Jump to content

Recommended Posts

I get an error when I try to update MBAM and here's what it says : "Program_Error_Updating (5,0, create file)"

I carefully read topic

http://forums.malwarebytes.org/index.php?showtopic=94487&st=0&p=476919&hl=program_error_updating&fromsearch=1entry476919

and used the recommended tools in it but I still have the same problem...

What could I do ? I can provide any logs you nee.

Thanks in advance for your help.

Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27

Run by Dell at 21:09:55 on 2011-10-17

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.263 [GMT 2:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=80c33ee200000000000000197ea024fa&tlver=1.4.19.19&affID=17160

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\bh\BabylonToolbar.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll

BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll

BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.19.19\BabylonToolbarTlbr.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [PowerBar] "c:\program files\cyberlink dvd solution\multimedia launcher\PowerBar.exe" /AtBootTime

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey

mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\fichie~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\dell\menudm~1\progra~1\dmarra~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286612341703

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 212.27.40.240 212.27.40.241

TCP: Interfaces\{0081D7FE-3E0D-47BE-B8AA-F2D25F164014} : DhcpNameServer = 212.27.40.240 212.27.40.241

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\dell\application data\mozilla\firefox\profiles\sktcwhhy.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=80c33ee200000000000000197ea024fa&tlver=1.4.19.19&instlRef=sst&affID=17160&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\dell\application data\mozilla\firefox\profiles\sktcwhhy.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll

FF - component: c:\documents and settings\dell\application data\mozilla\firefox\profiles\sktcwhhy.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll

FF - component: c:\documents and settings\dell\application data\mozilla\firefox\profiles\sktcwhhy.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll

FF - component: c:\documents and settings\dell\application data\mozilla\firefox\profiles\sktcwhhy.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll

FF - component: c:\program files\windows ilivid toolbar\datamngr\firefoxextension\components\DataMngrHlp.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-10-11 104000]

R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]

R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2011-10-11 72264]

R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2011-10-11 34152]

R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2011-10-11 170408]

S0 cerc6;cerc6; [x]

S1 MpKsl144167ca;MpKsl144167ca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75acefd7-412f-49ef-8d61-f27aa5058f6b}\mpksl144167ca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75acefd7-412f-49ef-8d61-f27aa5058f6b}\MpKsl144167ca.sys [?]

S1 MpKsl4ec81e79;MpKsl4ec81e79;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7fa86915-8b9f-4f38-b964-bb56fe397b28}\mpksl4ec81e79.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7fa86915-8b9f-4f38-b964-bb56fe397b28}\MpKsl4ec81e79.sys [?]

S1 MpKsl56a181d2;MpKsl56a181d2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eeb1898e-aa01-4712-8587-6cf0fb2bdc6e}\mpksl56a181d2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eeb1898e-aa01-4712-8587-6cf0fb2bdc6e}\MpKsl56a181d2.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [2011-10-10 7168]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-16 18:11:45 -------- d-----w- c:\documents and settings\dell\local settings\application data\PCHealth

2011-10-16 00:08:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-10-16 00:08:26 773080 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-10-16 00:08:26 1833944 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-10-16 00:08:25 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-10-16 00:08:25 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-10-16 00:08:25 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-10-16 00:08:25 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-10-16 00:08:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-10-15 21:55:14 -------- d-----w- c:\program files\SpywareBlaster

2011-10-15 21:27:06 -------- d-----w- c:\documents and settings\dell\application data\DriverCure

2011-10-15 21:27:04 -------- d-----w- c:\documents and settings\dell\application data\ParetoLogic

2011-10-15 21:26:39 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic

2011-10-13 22:26:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-11 21:33:45 -------- d-----w- C:\QUARANTINE

2011-10-11 21:00:25 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll

2011-10-11 21:00:25 -------- d-----w- c:\program files\fichiers communs\Cisco Systems

