JFRodrigue
-
Posts
14 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JFRodrigue
-
-
I'll repeat the process we just did, and see if I can get something out of it.
BTW, the tutorial link for SpywareBlater get me a page saying "[#404] Sorry, we could not locate the page you are requesting to view. Please click here to return back to the forum's home".
Anyway, thanks for your time.
-
I spoke too soon
log:
2012/07/13 07:41:19 -0400 PCJF MESSAGE Starting protection
2012/07/13 07:41:25 -0400 PCJF Jean-François MESSAGE Protection started successfully
2012/07/13 07:41:28 -0400 PCJF Jean-François MESSAGE Starting IP protection
2012/07/13 07:41:29 -0400 PCJF Jean-François MESSAGE IP Protection started successfully
2012/07/13 09:20:09 -0400 PCJF Jean-François IP-BLOCK 93.190.141.104 (Type: outgoing)
2012/07/13 09:20:12 -0400 PCJF Jean-François IP-BLOCK 93.190.141.104 (Type: outgoing)
2012/07/13 09:20:18 -0400 PCJF Jean-François IP-BLOCK 93.190.141.104 (Type: outgoing)
2012/07/13 09:20:30 -0400 PCJF Jean-François IP-BLOCK 93.190.141.104 (Type: outgoing)
2012/07/13 09:20:33 -0400 PCJF Jean-François IP-BLOCK 93.190.141.104 (Type: outgoing)
2012/07/13 09:20:39 -0400 PCJF Jean-François IP-BLOCK 93.190.141.104 (Type: outgoing)
-
That did the trick!
Also, I haven't had any other outgoing IP block messages... So far so good.
Thanks.
-
I even reloaded Combofix from the original site (after 2 more unsuccessful attempts) on my desktop, and copy/pasted what you asked me to write down in the run box, but it still said (translated from french): "Windows can not find 'combofix'. Make sure you have entered the name correctly and try again. To find a file, click on Start, then Search." For a reason or another, Windows can't find it despite it being on my desktop and my copy/pasting of the exact thing to run. I don't know what is going on...
-
I finally managed to run TFC by going Safe Mode with it. As for uninstalling Combofix using the command you suggested, apparently Windows can't find it. Apart from that all seems to be fine.
-
I must be doing something wrong because the software seem to go on forever without any hint of progress. Like an infinite loop that I can't stop even with ctrl+alt+del. I had to force shut-down after more than an hour of TFC apparently doing nothing and I did close all applications like you asked. Any idea what it could be?
-
Hum... looks like it is now forbidden to access the link... Do you have another?
-
For the moment I can't seem to access the link you provided, but I will retry later. Thanks for the support tho.
-
ESET:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=03e91cf9d474ce42949c8ac5cd8c812a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-06 08:49:45
# local_time=2012-07-06 04:49:45 (-0500, Est (heure d'été))
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=95607
# found=2
# cleaned=2
# scan_time=1726
C:\Documents and Settings\Jean-François\Mes documents\Downloads\cnet2_20080227134154468_ML-2240_32bit_exe (1).exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jean-François\Mes documents\Downloads\cnet2_20080227134154468_ML-2240_32bit_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Checkup:
Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
avast! Free Antivirus
ESET Online Scanner v3
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon!
````````````````````End of Log``````````````````````
-
Done...
ComboFix:
ComboFix 12-07-02.01 - Jean-François 2012-07-03 19:09:51.1.4 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.3575.2755 [GMT -4:00]
LancÉ depuis: c:\documents and settings\Jean-Franþois\Bureau\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
.
