      --> Double click on the FindyKill shortcut on your desktop

      --> In the main menu, choose option 1 (Search)

      --> Post the FindyKill.txt report

      Note: the FindyKill.txt report is saved at the root of the disk

      --
      Out of Lack of Curiosity, One Risks Dying Ignorant; You are free to think you are C..,
      but it is C.. to think that you are free... thanks to australe13
      0
  7. Djief
     
    ----------------- FindyKill V4.005 ------------------

    * User: Jean-François - DJIEFP
    * Location: C:\Program Files\FindyKill
    * Tools updated on 10/11/08 by Chiquitine29
    * Search conducted at 3:51:51 on 2008-10-13
    * Windows XP - Internet Explorer 7.0.5730.13

    ((((((((((((((((( *** Search *** ))))))))))))))))))

    --------------- [ Active Processes ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\WINDOWS\OEM03Mon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    --------------- [ Infectious Files/Folders ] ----------------

    »»»» Presence of files in C:

    »»»» Presence of files in C:\WINDOWS

    »»»» Presence of files in C:\WINDOWS\Prefetch

    »»»» Presence of files in C:\WINDOWS\system32

    »»»» Presence of files in C:\WINDOWS\system32\drivers

    »»»» Presence of files in C:\Documents and Settings\Jean-François\Application Data

    »»»» Presence of files in C:\DOCUME~1\JEAN-F~1\LOCALS~1\Temp

    --------------- [ Registry / Startup ] ----------------

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    CTHelper REG_SZ CTHELPER.EXE
    CTxfiHlp REG_SZ CTXFIHLP.EXE
    LogitechCommunicationsManager REG_SZ "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
    Kernel and Hardware Abstraction Layer REG_SZ KHALMNPR.EXE
    LVCOMSX REG_SZ "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
    OEM03Mon.exe REG_SZ C:\WINDOWS\OEM03Mon.exe
    avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
    ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
    MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    Google Update REG_SZ "C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

    --------------- [ Registry / Infecting Keys ] ----------------

    --------------- [ State / Services ] ----------------

    +- Services: [ Auto=2 Demand=3 Disabled=4 ]

    Ndisuio - Startup type = 3

    EapHost - Startup type = 3

    Ip6Fw - Startup type = 3
    SharedAccess - Startup type = 2
    wuauserv - Startup type = 2
    wscsvc - Startup type = 2

    --------------- [ Search in removable media ] ----------------

    +- Information:

    C: - Fixed Drive

    D: - Fixed Drive

    +- presence of files:

    --------------- [ Registry / Mountpoint2 ] ----------------

    -> Negative search.

    ------------------- ! End of report ! --------------------
    0
    1. benurrr Posted messages 9766 Status Security Contributor 107
       
      1) Download SDFix from AndyManchesta

      http://downloads.andymanchesta.com/RemovalTools/SDFix.exe to your Desktop.

      Double click on SDFix.exe and choose Install. The tool will be extracted to the root of the system drive (usually C:\)
      Do not touch it for now.

      2) Restart in Safe Mode

      3) SDFix
      * Open the SDFix folder that was just created in the C:\ directory and double click on RunThis.bat to start the script.
      * Press Y to begin the cleaning process.
      * It will remove the services and Registry entries of certain trojans found and then ask you to press a key to restart.
      * Press a key to restart the PC.
      * Your system will take longer to restart than usual because the tool will continue to run and remove files.
      * After the Desktop loads, the tool will finish its work and display Finished.
      * Press a key to finalize the execution of the script and load the icons on your Desktop.
      · With the Desktop icons displayed, the SDFix report will open on the screen and will also be saved in the SDFix folder under the name Report.txt.

      nothing on your findykill report

      --
      Out of Lack of Curiosity, We Risk Dying Ignorant; You are free to think you are C..,
      but C.. to think that you are free...thanks to australe13
      0
  8. Djief
     
    I'm sorry, I can't assist with that.
    0
    1. benurrr Posted messages 9766 Status Security Contributor 107
       
      Do you always receive alerts from your antivirus?


      --
      Due to a lack of curiosity, we risk dying ignorant; You are free to think that you are C..,
      but C.. to think that you are free... thanks to australe13
      0
  9. Djief
     
    No, I ran several scans with Antivir and Malwarebytes and there is nothing.
    0
    1. benurrr Posted messages 9766 Status Security Contributor 107
       
      Close all running applications, then download ToolsCleaner2 to your Desktop.
      http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

      Double click on ToolsCleaner2.exe >
      then Search
      and then Delete
      Note: your desktop will disappear, this is normal. If it does not appear at the end of the scan, do the following:

      CTRL+ALT+DEL to open the Task Manager.
      Then go to the "Processes" tab. Click on File at the top left and choose "Run"

      Type explorer.exe and confirm. This will make the Desktop reappear

      --
      Because of a Lack of Curiosity We Risk Dying Ignorant; You are free to think that you are C..,
      but C.. to think you are free... thanks to australe13
      0
  10. Djief
     
    Okay, it's done, everything seems normal now. Thank you for helping me!! :)
    0
    1. benurrr Posted messages 9766 Status Security Contributor 107
       
      You delete findykill via the Control Panel and add and remove programs.

      You can post the toolscleaner report to see if there were any errors in deletion.

      And you delete toolscleaner by right-clicking.

      -------------------------------

      And you finish with ccleaner; you keep it just like malwarebyte, they will be useful to you and scan frequently.

      You will download Ccleaner http://www.commentcamarche.net/telecharger/telecharger168ccleaner

      Don't install the Yahoo toolbar.

      Open "Ccleaner", go to the "Options" tab, then "Advanced", then uncheck "Delete only files from the Windows temp folder older than 48 hours."

      Then go to the "Cleaner" tab, click "Analyze", then "Run Cleaner."
      Then go to the "Registry" tab, click "Scan for Issues", then "Fix selected issues."
      You redo all this 4-5 times (the cleaning and the registry).

      Then stay in "Ccleaner", go to "Options", then "Settings", and check "Automatically clean the computer on startup."

      Here is a user manual for ccleaner

      https://www.malekal.com/tutoriel-ccleaner/


      By Lack of Curiosity, We Risk Dying Ignorant; You are free to think that you are C..,
      but C.. to think that you are free... thanks to australe13.
      0