2011-10-11 20:59:43 34152 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-10-11 20:59:41 64360 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-11 20:59:40 72264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-11 20:59:40 52136 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2011-10-11 20:59:39 170408 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-11 20:57:45 -------- d-----w- c:\program files\McAfee

2011-10-11 20:57:45 -------- d-----w- c:\program files\fichiers communs\McAfee

2011-10-11 20:47:35 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-10-10 22:24:38 -------- d-----w- c:\program files\fichiers communs\Symantec Shared

2011-10-10 21:28:35 7168 ----a-w- c:\windows\DellBIOS.Sys

2011-10-10 21:13:21 -------- d-----w- c:\windows\Downloaded Installations

2011-10-10 21:08:55 -------- d-----w- C:\Temp

2011-10-10 21:08:36 -------- d-----w- c:\windows\pss

2011-10-10 20:22:39 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-10-10 20:22:39 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-09 17:18:18 0 ----a-w- c:\windows\invcol.tmp

.

==================== Find3M ====================

.

2011-09-26 09:41:40 614400 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41:40 22528 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 09:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-09 09:12:01 606208 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 14:10:01 1859072 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:41:31 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:41:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:41:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:53 385024 ---ha-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2004-10-01 13:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

============= FINISH: 21:11:25,18 ===============

Link to post
Share on other sites

Hi again,

TWO ANTIVIRUS PROGRAMS

---------------------------------------

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either MS Security Essentials or McAfee.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi,

I indeed notice in the log that MS Security Essentials was reported as installed and disabled but didn't manage to remove it since I didn't find it in Control Panel Add/Remove window list....

How can I manually and surely remove it ?

Thanks.

Link to post
Share on other sites

Combofix launched from Windows Safe Mode :

ComboFix 11-10-19.06 - Administrateur 20/10/2011 1:11:59.1.2 - x86 NETWORK

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.592 [GMT 2:00]

Lancé depuis: C:\Documents and Settings\Administrateur.DELL-419F7D40BB\Mes documents\TÚlÚchargements\ComboFix.exe

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Internet Explorer\SET5B0.tmp

C:\Program Files\Internet Explorer\SET5B5.tmp

C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

C:\WINDOWS\system32\d3d9caps.dat

((((((((((((((((((((((((((((( Fichiers créés du 2011-09-19 au 2011-10-19 ))))))))))))))))))))))))))))))))))))

2011-10-19 22:40:34 . 2011-10-19 23:11:42 -------- d-----w- C:\WINDOWS\system32\CatRoot2

2011-10-19 22:34:56 . 2011-10-19 22:34:56 -------- d-----w- C:\WINDOWS\LastGood.Tmp

2011-10-18 20:29:13 . 2011-10-18 20:29:13 -------- d-----w- C:\Documents and Settings\Dell\Application Data\Uniblue

2011-10-18 20:29:07 . 2011-10-18 20:29:07 -------- dc-h--w- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-10-18 20:29:07 . 2011-10-18 20:29:07 -------- d-----w- C:\Program Files\Uniblue

2011-10-16 18:11:45 . 2011-10-16 18:11:45 -------- d-----w- C:\Documents and Settings\Dell\Local Settings\Application Data\PCHealth

2011-10-16 00:18:07 . 2011-10-16 00:18:47 -------- d-----w- C:\Program Files\Fichiers communs\Adobe

2011-10-16 00:08:28 . 2011-09-29 07:16:59 134104 ----a-w- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

2011-10-16 00:08:26 . 2011-09-29 07:16:58 773080 ----a-w- C:\Program Files\Mozilla Firefox\mozsqlite3.dll

2011-10-16 00:08:26 . 2011-09-29 07:16:58 1833944 ----a-w- C:\Program Files\Mozilla Firefox\mozjs.dll

2011-10-16 00:08:25 . 2011-09-29 07:16:58 89048 ----a-w- C:\Program Files\Mozilla Firefox\libEGL.dll

