Jump to content

JFRodrigue

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

Reputation

0 Neutral
  1. JFRodrigue
    Thank you for the link. I re-did everything I previously did, and added some new tools like you SpywareBlaster. I guess we will see if the problem comes up again soon enough. Thanks again.
  2. JFRodrigue
    I'll repeat the process we just did, and see if I can get something out of it. BTW, the tutorial link for SpywareBlater get me a page saying "[#404] Sorry, we could not locate the page you are requesting to view. Please click here to return back to the forum's home". Anyway, thanks for your time.
  3. JFRodrigue
    I spoke too soon log: 2012/07/13 07:41:19 -0400 PCJF MESSAGE Starting protection 2012/07/13 07:41:25 -0400 PCJF Jean-François MESSAGE Protection started successfully 2012/07/13 07:41:28 -0400 PCJF Jean-François MESSAGE Starting IP protection 2012/07/13 07:41:29 -0400 PCJF Jean-François MESSAGE IP Protection started successfully 2012/07/13 09:20:09 -0400 PCJF Jean-François IP-BLOCK 93.190.141.104 (Type: outgoing) 2012/07/13 09:20:12 -0400 PCJF Jean-François IP-BLOCK 93.190.141.104 (Type: outgoing) 2012/07/13 09:20:18 -0400 PCJF Jean-François IP-BLOCK 93.190.141.104 (Type: outgoing) 2012/07/13 09:20:30 -0400 PCJF Jean-François IP-BLOCK 93.190.141.104 (Type: outgoing) 2012/07/13 09:20:33 -0400 PCJF Jean-François IP-BLOCK 93.190.141.104 (Type: outgoing) 2012/07/13 09:20:39 -0400 PCJF Jean-François IP-BLOCK 93.190.141.104 (Type: outgoing)
  4. JFRodrigue
    That did the trick! Also, I haven't had any other outgoing IP block messages... So far so good. Thanks.
  5. JFRodrigue
    I even reloaded Combofix from the original site (after 2 more unsuccessful attempts) on my desktop, and copy/pasted what you asked me to write down in the run box, but it still said (translated from french): "Windows can not find 'combofix'. Make sure you have entered the name correctly and try again. To find a file, click on Start, then Search." For a reason or another, Windows can't find it despite it being on my desktop and my copy/pasting of the exact thing to run. I don't know what is going on...
  6. JFRodrigue
    I finally managed to run TFC by going Safe Mode with it. As for uninstalling Combofix using the command you suggested, apparently Windows can't find it. Apart from that all seems to be fine.
  7. JFRodrigue
    I must be doing something wrong because the software seem to go on forever without any hint of progress. Like an infinite loop that I can't stop even with ctrl+alt+del. I had to force shut-down after more than an hour of TFC apparently doing nothing and I did close all applications like you asked. Any idea what it could be?
  8. JFRodrigue
    Hum... looks like it is now forbidden to access the link... Do you have another?
  9. JFRodrigue
    For the moment I can't seem to access the link you provided, but I will retry later. Thanks for the support tho.