c:\windows\system32\drivers\i8042prt.sys Était absent
Copie restaurÉe à partir de - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((((((( Fichiers crÉÉs du 2012-06-03 au 2012-07-03 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-22 23:03 . 2012-06-22 23:03 -------- d-----r- C:\MSOCache
2012-06-22 22:38 . 2012-06-22 22:38 -------- d-----w- C:\Temp
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 19:19 . 2004-08-05 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-05-31 13:22 . 2004-08-05 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:06 . 2004-08-05 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2004-08-05 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2004-08-05 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2004-08-05 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-05 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:15 . 2004-08-05 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-04 00:49 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ÉlÉments vides & les ÉlÉments initiaux lÉgitimes ne sont pas listÉs
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Jean-François\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-28 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-28 13925480]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2011-05-06 41101936]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-06-28 4273976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Documents and Settings\\Jean-François\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Documents and Settings\\Jean-François\\Bureau\\GW2\\Gw2 (1).exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1059:TCP"= 1059:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-06-22 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-06-22 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-06-22 21256]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [2012-02-13 193816]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2011-03-29 88688]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-06-22 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-06-22 22344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-06-22 2799728]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [2012-02-13 240408]
.
--- Autres Services/Pilotes en mÉmoire ---
.
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiÉes'
.
2012-07-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-29 12:51]
.
.
------- Examen supplÉmentaire -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.201.245.77 24.200.0.1 24.53.0.2
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-03 19:15
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachÉs ...
.
Recherche d'ÉlÉments en dÉmarrage automatique cachÉs ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
Recherche de fichiers cachÉs ...
.
Scan terminÉ avec succès
Fichiers cachÉs: 0
.
**************************************************************************
.
--------------------- DLLs chargÉes dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(2536)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Heure de fin: 2012-07-03 19:17:30 - La machine a redÉmarrÉ
ComboFix-quarantined-files.txt 2012-07-03 23:17
.
Avant-CF: 900 397 277 184 octets libres
Après-CF: 900 857 872 384 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - 369D9667B783BEF544A403BFBB4D00AE
DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jean-François at 19:18:35 on 2012-07-03
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.3575.3080 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\KaraokeSer.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Akamai NetSession Interface] "c:\documents and settings\jean-françois\local settings\application data\akamai\netsession_win.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -b
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340397774640
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340397911281
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-22 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-22 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-22 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-22 44808]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2011-3-29 88688]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-22 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-22 22344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-6-22 2799728]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
.
=============== Created Last 30 ================
.