2011-10-16 00:08:25 . 2011-09-29 07:16:58 478168 ----a-w- C:\Program Files\Mozilla Firefox\libGLESv2.dll

2011-10-16 00:08:25 . 2011-09-29 07:16:58 15832 ----a-w- C:\Program Files\Mozilla Firefox\mozalloc.dll

2011-10-16 00:08:25 . 2011-09-29 00:26:01 2106216 ----a-w- C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll

2011-10-16 00:08:25 . 2011-09-29 00:26:01 1998168 ----a-w- C:\Program Files\Mozilla Firefox\d3dx9_43.dll

2011-10-15 21:55:28 . 2011-10-16 18:40:42 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP

2011-10-15 21:55:14 . 2011-10-15 21:58:10 -------- d-----w- C:\Program Files\SpywareBlaster

2011-10-15 21:27:06 . 2011-10-15 21:27:06 -------- d-----w- C:\Documents and Settings\Dell\Application Data\DriverCure

2011-10-15 21:27:04 . 2011-10-15 21:27:04 -------- d-----w- C:\Documents and Settings\Dell\Application Data\ParetoLogic

2011-10-15 21:26:39 . 2011-10-16 00:00:08 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ParetoLogic

2011-10-13 22:26:51 . 2011-10-16 00:07:37 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2011-10-11 21:33:45 . 2011-10-11 21:34:52 -------- d-----w- C:\QUARANTINE

2011-10-11 21:00:25 . 2011-10-11 21:00:25 -------- d-----w- C:\Program Files\Fichiers communs\Cisco Systems

2011-10-11 21:00:25 . 2006-12-19 13:06:00 1495552 ----a-w- C:\WINDOWS\system32\epoPGPsdk.dll

2011-10-11 21:00:24 . 2011-10-11 21:01:27 -------- d-----w- C:\Documents and Settings\All Users\Application Data\McAfee

2011-10-11 20:59:43 . 2006-11-30 06:50:00 34152 ----a-w- C:\WINDOWS\system32\drivers\mfebopk.sys

2011-10-11 20:59:41 . 2006-11-30 06:50:00 64360 ----a-w- C:\WINDOWS\system32\drivers\mfeapfk.sys

2011-10-11 20:59:40 . 2006-11-30 06:50:00 72264 ----a-w- C:\WINDOWS\system32\drivers\mfeavfk.sys

2011-10-11 20:59:40 . 2006-11-30 06:50:00 52136 ----a-w- C:\WINDOWS\system32\drivers\mfetdik.sys

2011-10-11 20:59:39 . 2007-02-22 18:50:00 170408 ----a-w- C:\WINDOWS\system32\drivers\mfehidk.sys

2011-10-11 20:57:45 . 2011-10-11 21:00:24 -------- d-----w- C:\Program Files\McAfee

2011-10-11 20:57:45 . 2011-10-11 20:57:45 -------- d-----w- C:\Program Files\Fichiers communs\McAfee

2011-10-11 20:47:35 . 2011-10-11 20:47:35 -------- d--h--w- C:\WINDOWS\system32\GroupPolicy

2011-10-10 23:39:01 . 2011-10-10 23:39:01 -------- d-----w- C:\WINDOWS\Sun

2011-10-10 22:24:38 . 2011-10-11 20:46:29 -------- d-----w- C:\Program Files\Fichiers communs\Symantec Shared

2011-10-10 21:28:35 . 2011-10-10 21:28:35 7168 ----a-w- C:\WINDOWS\DellBIOS.Sys

2011-10-10 21:13:21 . 2011-10-10 21:13:21 -------- d-----w- C:\WINDOWS\Downloaded Installations

2011-10-10 21:08:55 . 2011-10-10 21:09:06 -------- d-----w- C:\Temp

2011-10-10 20:33:53 . 2011-10-10 20:58:22 -------- d-----w- C:\Documents and Settings\Administrateur.DELL-419F7D40BB