  10. JFRodrigue
    ESET: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=03e91cf9d474ce42949c8ac5cd8c812a # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-07-06 08:49:45 # local_time=2012-07-06 04:49:45 (-0500, Est (heure d'été)) # country="Canada" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=95607 # found=2 # cleaned=2 # scan_time=1726 C:\Documents and Settings\Jean-François\Mes documents\Downloads\cnet2_20080227134154468_ML-2240_32bit_exe (1).exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Jean-François\Mes documents\Downloads\cnet2_20080227134154468_ML-2240_32bit_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Checkup: Results of screen317's Security Check version 0.99.42 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` avast! Free Antivirus ESET Online Scanner v3 `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Adobe Reader X (10.1.3) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! ````````````````````End of Log``````````````````````
  11. JFRodrigue
    Done... ComboFix: ComboFix 12-07-02.01 - Jean-François 2012-07-03 19:09:51.1.4 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.3575.2755 [GMT -4:00] LancÉ depuis: c:\documents and settings\Jean-Franþois\Bureau\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\dllcache\dlimport.exe . c:\windows\system32\drivers\i8042prt.sys Était absent Copie restaurÉe à partir de - c:\windows\ServicePackFiles\i386\i8042prt.sys . . ((((((((((((((((((((((((((((( Fichiers crÉÉs du 2012-06-03 au 2012-07-03 )))))))))))))))))))))))))))))))))))) . . 2012-06-22 23:03 . 2012-06-22 23:03 -------- d-----r- C:\MSOCache 2012-06-22 22:38 . 2012-06-22 22:38 -------- d-----w- C:\Temp . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-02 19:19 . 2004-08-05 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-05-31 13:22 . 2004-08-05 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:06 . 2004-08-05 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:55 . 2004-08-05 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:40 . 2004-08-05 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:40 . 2004-08-05 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2004-08-05 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:15 . 2004-08-05 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2004-08-04 00:49 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ÉlÉments vides & les ÉlÉments initiaux lÉgitimes ne sont pas listÉs REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-06-28 12:51 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\documents and settings\Jean-François\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-28 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-28 13925480] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2011-05-06 41101936] "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-06-28 4273976] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Documents and Settings\\Jean-François\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Documents and Settings\\Jean-François\\Bureau\\GW2\\Gw2 (1).exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1059:TCP"= 1059:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-06-22 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-06-22 353688] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-06-22 21256] R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [2012-02-13 193816] R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2011-03-29 88688] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-06-22 654408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-06-22 22344] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-06-22 2799728] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [2012-02-13 240408] . --- Autres Services/Pilotes en mÉmoire --- . *NewlyCreated* - WS2IFSL . Contenu du dossier 'Tâches planifiÉes' . 2012-07-03 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-29 12:51] . . ------- Examen supplÉmentaire ------- . uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 24.201.245.77 24.200.0.1 24.53.0.2 . - - - - ORPHELINS SUPPRIMES - - - - . AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-03 19:15 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachÉs ... . Recherche d'ÉlÉments en dÉmarrage automatique cachÉs ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? . Recherche de fichiers cachÉs ... . Scan terminÉ avec succès Fichiers cachÉs: 0 . ************************************************************************** . --------------------- DLLs chargÉes dans les processus actifs --------------------- . - - - - - - - > 