2012-07-03 23:11:44 54144 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-07-03 23:11:44 54144 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-07-03 23:09:18 -------- d-sha-r- C:\cmdcons
2012-07-03 23:08:04 98816 ----a-w- c:\windows\sed.exe
2012-07-03 23:08:04 518144 ----a-w- c:\windows\SWREG.exe
2012-07-03 23:08:04 256000 ----a-w- c:\windows\PEV.exe
2012-07-03 23:08:04 208896 ----a-w- c:\windows\MBR.exe
2012-07-03 23:08:01 -------- d-----w- C:\ComboFix
2012-06-29 18:07:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 11:20:23 -------- d-----w- c:\documents and settings\jean-françois\local settings\application data\Temp
2012-06-25 11:20:23 -------- d-----w- c:\documents and settings\jean-françois\local settings\application data\Adobe
2012-06-23 15:30:40 -------- d-----w- c:\program files\Ventrilo
2012-06-23 15:30:26 -------- d-----w- c:\program files\fichiers communs\Wise Installation Wizard
2012-06-23 13:14:57 -------- d-----w- c:\program files\Windows Media Connect 2
2012-06-23 13:14:02 -------- d-----w- c:\windows\system32\LogFiles
2012-06-23 01:36:48 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-06-23 01:36:37 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-06-23 01:36:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-06-23 01:36:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-06-23 01:36:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-06-23 01:36:36 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-23 01:36:36 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-06-23 01:36:36 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-06-23 01:35:27 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-06-23 01:35:27 3072 ------w- c:\windows\system32\iacenc.dll
2012-06-23 01:34:05 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-06-23 01:34:01 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-06-23 01:33:41 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-06-23 01:32:02 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-06-23 01:31:52 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-06-23 01:31:41 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-06-23 01:31:31 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-06-23 01:31:31 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-06-23 01:31:14 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-06-23 01:30:47 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-06-23 01:30:30 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-06-23 01:29:03 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-06-23 01:29:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-06-23 01:28:31 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-06-23 01:27:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-06-23 01:25:35 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-06-23 01:25:32 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-06-23 01:25:04 -------- d-----w- c:\windows\system32\PreInstall
2012-06-23 01:25:03 -------- d--h--w- c:\windows\$hf_mig$
2012-06-23 01:23:39 25112 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-23 01:23:38 19480 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-23 01:23:38 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-23 01:23:37 16408 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-23 01:23:37 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-06-23 01:22:44 -------- d-sh--w- c:\documents and settings\jean-françois\PrivacIE
2012-06-23 01:21:45 -------- d-sh--w- c:\documents and settings\jean-françois\IETldCache
2012-06-23 01:19:41 -------- d-----w- c:\program files\Microsoft
2012-06-23 01:18:30 -------- dc-h--w- c:\windows\ie8
2012-06-23 01:18:24 -------- d--h--w- c:\windows\msdownld.tmp
2012-06-23 01:10:46 -------- d-----w- c:\windows\ServicePackFiles
2012-06-23 01:10:41 294912 ------w- c:\program files\windows media player\dlimport.exe
2012-06-23 01:08:46 19569 ----a-w- c:\windows\002619_.tmp
2012-06-23 01:07:20 -------- d-----w- c:\windows\EHome
2012-06-23 00:16:32 -------- d-----w- c:\documents and settings\jean-françois\local settings\application data\Chromium
2012-06-23 00:00:04 -------- d-----w- c:\program files\GUILD WARS
2012-06-22 23:38:58 -------- d-----w- c:\documents and settings\jean-françois\local settings\application data\Akamai
2012-06-22 23:07:11 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2012-06-22 23:07:11 30512 ----a-w- c:\windows\system32\mdimon.dll
2012-06-22 23:07:05 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2012-06-22 23:07:05 32592 ----a-w- c:\windows\system32\msonpmon.dll
2012-06-22 23:04:30 -------- d-----w- c:\windows\SHELLNEW
2012-06-22 23:04:15 -------- d-----w- c:\documents and settings\jean-françois\local settings\application data\Microsoft Help