2011-10-10 20:22:39 . 2011-10-10 20:22:39 -------- d-----w- C:\WINDOWS\system32\wbem\Repository

2011-10-09 18:01:31 . 2011-10-09 18:01:31 -------- d--h--r- C:\Documents and Settings\LocalService\Favoris

2011-10-09 18:00:50 . 2011-10-09 18:00:50 -------- d-----w- C:\Documents and Settings\LocalService\IETldCache

2011-10-09 17:29:47 . 2011-10-09 17:29:47 -------- d-----w- C:\Documents and Settings\Administrateur\Application Data\Dell

2011-10-09 17:18:18 . 2011-10-09 17:18:18 0 ----a-w- C:\WINDOWS\invcol.tmp

2011-10-09 16:58:58 . 2011-10-09 16:58:58 -------- d-----w- C:\Documents and Settings\Administrateur\IECompatCache

2011-10-09 16:50:06 . 2011-10-09 16:50:06 -------- d-----w- C:\Documents and Settings\Administrateur\PrivacIE

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-26 09:41:40 . 2008-07-29 17:59:58 614400 ----a-w- C:\WINDOWS\system32\uiautomationcore.dll

2011-09-26 09:41:40 . 2008-04-14 07:00:00 22528 ----a-w- C:\WINDOWS\system32\oleaccrc.dll

2011-09-26 09:41:20 . 2008-04-14 07:00:00 220160 ----a-w- C:\WINDOWS\system32\oleacc.dll

2011-09-09 09:12:01 . 2008-04-14 07:00:00 606208 ----a-w- C:\WINDOWS\system32\crypt32.dll

2011-09-06 14:10:01 . 2008-04-14 07:00:00 1859072 ----a-w- C:\WINDOWS\system32\win32k.sys

2011-08-22 23:41:31 . 2008-04-14 07:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll

2011-08-22 23:41:29 . 2008-04-14 07:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll

2011-08-22 23:41:29 . 2008-04-14 07:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl

2011-08-22 11:56:53 . 2008-04-14 07:00:00 385024 ---ha-w- C:\WINDOWS\system32\html.iec

2011-08-17 13:49:54 . 2008-04-14 07:00:00 138496 ----a-w- C:\WINDOWS\system32\drivers\afd.sys

2004-10-01 13:00:16 . 2010-10-09 08:19:52 40960 ----a-w- C:\Program Files\Uninstall_CDS.exe

2011-09-29 07:16:59 . 2011-10-16 00:08:28 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 20:12:52 3872080]

"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 08:26:28 86016]

"RegistryBooster"="C:\Program Files\Uniblue\RegistryBooster\launcher.exe" [2011-08-18 09:48:31 67456]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 07:00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 18:50:00 112216]

"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 09:27:00 136768]

"Adobe ARM"="C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 10:55:28 937920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 07:00:00 15360]

"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 23:44:24 435096]

C:\Documents and Settings\Dell\Menu Démarrer\Programmes\Démarrage\

OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk

backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 10:55:28 937920 ----a-w- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04:58 35736 ----a-w- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar]

2010-11-07 09:22:00 286720 ----a-w- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 07:00:00 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-01-21 10:20:12 166912 ----a-r- C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-01-21 10:20:30 134656 ----a-r- C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 08:50:42 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-04-28 17:05:00 8429568 ----a-w- C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]

2007-04-28 17:05:00 67584 ----a-w- C:\WINDOWS\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-04-28 17:05:00 81920 ----a-w- C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2007-04-28 17:05:00 1626112 ----a-w- C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-01-21 10:18:28 134656 ----a-r- C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-02 18:24:46 32768 ----a-w- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-05-10 08:22:32 405504 ----a-w- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 10:44:46 248552 ----a-w- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Windows iLivid Toolbar\\ToolBar\\dtUser.exe"=

"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

S0 cerc6;cerc6; [x]

S1 MpKsl144167ca;MpKsl144167ca;\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75ACEFD7-412F-49EF-8D61-F27AA5058F6B}\MpKsl144167ca.sys --> c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75ACEFD7-412F-49EF-8D61-F27AA5058F6B}\MpKsl144167ca.sys [?]