'explorer.exe'(2536) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe . ************************************************************************** . Heure de fin: 2012-07-03 19:17:30 - La machine a redÉmarrÉ ComboFix-quarantined-files.txt 2012-07-03 23:17 . Avant-CF: 900 397 277 184 octets libres Après-CF: 900 857 872 384 octets libres . WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect . - - End Of File - - 369D9667B783BEF544A403BFBB4D00AE DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Jean-François at 19:18:35 on 2012-07-03 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.3575.3080 [GMT -4:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\KaraokeSer.exe C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Documents and Settings\Jean-François\Local Settings\Application Data\Akamai\netsession_win.exe C:\Documents and Settings\Jean-François\Local Settings\Application Data\Akamai\netsession_win.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll" TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Akamai NetSession Interface] "c:\documents and settings\jean-françois\local settings\application data\akamai\netsession_win.exe" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1 mRun: [six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -b mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340397774640 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340397911281 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-22 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-22 353688] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-22 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-22 44808] R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816] R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2011-3-29 88688] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-22 654408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-22 22344] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-6-22 2799728] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408] . =============== Created Last 30 ================ . 2012-07-03 23:11:44 54144 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys 2012-07-03 23:11:44 54144 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2012-07-03 23:09:18 -------- d-sha-r- C:\cmdcons 2012-07-03 23:08:04 98816 ----a-w- c:\windows\sed.exe 2012-07-03 23:08:04 518144 ----a-w- c:\windows\SWREG.exe 2012-07-03 23:08:04 256000 ----a-w- c:\windows\PEV.exe 2012-07-03 23:08:04 208896 ----a-w- c:\windows\MBR.exe 2012-07-03 23:08:01 -------- d-----w- C:\ComboFix 2012-06-29 18:07:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-25 11:20:23 -------- d-----w- c:\documents and settings\jean-françois\local settings\application data\Temp 2012-06-25 11:20:23 -------- d-----w- c:\documents and settings\jean-françois\local settings\application data\Adobe 2012-06-23 15:30:40 -------- d-----w- c:\program files\Ventrilo 2012-06-23 15:30:26 -------- d-----w- c:\program files\fichiers communs\Wise Installation Wizard 2012-06-23 13:14:57 -------- d-----w- c:\program files\Windows Media Connect 2 2012-06-23 13:14:02 -------- d-----w- c:\windows\system32\LogFiles 2012-06-23 01:36:48 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2012-06-23 01:36:37 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-06-23 01:36:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-06-23 01:36:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-06-23 01:36:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-06-23 01:36:36 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-23 01:36:36 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-06-23 01:36:36 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-06-23 01:35:27 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-06-23 01:35:27 3072 ------w- c:\windows\system32\iacenc.dll 2012-06-23 01:34:05 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2012-06-23 01:34:01 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2012-06-23 01:33:41 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2012-06-23 01:32:02 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2012-06-23 01:31:52 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2012-06-23 01:31:41 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll 2012-06-23 01:31:31 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll 2012-06-23 01:31:31 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2012-06-23 01:31:14 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2012-06-23 01:30:47 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2012-06-23 