2012-06-22 21:42:50 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-22 21:42:27 41224 ----a-w- c:\windows\avastSS.scr
2012-06-22 21:42:15 -------- d-----w- c:\program files\AVAST Software
2012-06-22 21:42:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-06-22 21:36:28 -------- d-----w- c:\documents and settings\jean-françois\application data\Malwarebytes
2012-06-22 21:36:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 21:36:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-22 21:36:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-06-22 21:33:19 -------- d-----w- c:\documents and settings\jean-françois\local settings\application data\Google
.
==================== Find3M ====================
.
2012-06-22 20:29:01 234112 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-06-22 20:29:01 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-06-22 20:28:59 234112 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-05-31 13:22:03 606208 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:06:36 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55:57 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:14 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:15:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 19:18:43,00 ===============
-
Sorry, I gave you the wrong protection logs...
2012/06/29 01:00:54 -0400 PCJF Jean-François MESSAGE Starting database refresh
2012/06/29 01:00:54 -0400 PCJF Jean-François MESSAGE Stopping IP protection
2012/06/29 01:00:54 -0400 PCJF Jean-François MESSAGE IP Protection stopped
2012/06/29 01:00:58 -0400 PCJF Jean-François MESSAGE Database refreshed successfully
2012/06/29 01:00:58 -0400 PCJF Jean-François MESSAGE Starting IP protection
2012/06/29 01:01:01 -0400 PCJF Jean-François MESSAGE IP Protection started successfully
2012/06/29 06:42:02 -0400 PCJF MESSAGE Starting protection
2012/06/29 06:42:07 -0400 PCJF Jean-François MESSAGE Protection started successfully
2012/06/29 06:42:10 -0400 PCJF Jean-François MESSAGE Starting IP protection
2012/06/29 06:42:12 -0400 PCJF Jean-François MESSAGE IP Protection started successfully
2012/06/29 08:11:43 -0400 PCJF Jean-François IP-BLOCK 121.10.115.133 (Type: incoming)
2012/06/29 09:32:47 -0400 PCJF Jean-François IP-BLOCK 122.224.5.223 (Type: incoming)
2012/06/29 10:57:23 -0400 PCJF Jean-François IP-BLOCK 218.10.18.112 (Type: incoming)
2012/06/29 13:36:01 -0400 PCJF Jean-François IP-BLOCK 60.173.8.169 (Type: incoming)
2012/06/29 13:57:20 -0400 PCJF Jean-François MESSAGE Starting database refresh
2012/06/29 13:57:20 -0400 PCJF Jean-François MESSAGE Stopping IP protection
2012/06/29 13:57:20 -0400 PCJF Jean-François MESSAGE IP Protection stopped
2012/06/29 13:57:23 -0400 PCJF Jean-François MESSAGE Database refreshed successfully
2012/06/29 13:57:23 -0400 PCJF Jean-François MESSAGE Starting IP protection
2012/06/29 13:57:26 -0400 PCJF Jean-François MESSAGE IP Protection started successfully
2012/06/29 14:03:35 -0400 PCJF MESSAGE Starting protection
2012/06/29 14:03:41 -0400 PCJF Jean-François MESSAGE Protection started successfully
2012/06/29 14:03:44 -0400 PCJF Jean-François MESSAGE Starting IP protection
2012/06/29 14:03:45 -0400 PCJF Jean-François MESSAGE IP Protection started successfully
2012/06/29 14:25:50 -0400 PCJF Jean-François IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/06/29 14:25:53 -0400 PCJF Jean-François IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/06/29 14:25:59 -0400 PCJF Jean-François IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/06/29 14:26:11 -0400 PCJF Jean-François IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/06/29 14:26:14 -0400 PCJF Jean-François IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/06/29 14:26:20 -0400 PCJF Jean-François IP-BLOCK 208.73.210.29 (Type: outgoing)
2012/06/29 17:07:22 -0400 PCJF Jean-François IP-BLOCK 222.186.52.188 (Type: incoming)
2012/06/29 20:25:59 -0400 PCJF Jean-François MESSAGE Executing scheduled update: Daily
2012/06/29 20:26:06 -0400 PCJF Jean-François MESSAGE Starting database refresh
2012/06/29 20:26:06 -0400 PCJF Jean-François MESSAGE Scheduled update executed successfully: database updated from version v2012.06.29.08 to version v2012.06.29.12
2012/06/29 20:26:06 -0400 PCJF Jean-François MESSAGE Stopping IP protection
2012/06/29 20:26:06 -0400 PCJF Jean-François MESSAGE IP Protection stopped
2012/06/29 20:26:09 -0400 PCJF Jean-François MESSAGE Database refreshed successfully
2012/06/29 20:26:09 -0400 PCJF Jean-François MESSAGE Starting IP protection
2012/06/29 20:26:11 -0400 PCJF Jean-François MESSAGE IP Protection started successfully