S1 MpKsl4ec81e79;MpKsl4ec81e79;\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FA86915-8B9F-4F38-B964-BB56FE397B28}\MpKsl4ec81e79.sys --> c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FA86915-8B9F-4F38-B964-BB56FE397B28}\MpKsl4ec81e79.sys [?]

S1 MpKsl56a181d2;MpKsl56a181d2;\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EEB1898E-AA01-4712-8587-6CF0FB2BDC6E}\MpKsl56a181d2.sys --> c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EEB1898E-AA01-4712-8587-6CF0FB2BDC6E}\MpKsl56a181d2.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16:28 130384]

S3 DellBIOS;DellBIOS;C:\WINDOWS\DellBIOS.Sys [10/10/2011 23:28:35 7168]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16:28 753504]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35a79425-c6ef-11df-bc75-806d6172696f}]

\Shell\Option1\Command - D:\HBCD\Wintools\Autorun.exe

Contenu du dossier 'Tâches planifiées'

2011-10-19 C:\WINDOWS\Tasks\RegistryBooster.job

- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe [2011-10-18 20:29:09 . 2011-08-18 09:48:31]

2011-10-19 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9AFF50E7-CC0B-4B02-A71A-B5B6F7463112}.job

- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 02:31:54 . 2009-03-08 02:31:54]

------- Examen supplémentaire -------

uInternet Connection Wizard,ShellNext = iexplore

TCP: DhcpNameServer = 212.27.40.240 212.27.40.241

FF - ProfilePath - C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\sktcwhhy.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=80c33ee200000000000000197ea024fa&tlver=1.4.19.19&instlRef=sst&affID=17160&q=

FF - prefs.js: network.proxy.type - 0

- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-10 - (no file)

Toolbar-Locked - (no file)

MSConfigStartUp-MSC - c:\Program Files\Microsoft Security Client\msseces.exe

Link to post
Share on other sites

No, I didn't manage to uninstall MSE...

MBAM update problem is still there as before...

Beside this I can't perform a Windows Update :

Each time I try "Windows Update", I get error 0x800A0046 and I am asked to enable option " Permanence des données utilisateur" (= "user datas permanence" ?), which is already the case.

Here is the error message (in french...) :

[Numéro d'erreur : 0x800A0046]

Veuillez modifier vos paramètres de sécurité Internet Explorer.

Pour enregistrer vos paramètres pour ce site Web, vous devez activer l'option Permanence des données utilisateur pour Internet Explorer. Suivez la procédure ci-dessous, puis cliquez sur Modifier les paramètres à gauche et réessayez d'enregistrer vos paramètres.

1.Dans Internet Explorer, choisissez Options Internet dans le menu Outils.

2.Cliquez sur l'onglet Sécurité, sur l'icône de la zone de sécurité Internet, puis sur Personnaliser le niveau.

3.Dans la boîte de dialogue Paramètres, accédez à la section Divers.

4.Sous Permanence des données utilisateur, sélectionnez Activer.

5.Cliquez sur OK, puis Oui dans la fenêtre d'avertissement de sécurité qui apparaît.

Link to post
Share on other sites

As requested by MCPR, I first removed McAfee with Add/Remove Programs and then complete the removal with MCPR.exe tool.

Then I rebooted the PC, try a MBAM update without success (same problem as usually), try a Windows update without success (same problem as usually) and run Combo Fix. Still same problems after....

Here is ComboFix log :

ComboFix 11-10-17.02 - Dell 20/10/2011 22:13:47.2.2 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.720 [GMT 2:00]

Lancé depuis: c:\documents and settings\Dell\Bureau\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\sktcwhhy.default\searchplugins\SearchquWebSearch.xml

.