01:30:30 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2012-06-23 01:29:03 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2012-06-23 01:29:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2012-06-23 01:28:31 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll 2012-06-23 01:27:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2012-06-23 01:25:35 272768 -c----w- c:\windows\system32\dllcache\bthport.sys 2012-06-23 01:25:32 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2012-06-23 01:25:04 -------- d-----w- c:\windows\system32\PreInstall 2012-06-23 01:25:03 -------- d--h--w- c:\windows\$hf_mig$ 2012-06-23 01:23:39 25112 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-23 01:23:38 19480 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-23 01:23:38 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-23 01:23:37 16408 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-23 01:23:37 -------- d-----w- c:\windows\system32\SoftwareDistribution 2012-06-23 01:22:44 -------- d-sh--w- c:\documents and settings\jean-françois\PrivacIE 2012-06-23 01:21:45 -------- d-sh--w- c:\documents and settings\jean-françois\IETldCache 2012-06-23 01:19:41 -------- d-----w- c:\program files\Microsoft 2012-06-23 01:18:30 -------- dc-h--w- c:\windows\ie8 2012-06-23 01:18:24 -------- d--h--w- c:\windows\msdownld.tmp 2012-06-23 01:10:46 -------- d-----w- c:\windows\ServicePackFiles 2012-06-23 01:10:41 294912 ------w- c:\program files\windows media player\dlimport.exe 2012-06-23 01:08:46 19569 ----a-w- c:\windows\002619_.tmp 2012-06-23 01:07:20 -------- d-----w- c:\windows\EHome 2012-06-23 00:16:32 -------- d-----w- c:\documents and settings\jean-françois\local settings\application data\Chromium 2012-06-23 00:00:04 -------- d-----w- c:\program files\GUILD WARS 2012-06-22 23:38:58 -------- d-----w- c:\documents and settings\jean-françois\local settings\application data\Akamai 2012-06-22 23:07:11 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll 2012-06-22 23:07:11 30512 ----a-w- c:\windows\system32\mdimon.dll 2012-06-22 23:07:05 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll 2012-06-22 23:07:05 32592 ----a-w- c:\windows\system32\msonpmon.dll 2012-06-22 23:04:30 -------- d-----w- c:\windows\SHELLNEW 2012-06-22 23:04:15 -------- d-----w- c:\documents and settings\jean-françois\local settings\application data\Microsoft Help 2012-06-22 21:42:50 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-06-22 21:42:27 41224 ----a-w- c:\windows\avastSS.scr 2012-06-22 21:42:15 -------- d-----w- c:\program files\AVAST Software 2012-06-22 21:42:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2012-06-22 21:36:28 -------- d-----w- c:\documents and settings\jean-françois\application data\Malwarebytes 2012-06-22 21:36:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-22 21:36:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-22 21:36:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-06-22 21:33:19 -------- d-----w- c:\documents and settings\jean-françois\local settings\application data\Google . ==================== Find3M ==================== . 2012-06-22 20:29:01 234112 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-06-22 20:29:01 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-06-22 20:28:59 234112 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-05-31 13:22:03 606208 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:06:36 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:55:57 1863296 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:40:43 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:40:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:14 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:15:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 19:18:43,00 ===============
  12. JFRodrigue
    Sorry, I gave you the wrong protection logs... 2012/06/29 01:00:54 -0400 PCJF Jean-François MESSAGE Starting database refresh 2012/06/29 01:00:54 -0400 PCJF Jean-François MESSAGE Stopping IP protection 2012/06/29 01:00:54 -0400 PCJF Jean-François MESSAGE IP Protection stopped 2012/06/29 01:00:58 -0400 PCJF Jean-François MESSAGE Database refreshed successfully 2012/06/29 01:00:58 -0400 PCJF Jean-François MESSAGE Starting IP protection 2012/06/29 01:01:01 -0400 PCJF Jean-François MESSAGE IP Protection started successfully 2012/06/29 06:42:02 -0400 PCJF MESSAGE Starting protection 2012/06/29 06:42:07 -0400 PCJF Jean-François MESSAGE Protection started successfully 2012/06/29 06:42:10 -0400 PCJF Jean-François MESSAGE Starting IP protection 2012/06/29 06:42:12 -0400 