2012/06/29 20:30:02 -0400 PCJF Jean-François IP-BLOCK 77.222.40.20 (Type: incoming)
AND
2012/07/01 06:32:32 -0400 PCJF Jean-François IP-BLOCK 122.224.5.223 (Type: incoming)
2012/07/01 06:55:39 -0400 PCJF Jean-François IP-BLOCK 222.186.13.35 (Type: incoming)
2012/07/01 11:04:18 -0400 PCJF Jean-François IP-BLOCK 109.163.229.165 (Type: outgoing)
2012/07/01 11:04:21 -0400 PCJF Jean-François IP-BLOCK 109.163.229.165 (Type: outgoing)
2012/07/01 11:04:27 -0400 PCJF Jean-François IP-BLOCK 109.163.229.165 (Type: outgoing)
2012/07/01 11:04:39 -0400 PCJF Jean-François IP-BLOCK 109.163.229.165 (Type: outgoing)
2012/07/01 11:04:42 -0400 PCJF Jean-François IP-BLOCK 109.163.229.165 (Type: outgoing)
2012/07/01 11:04:48 -0400 PCJF Jean-François IP-BLOCK 109.163.229.165 (Type: outgoing)
2012/07/01 11:14:27 -0400 PCJF Jean-François MESSAGE Starting database refresh
2012/07/01 11:14:27 -0400 PCJF Jean-François MESSAGE Stopping IP protection
2012/07/01 11:14:28 -0400 PCJF Jean-François MESSAGE IP Protection stopped
2012/07/01 11:14:31 -0400 PCJF Jean-François MESSAGE Database refreshed successfully
2012/07/01 11:14:31 -0400 PCJF Jean-François MESSAGE Starting IP protection
2012/07/01 11:14:35 -0400 PCJF Jean-François MESSAGE IP Protection started successfully
2012/07/01 13:43:53 -0400 PCJF Jean-François IP-BLOCK 60.173.8.174 (Type: incoming)
2012/07/01 20:23:50 -0400 PCJF Jean-François MESSAGE Executing scheduled update: Daily
2012/07/01 20:23:55 -0400 PCJF Jean-François MESSAGE Scheduled update executed successfully: database updated from version v2012.07.01.06 to version v2012.07.01.08
2012/07/01 20:23:55 -0400 PCJF Jean-François MESSAGE Starting database refresh
2012/07/01 20:23:55 -0400 PCJF Jean-François MESSAGE Stopping IP protection
2012/07/01 20:23:55 -0400 PCJF Jean-François MESSAGE IP Protection stopped
2012/07/01 20:23:59 -0400 PCJF Jean-François MESSAGE Database refreshed successfully
2012/07/01 20:23:59 -0400 PCJF Jean-François MESSAGE Starting IP protection
2012/07/01 20:24:02 -0400 PCJF Jean-François MESSAGE IP Protection started successfully
Thanks for your patience.
-
Thank you. Here are the infos you wanted:
MBAM:
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.03.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jean-François :: PCJF [administrator]
Protection: Enabled
2012-07-03 17:08:48
mbam-log-2012-07-03 (17-08-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185208
Time elapsed: 2 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Protection log:
2012/07/03 05:15:10 -0400 PCJF MESSAGE Starting protection
2012/07/03 05:15:16 -0400 PCJF Jean-François MESSAGE Protection started successfully
2012/07/03 05:15:19 -0400 PCJF Jean-François MESSAGE Starting IP protection
2012/07/03 05:15:21 -0400 PCJF Jean-François MESSAGE IP Protection started successfully
2012/07/03 17:08:24 -0400 PCJF Jean-François MESSAGE Starting database refresh
2012/07/03 17:08:24 -0400 PCJF Jean-François MESSAGE Stopping IP protection
2012/07/03 17:08:24 -0400 PCJF Jean-François MESSAGE IP Protection stopped
2012/07/03 17:08:27 -0400 PCJF Jean-François MESSAGE Database refreshed successfully
2012/07/03 17:08:27 -0400 PCJF Jean-François MESSAGE Starting IP protection
2012/07/03 17:08:31 -0400 PCJF Jean-François MESSAGE IP Protection started successfully
DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jean-François at 17:17:01 on 2012-07-03
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.3575.2824 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Akamai\netsession_win.exe
svchost.exe
C:\WINDOWS\system32\KaraokeSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\Documents and Settings\Jean-François\Bureau\DDS\dds.scr
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\jean-françois\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "c:\documents and settings\jean-françois\local settings\application data\akamai\netsession_win.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -b
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340397774640
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340397911281
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-22 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-22 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-22 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-22 44808]
R2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2011-3-29 88688]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-22 654408]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-22 22344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-6-22 2799728]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
.
=============== Created Last 30 ================
.