---- Exécution préalable -------

.

c:\program files\Internet Explorer\SET5B0.tmp

c:\program files\Internet Explorer\SET5B5.tmp

c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

c:\windows\system32\d3d9caps.dat

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-09-20 au 2011-10-20 ))))))))))))))))))))))))))))))))))))

.

.

2011-10-20 17:51 . 2011-10-20 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-10-19 22:40 . 2011-10-20 20:13 -------- d-----w- c:\windows\system32\CatRoot2

2011-10-18 20:29 . 2011-10-20 17:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0

2011-10-16 18:11 . 2011-10-16 18:11 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\PCHealth

2011-10-16 00:18 . 2011-10-16 00:18 -------- d-----w- c:\program files\Fichiers communs\Adobe

2011-10-16 00:08 . 2011-09-29 07:16 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-10-16 00:08 . 2011-09-29 07:16 773080 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-10-16 00:08 . 2011-09-29 07:16 1833944 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-10-16 00:08 . 2011-09-29 07:16 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-10-16 00:08 . 2011-09-29 07:16 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-10-16 00:08 . 2011-09-29 07:16 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-10-16 00:08 . 2011-09-29 00:26 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-10-16 00:08 . 2011-09-29 00:26 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-10-15 21:55 . 2011-10-16 18:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-10-15 21:55 . 2011-10-15 21:58 -------- d-----w- c:\program files\SpywareBlaster

2011-10-15 21:27 . 2011-10-15 21:27 -------- d-----w- c:\documents and settings\Dell\Application Data\DriverCure

2011-10-15 21:27 . 2011-10-15 21:27 -------- d-----w- c:\documents and settings\Dell\Application Data\ParetoLogic

2011-10-15 21:26 . 2011-10-16 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2011-10-13 22:26 . 2011-10-16 00:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-11 21:33 . 2011-10-11 21:34 -------- d-----w- C:\QUARANTINE

2011-10-11 21:00 . 2011-10-11 21:00 -------- d-----w- c:\program files\Fichiers communs\Cisco Systems

2011-10-11 21:00 . 2006-12-19 13:06 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll

2011-10-11 21:00 . 2011-10-20 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2011-10-11 20:57 . 2011-10-20 20:09 -------- d-----w- c:\program files\McAfee

2011-10-11 20:47 . 2011-10-11 20:47 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-10-10 23:39 . 2011-10-10 23:39 -------- d-----w- c:\windows\Sun

2011-10-10 22:24 . 2011-10-11 20:46 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared

2011-10-10 21:28 . 2011-10-10 21:28 7168 ----a-w- c:\windows\DellBIOS.Sys

2011-10-10 21:13 . 2011-10-10 21:13 -------- d-----w- c:\windows\Downloaded Installations

2011-10-10 21:08 . 2011-10-10 21:09 -------- d-----w- C:\Temp

2011-10-10 20:33 . 2011-10-10 20:58 -------- d-----w- c:\documents and settings\Administrateur.DELL-419F7D40BB

2011-10-10 20:22 . 2011-10-10 20:22 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-09 18:01 . 2011-10-09 18:01 -------- d--h--r- c:\documents and settings\LocalService\Favoris

2011-10-09 18:00 . 2011-10-09 18:00 -------- d-----w- c:\documents and settings\LocalService\IETldCache

2011-10-09 17:29 . 2011-10-09 17:29 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Dell

2011-10-09 17:18 . 2011-10-09 17:18 0 ----a-w- c:\windows\invcol.tmp

2011-10-09 16:58 . 2011-10-09 16:58 -------- d-----w- c:\documents and settings\Administrateur\IECompatCache

2011-10-09 16:50 . 2011-10-09 16:50 -------- d-----w- c:\documents and settings\Administrateur\PrivacIE