PCJF Jean-François MESSAGE IP Protection started successfully 2012/06/29 08:11:43 -0400 PCJF Jean-François IP-BLOCK 121.10.115.133 (Type: incoming) 2012/06/29 09:32:47 -0400 PCJF Jean-François IP-BLOCK 122.224.5.223 (Type: incoming) 2012/06/29 10:57:23 -0400 PCJF Jean-François IP-BLOCK 218.10.18.112 (Type: incoming) 2012/06/29 13:36:01 -0400 PCJF Jean-François IP-BLOCK 60.173.8.169 (Type: incoming) 2012/06/29 13:57:20 -0400 PCJF Jean-François MESSAGE Starting database refresh 2012/06/29 13:57:20 -0400 PCJF Jean-François MESSAGE Stopping IP protection 2012/06/29 13:57:20 -0400 PCJF Jean-François MESSAGE IP Protection stopped 2012/06/29 13:57:23 -0400 PCJF Jean-François MESSAGE Database refreshed successfully 2012/06/29 13:57:23 -0400 PCJF Jean-François MESSAGE Starting IP protection 2012/06/29 13:57:26 -0400 PCJF Jean-François MESSAGE IP Protection started successfully 2012/06/29 14:03:35 -0400 PCJF MESSAGE Starting protection 2012/06/29 14:03:41 -0400 PCJF Jean-François MESSAGE Protection started successfully 2012/06/29 14:03:44 -0400 PCJF Jean-François MESSAGE Starting IP protection 2012/06/29 14:03:45 -0400 PCJF Jean-François MESSAGE IP Protection started successfully 2012/06/29 14:25:50 -0400 PCJF Jean-François IP-BLOCK 208.73.210.29 (Type: outgoing) 2012/06/29 14:25:53 -0400 PCJF Jean-François IP-BLOCK 208.73.210.29 (Type: outgoing) 2012/06/29 14:25:59 -0400 PCJF Jean-François IP-BLOCK 208.73.210.29 (Type: outgoing) 2012/06/29 14:26:11 -0400 PCJF Jean-François IP-BLOCK 208.73.210.29 (Type: outgoing) 2012/06/29 14:26:14 -0400 PCJF Jean-François IP-BLOCK 208.73.210.29 (Type: outgoing) 2012/06/29 14:26:20 -0400 PCJF Jean-François IP-BLOCK 208.73.210.29 (Type: outgoing) 2012/06/29 17:07:22 -0400 PCJF Jean-François IP-BLOCK 222.186.52.188 (Type: incoming) 2012/06/29 20:25:59 -0400 PCJF Jean-François MESSAGE Executing scheduled update: Daily 2012/06/29 20:26:06 -0400 PCJF Jean-François MESSAGE Starting database refresh 2012/06/29 20:26:06 -0400 PCJF Jean-François MESSAGE Scheduled update executed successfully: database updated from version v2012.06.29.08 to version v2012.06.29.12 2012/06/29 20:26:06 -0400 PCJF Jean-François MESSAGE Stopping IP protection 2012/06/29 20:26:06 -0400 PCJF Jean-François MESSAGE IP Protection stopped 2012/06/29 20:26:09 -0400 PCJF Jean-François MESSAGE Database refreshed successfully 2012/06/29 20:26:09 -0400 PCJF Jean-François MESSAGE Starting IP protection 2012/06/29 20:26:11 -0400 PCJF Jean-François MESSAGE IP Protection started successfully 2012/06/29 20:30:02 -0400 PCJF Jean-François IP-BLOCK 77.222.40.20 (Type: incoming) AND 2012/07/01 06:32:32 -0400 PCJF Jean-François IP-BLOCK 122.224.5.223 (Type: incoming) 2012/07/01 06:55:39 -0400 PCJF Jean-François IP-BLOCK 222.186.13.35 (Type: incoming) 2012/07/01 11:04:18 -0400 PCJF Jean-François IP-BLOCK 109.163.229.165 (Type: outgoing) 2012/07/01 11:04:21 -0400 PCJF Jean-François IP-BLOCK 109.163.229.165 (Type: outgoing) 2012/07/01 11:04:27 -0400 PCJF Jean-François IP-BLOCK 109.163.229.165 (Type: outgoing) 2012/07/01 11:04:39 -0400 PCJF Jean-François IP-BLOCK 109.163.229.165 (Type: outgoing) 2012/07/01 11:04:42 -0400 PCJF Jean-François IP-BLOCK 109.163.229.165 (Type: outgoing) 2012/07/01 11:04:48 -0400 PCJF Jean-François IP-BLOCK 109.163.229.165 (Type: outgoing) 2012/07/01 11:14:27 -0400 PCJF Jean-François MESSAGE Starting database refresh 2012/07/01 11:14:27 -0400 PCJF Jean-François MESSAGE Stopping IP protection 2012/07/01 11:14:28 -0400 PCJF Jean-François MESSAGE IP Protection stopped 2012/07/01 11:14:31 -0400 PCJF Jean-François MESSAGE Database refreshed successfully 2012/07/01 11:14:31 -0400 PCJF Jean-François MESSAGE Starting IP protection 2012/07/01 11:14:35 -0400 PCJF Jean-François MESSAGE IP Protection started successfully 2012/07/01 13:43:53 -0400 PCJF Jean-François IP-BLOCK 60.173.8.174 (Type: incoming) 2012/07/01 20:23:50 -0400 PCJF Jean-François MESSAGE Executing scheduled update: Daily 2012/07/01 20:23:55 -0400 PCJF Jean-François MESSAGE Scheduled update executed successfully: database updated from version v2012.07.01.06 to version v2012.07.01.08 2012/07/01 20:23:55 -0400 PCJF Jean-François MESSAGE Starting database refresh 2012/07/01 20:23:55 -0400 PCJF Jean-François MESSAGE Stopping IP protection 2012/07/01 20:23:55 -0400 PCJF Jean-François MESSAGE IP Protection stopped 2012/07/01 20:23:59 -0400 PCJF Jean-François MESSAGE Database refreshed successfully 2012/07/01 20:23:59 -0400 PCJF Jean-François MESSAGE Starting IP protection 2012/07/01 20:24:02 -0400 PCJF Jean-François MESSAGE IP Protection started successfully Thanks for your patience.