2012-06-29 18:07:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 15:30:52 -------- d-----w- c:\documents and settings\jean-françois\application data\Ventrilo
2012-06-23 15:30:40 -------- d-----w- c:\program files\Ventrilo
2012-06-23 15:30:26 -------- d-----w- c:\program files\fichiers communs\Wise Installation Wizard
2012-06-23 13:14:57 -------- d-----w- c:\program files\Windows Media Connect 2
2012-06-23 13:14:02 -------- d-----w- c:\windows\system32\LogFiles
2012-06-23 01:36:48 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-06-23 01:36:37 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-06-23 01:36:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-06-23 01:36:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-06-23 01:36:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-06-23 01:36:36 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-23 01:36:36 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-06-23 01:36:36 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-06-23 01:35:27 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-06-23 01:35:27 3072 ------w- c:\windows\system32\iacenc.dll
2012-06-23 01:34:05 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-06-23 01:34:01 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-06-23 01:33:41 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-06-23 01:32:02 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-06-23 01:31:52 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-06-23 01:31:41 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-06-23 01:31:31 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-06-23 01:31:31 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-06-23 01:31:14 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-06-23 01:30:47 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-06-23 01:30:30 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-06-23 01:29:03 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-06-23 01:29:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-06-23 01:28:31 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2012-06-23 01:27:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-06-23 01:25:35 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-06-23 01:25:32 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-06-23 01:25:04 -------- d-----w- c:\windows\system32\PreInstall
2012-06-23 01:25:03 -------- d--h--w- c:\windows\$hf_mig$
2012-06-23 01:23:39 25112 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-23 01:23:38 19480 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-23 01:23:38 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-23 01:23:37 16408 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-23 01:23:37 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-06-23 01:22:44 -------- d-sh--w- c:\documents and settings\jean-françois\PrivacIE
2012-06-23 01:21:45 -------- d-sh--w- c:\documents and settings\jean-françois\IETldCache
2012-06-23 01:19:41 -------- d-----w- c:\program files\Microsoft
2012-06-23 01:18:30 -------- dc-h--w- c:\windows\ie8
2012-06-23 01:18:24 -------- d--h--w- c:\windows\msdownld.tmp
2012-06-23 01:10:46 -------- d-----w- c:\windows\ServicePackFiles
2012-06-23 01:10:41 294912 ------w- c:\program files\windows media player\dlimport.exe
2012-06-23 01:10:38 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-06-23 01:08:46 19569 ----a-w- c:\windows\002619_.tmp
2012-06-23 01:07:20 -------- d-----w- c:\windows\EHome
2012-06-23 00:00:04 -------- d-----w- c:\program files\GUILD WARS
2012-06-22 23:07:11 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2012-06-22 23:07:11 30512 ----a-w- c:\windows\system32\mdimon.dll
2012-06-22 23:07:05 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2012-06-22 23:07:05 32592 ----a-w- c:\windows\system32\msonpmon.dll
2012-06-22 23:04:30 -------- d-----w- c:\windows\SHELLNEW
2012-06-22 21:42:50 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-22 21:42:27 41224 ----a-w- c:\windows\avastSS.scr
2012-06-22 21:42:15 -------- d-----w- c:\program files\AVAST Software
2012-06-22 21:42:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-06-22 21:36:28 -------- d-----w- c:\documents and settings\jean-françois\application data\Malwarebytes
2012-06-22 21:36:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 21:36:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-22 21:36:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-06-22 21:35:56 -------- d-----w- c:\documents and settings\jean-françois\application data\Macromedia
2012-06-22 21:35:56 -------- d-----w- c:\documents and settings\jean-françois\application data\Adobe
.
==================== Find3M ====================
.
2012-06-22 20:29:01 234112 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-06-22 20:29:01 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-06-22 20:28:59 234112 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-05-31 13:22:03 606208 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:06:36 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55:57 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:14 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:15:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 17:17:14,14 ===============
-
I've recently formated my hard drive because I couldn't restart, manually or not, the services that would let me activate any antivirus/antimalware protection. Yet, even if, after that, I could use Avast (Free) and MalwareBytes (Pro) I could still see a message from MalwareBytes telling me that it had block an IP address type outgoing (208.73.210.29). Am I to understand that something malicious was installed somewhere else than on my hard drive? And if yes, what are my options? I join the files you ask us to provide.
Thanks a lot for the time. I really don't know what else to do. I always thought format was the ultimate solution to all my computer problems, but that seem to not be the case.
JF
IP Block 208.73.210.29
in Resolved Malware Removal Logs
Posted
Thank you for the link. I re-did everything I previously did, and added some new tools like you SpywareBlaster. I guess we will see if the problem comes up again soon enough.
Thanks again.