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-26 09:41 . 2008-07-29 17:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 09:41 . 2008-04-14 07:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 09:41 . 2008-04-14 07:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-09 09:12 . 2008-04-14 07:00 606208 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 14:10 . 2008-04-14 07:00 1859072 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:41 . 2008-04-14 07:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:41 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:41 . 2008-04-14 07:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2008-04-14 07:00 385024 ---ha-w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2008-04-14 07:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2004-10-01 13:00 . 2010-10-09 08:19 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2011-09-29 07:16 . 2011-10-16 00:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-19_23.16.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-20 17:05 . 2011-10-20 17:05 16384 c:\windows\temp\Perflib_Perfdata_180.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

.

c:\documents and settings\Dell\Menu Démarrer\Programmes\Démarrage\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 10:55 937920 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar]

2010-11-07 09:22 286720 ----a-w- c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 07:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-01-21 10:20 166912 ----a-r- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-01-21 10:20 134656 ----a-r- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

c:\program files\Microsoft Security Client\msseces.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-04-28 17:05 8429568 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]

2007-04-28 17:05 67584 ----a-w- c:\windows\system32\nvhotkey.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-04-28 17:05 81920 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2007-04-28 17:05 1626112 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-01-21 10:18 134656 ----a-r- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-05-10 08:22 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 10:44 248552 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows iLivid Toolbar\\ToolBar\\dtUser.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

.

S0 cerc6;cerc6; [x]

S1 MpKsl144167ca;MpKsl144167ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75ACEFD7-412F-49EF-8D61-F27AA5058F6B}\MpKsl144167ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75ACEFD7-412F-49EF-8D61-F27AA5058F6B}\MpKsl144167ca.sys [?]

S1 MpKsl4ec81e79;MpKsl4ec81e79;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FA86915-8B9F-4F38-B964-BB56FE397B28}\MpKsl4ec81e79.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FA86915-8B9F-4F38-B964-BB56FE397B28}\MpKsl4ec81e79.sys [?]

S1 MpKsl56a181d2;MpKsl56a181d2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EEB1898E-AA01-4712-8587-6CF0FB2BDC6E}\MpKsl56a181d2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EEB1898E-AA01-4712-8587-6CF0FB2BDC6E}\MpKsl56a181d2.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]

S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [10/10/2011 23:28 7168]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

.

--- Autres Services/Pilotes en mémoire ---

.

*NewlyCreated* - APPMGMT

.

.

------- Examen supplémentaire -------

.

uInternet Connection Wizard,ShellNext = iexplore

FF - ProfilePath - c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\sktcwhhy.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=80c33ee200000000000000197ea024fa&tlver=1.4.19.19&instlRef=sst&affID=17160&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHELINS SUPPRIMES - - - -

.

Toolbar-10 - (no file)

Toolbar-Locked - (no file)

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-20 22:18

Windows 5.1.2600 Service Pack 3 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

Heure de fin: 2011-10-20 22:20:16

ComboFix-quarantined-files.txt 2011-10-20 20:20

.

Avant-CF: 43 763 777 536 octets libres

Après-CF: 43 765 858 304 octets libres

.

- - End Of File - - 7672770E2D7D7439B0B19D80FFAF98C8

Link to post
Share on other sites

How are you connecting to the internet (cable mode, router, wired, wireless)? If you connect through a router, please reset it. You can typically do this by pressing the Reset button on the back of the router for approx. 10 seconds with the router powered off.

Link to post
Share on other sites

Wifi through a router inside a Freebox (french brand for triple play box). I powerred off/on the Freebox but I still have the same problems.

For your info, I have a second PC (Vista, Wired (Ethernet)) on which MBAM update and Windows are working fine.

So, meaning the router is OK ?

Link to post
Share on other sites

If the other computer is connected through the same router, then yes, it should be fine.

Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.

Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.

On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.

On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.

Click OK to exit the Properties and OK to exit the other windows as well.

Now, click Start > Run and type cmd in the runbox.

A command window will open. Type ipconfig /flushdns and press enter.