  13. JFRodrigue
    Thank you. Here are the infos you wanted: MBAM: Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.03.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Jean-François :: PCJF [administrator] Protection: Enabled 2012-07-03 17:08:48 mbam-log-2012-07-03 (17-08-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 185208 Time elapsed: 2 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Protection log: 2012/07/03 05:15:10 -0400 PCJF MESSAGE Starting protection 2012/07/03 05:15:16 -0400 PCJF Jean-François MESSAGE Protection started successfully 2012/07/03 05:15:19 -0400 PCJF Jean-François MESSAGE Starting IP protection 2012/07/03 05:15:21 -0400 PCJF Jean-François MESSAGE IP Protection started successfully 2012/07/03 17:08:24 -0400 PCJF Jean-François MESSAGE Starting database refresh 2012/07/03 17:08:24 -0400 PCJF Jean-François MESSAGE Stopping IP protection 2012/07/03 17:08:24 -0400 PCJF Jean-François MESSAGE IP Protection stopped 2012/07/03 17:08:27 -0400 PCJF Jean-François MESSAGE Database refreshed successfully 2012/07/03 17:08:27 -0400 PCJF Jean-François MESSAGE Starting IP protection 2012/07/03 17:08:31 -0400 PCJF Jean-François MESSAGE IP Protection started successfully DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Jean-François at 17:17:01 on 2012-07-03 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.3575.2824 [GMT -4:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Jean-François\Local Settings\Application Data\Akamai\netsession_win.exe C:\Documents and Settings\Jean-François\Local Settings\Application Data\Akamai\netsession_win.exe svchost.exe C:\WINDOWS\system32\KaraokeSer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVAST Software\Avast\setup\avast.setup C:\Documents and Settings\Jean-François\Bureau\DDS\dds.scr . ============== Pseudo HJT Report =============== . uWindow Title = Internet Explorer, optimized for Bing and MSN uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll" TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\jean-françois\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Akamai NetSession Interface] "c:\documents and settings\jean-françois\local settings\application data\akamai\netsession_win.exe" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1 mRun: [six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -b mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340397774640 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340397911281 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-22 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-22 353688] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-22 21256] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-22 44808] R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2011-3-29 88688] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-22 654408] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-22 22344] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-6-22 2799728] S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] . =============== Created Last 30 ================ . 2012-06-29 18:07:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-23 15:30:52 -------- d-----w- c:\documents and settings\jean-françois\application data\Ventrilo 2012-06-23 15:30:40 -------- d-----w- c:\program files\Ventrilo 2012-06-23 15:30:26 -------- d-----w- c:\program files\fichiers communs\Wise Installation Wizard 2012-06-23 13:14:57 -------- d-----w- c:\program files\Windows Media Connect 2 2012-06-23 13:14:02 -------- d-----w- c:\windows\system32\LogFiles 2012-06-23 01:36:48 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2012-06-23 01:36:37 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2012-06-23 01:36:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2012-06-23 01:36:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-06-23 01:36:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-06-23 01:36:36 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-23 01:36:36 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll 2012-06-23 01:36:36 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-06-23 01:35:27 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-06-23 01:35:27 3072 ------w- c:\windows\system32\iacenc.dll 2012-06-23 01:34:05 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2012-06-23 01:34:01 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2012-06-23 01:33:41 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2012-06-23 01:32:02 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2012-06-23 01:31:52 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2012-06-23 01:31:41 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll 2012-06-23 01:31:31 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll 2012-06-23 01:31:31 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2012-06-23 01:31:14 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2012-06-23 01:30:47 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2012-06-23 01:30:30 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2012-06-23 01:29:03 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2012-06-23 01:29:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2012-06-23 01:28:31 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll 2012-06-23 01:27:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2012-06-23 01:25:35 272768 -c----w- c:\windows\system32\dllcache\bthport.sys 2012-06-23 01:25:32 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2012-06-23 01:25:04 -------- d-----w- c:\windows\system32\PreInstall 2012-06-23 01:25:03 -------- d--h--w- c:\windows\$hf_mig$ 2012-06-23 01:23:39 25112 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-23 01:23:38 19480 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-23 01:23:38 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-23 01:23:37 16408 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-23 01:23:37 -------- d-----w- c:\windows\system32\SoftwareDistribution 2012-06-23 01:22:44 -------- d-sh--w- c:\documents and settings\jean-françois\PrivacIE 2012-06-23 01:21:45 -------- d-sh--w- c:\documents and settings\jean-françois\IETldCache 2012-06-23 01:19:41 -------- d-----w- c:\program files\Microsoft 2012-06-23 01:18:30 -------- dc-h--w- c:\windows\ie8 2012-06-23 01:18:24 -------- d--h--w- c:\windows\msdownld.tmp 2012-06-23 01:10:46 -------- d-----w- c:\windows\ServicePackFiles 2012-06-23 01:10:41 294912 ------w- c:\program files\windows media player\dlimport.exe 2012-06-23 01:10:38 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe 2012-06-23 01:08:46 19569 ----a-w- c:\windows\002619_.tmp 2012-06-23 01:07:20 -------- d-----w- c:\windows\EHome 2012-06-23 00:00:04 -------- d-----w- c:\program files\GUILD WARS 2012-06-22 23:07:11 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll 2012-06-22 23:07:11 30512 ----a-w- c:\windows\system32\mdimon.dll 2012-06-22 23:07:05 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll 2012-06-22 23:07:05 32592 ----a-w- c:\windows\system32\msonpmon.dll 2012-06-22 23:04:30 -------- d-----w- c:\windows\SHELLNEW 2012-06-22 21:42:50 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-06-22 21:42:27 41224 ----a-w- c:\windows\avastSS.scr 2012-06-22 21:42:15 -------- d-----w- c:\program files\AVAST Software 2012-06-22 21:42:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2012-06-22 21:36:28 -------- d-----w- c:\documents and settings\jean-françois\application data\Malwarebytes 2012-06-22 21:36:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-22 21:36:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-22 21:36:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-06-22 21:35:56 -------- d-----w- c:\documents and settings\jean-françois\application data\Macromedia 2012-06-22 21:35:56 -------- d-----w- c:\documents and settings\jean-françois\application data\Adobe . ==================== Find3M ==================== . 2012-06-22 20:29:01 234112 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-06-22 20:29:01 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-06-22 20:28:59 234112 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-05-31 13:22:03 606208 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:06:36 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:55:57 1863296 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:40:43 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:40:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:14 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:15:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 17:17:14,14 ===============
  14. JFRodrigue
    I've recently formated my hard drive because I couldn't restart, manually or not, the services that would let me activate any antivirus/antimalware protection. Yet, even if, after that, I could use Avast (Free) and MalwareBytes (Pro) I could still see a message from MalwareBytes telling me that it had block an IP address type outgoing (208.73.210.29). Am I to understand that something malicious was installed somewhere else than on my hard drive? And if yes, what are my options? I join the files you ask us to provide. Thanks a lot for the time. I really don't know what else to do. I always thought format was the ultimate solution to all my computer problems, but that seem to not be the case. JF dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.