Go to start > Run copy/paste the following line in the run box and click OK.

cmd /c (ipconfig /all&nslookup mbam-cdn.malwarebytes.org&ping -n 2 mbam-cdn.malwarebytes.org&route print) >log.txt&start log.txt

A command window opens. Wait until a log.txt file opens. Please post the content to your reply.

Link to post
Share on other sites

1 - Yes, "Automatic private IP address" is ticked.

2 - ipconfig /flushdns : done

3 - Here is the log (french of course !) :

Configuration IP de Windows

Nom de l'hôte . . . . . . . . . . : dell-419f7d40bb

Suffixe DNS principal . . . . . . :

Type de nœud . . . . . . . . . . : Inconnu

Routage IP activé . . . . . . . . : Non

Proxy WINS activé . . . . . . . . : Non

Carte Ethernet Connexion au réseau local:

Statut du média . . . . . . . . . : Média déconnecté

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Adresse physique . . . . . . . . .: 00-18-8B-D9-BC-E2

Carte Ethernet Connexion réseau sans fil 2:

Suffixe DNS propre à la connexion :

Description . . . . . . . . . . . : Carte Mini Dell Wireless 1390

Adresse physique . . . . . . . . .: 00-19-7E-A0-24-FA

DHCP activé. . . . . . . . . . . : Oui

Configuration automatique activée . . . . : Oui

Adresse IP. . . . . . . . . . . . : 192.168.0.11

Masque de sous-réseau . . . . . . : 255.255.255.0

Passerelle par défaut . . . . . . : 192.168.0.254

Serveur DHCP. . . . . . . . . . . : 192.168.0.254

Serveurs DNS . . . . . . . . . . : 212.27.40.240

212.27.40.241

Bail obtenu . . . . . . . . . . . : dimanche 23 octobre 2011 17:50:38

Bail expirant . . . . . . . . . . : mercredi 2 novembre 2011 17:50:38

Serveur : dns1.proxad.net

Address: 212.27.40.240

Nom : mwbyte.vo.llnwd.net

Addresses: 87.248.221.253, 87.248.221.254

Aliases: mbam-cdn.malwarebytes.org

Envoi d'une requˆte 'ping' sur mwbyte.vo.llnwd.net [87.248.221.253] avec 32 octets de donn‚esÿ:

R‚ponse de 87.248.221.253ÿ: octets=32 temps=31 ms TTL=53

R‚ponse de 87.248.221.253ÿ: octets=32 temps=31 ms TTL=53

Statistiques Ping pour 87.248.221.253:

Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),

Dur‚e approximative des boucles en millisecondes :

Minimum = 31ms, Maximum = 31ms, Moyenne = 31ms

===========================================================================

Liste d'Interfaces

0x1 ........................... MS TCP Loopback interface

0x10003 ...00 18 8b d9 bc e2 ...... Broadcom NetXtreme 57xx Gigabit Controller

0x10004 ...00 19 7e a0 24 fa ...... Carte Mini Dell Wireless 1390

===========================================================================

===========================================================================

Itin‚raires actifsÿ:

Destination r‚seau Masque r‚seau Adr. passerelle Adr. interface M‚trique

0.0.0.0 0.0.0.0 192.168.0.254 192.168.0.11 25

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

192.168.0.0 255.255.255.0 192.168.0.11 192.168.0.11 25

192.168.0.11 255.255.255.255 127.0.0.1 127.0.0.1 25

192.168.0.255 255.255.255.255 192.168.0.11 192.168.0.11 25

224.0.0.0 240.0.0.0 192.168.0.11 192.168.0.11 25

255.255.255.255 255.255.255.255 192.168.0.11 10003 1

255.255.255.255 255.255.255.255 192.168.0.11 192.168.0.11 1

Passerelle par d‚fautÿ: 192.168.0.254

===========================================================================

Itin‚raires persistantsÿ:

Aucun

Link to post
Share on other sites

Lets also do an extra rootkit check here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.