Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Goatie

Pages: [1] 2 3 ... 12
1
Forever In Our Hearts / Re: ANNOUNCEMENT With a sad sad heart
« on: February 22, 2018, 10:02:19 PM »
In shock I am to learn this sad news but I do know that wherever you now are, it is where the nicest lawn grows and is cared for.  Aurevoir mon ami et repose en paix!  Hélène

2
Analysis and Malware Removal / Re: Brand newborn PC and infected!
« on: February 07, 2014, 08:37:40 AM »
beeeeeeeeee (says the Goat...) I met a very affectionnate pillar...  and it left aftershave on my blue skin... and so what?  :moreevil:

3
Analysis and Malware Removal / Re: Brand newborn PC and infected!
« on: February 06, 2014, 10:29:05 AM »
Am all done...Firefox updated. Glad you told me where to look on the upper left... I would NEVER have found that menu hidden under a orange button that only says FIREFOX. Why are practical things so hidden now like a MENU?   Or is it me becoming an old grouch?
I did cleaned the tools off the desktop. By the way, Corrine, you have one smilie missing here... the one of the old lady that wants things her way! ;-)))

Now, about Ghost... who has no sense of humor whatsoever... he just scolds, never laughs. I have to keep remembering he is a GHOST or I'd be terrified of him.

Winchester, I see you lay low... do not forget I can be very dangerous if you do this standing up facing me....  :winchesty73:

GR@PH;<'S... laughing and drivin' is not a good thing when you're in a blue car... believe me. That is exactly why I never laugh anymore!  :GRAFX:

Ok... I'll let you all rest all of you young ones that stayed up late last night... while I'm fresh and at my best and efficient and maybe... maybe... more brilliant than I was yesterday...  :azn:


4
Analysis and Malware Removal / Re: Brand newborn PC and infected!
« on: February 05, 2014, 11:27:19 PM »
Aaaah! dear Corrine what would this world be without you?...  I feel the new diaper change and the Johnson's baby powder and all... smells good, feels right. Now I can sleep tight and grow some more. I promise I will behave and learn my ABC.
I will update Firefox and see about Flashplayer tomorrow morning first thing, around 5 am... . I want to stay on my nice feeling... for now and go rest my tired out body and brain.
I don't know a thing about the Flashplayer... I brought the PC from the store at noon today... ;-)))
I'll report once all done. For now, all looks fine... no strange Windows opening... no strange offers offering... and permission is given to all volunteers who have been holding back on their laughing at me. I can take it now!  It is bath time anyways  :hammy:     


5
Analysis and Malware Removal / Re: Brand newborn PC and infected!
« on: February 05, 2014, 11:02:24 PM »
# AdwCleaner v3.018 - Rapport créé le 05/02/2014 à 19:54:52
# Mis à jour le 28/01/2014 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Utilisateur - UTILISATEUR-PC
# Exécuté depuis : C:\Users\Utilisateur\Desktop\AdwCleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16428

Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v24.0 (en-US)

[ Fichier : C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\rd2nuym9.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1539 octets] - [05/02/2014 18:58:08]
AdwCleaner[R1].txt - [1599 octets] - [05/02/2014 19:54:17]
AdwCleaner[S0].txt - [1210 octets] - [05/02/2014 19:54:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1270 octets] ##########

6
Analysis and Malware Removal / Re: Brand newborn PC and infected!
« on: February 05, 2014, 10:05:01 PM »
I am not taking any chances on my capacity to judge tonight so I submit for approval, then I'll delete what is there... nothing there I need to keep... I never had time to install anything yet... Firefox was the first diaper!!!  :laughing:

# AdwCleaner v3.018 - Rapport créé le 05/02/2014 à 18:58:08
# Mis à jour le 28/01/2014 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Utilisateur - UTILISATEUR-PC
# Exécuté depuis : C:\Users\Utilisateur\Desktop\AdwCleaner.exe
# Option : Scanner

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Présente : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16428

Paramètre Présent : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0CtB0DyCtCyD0ByDzztAtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1370479696&ir=

-\\ Mozilla Firefox v24.0 (en-US)

[ Fichier : C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\rd2nuym9.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1383 octets] - [05/02/2014 18:58:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1443 octets] ##########

7
Analysis and Malware Removal / Re: Brand newborn PC and infected!
« on: February 05, 2014, 09:55:14 PM »
sorry, took me a while... was not easy to figure out how to shut down the antivirus... It also tried to have me d/l some crap instead of what I asked for... So many Windows all new to me that I have a hard time figuring what is normal or not.  Now to answer your question... quite honestly I don't know where I really d/l Firefox from... actually I d/l from the first item shown in google... yes I know... I should have known better. I have to caaaaaaalm down.... and use my brain again...  :(

Now, I'll go one thing at a time... baby step....

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Utilisateur on 2014-02-05 at 18:38:22,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] Util RightSurf
Successfully deleted: [Service] Util RightSurf
Successfully stopped: [Service] Update RightSurf
Successfully deleted: [Service] Update RightSurf



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1230402944-1592690405-2964290798-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\RightSurf"



~~~ FireFox

Successfully deleted the following from C:\Users\Utilisateur\AppData\Roaming\mozilla\firefox\profiles\rd2nuym9.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0CtB0DyCtCyD0ByDzztAtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDt



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-02-05 at 18:41:38,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

8
Analysis and Malware Removal / Re: Brand newborn PC and infected!
« on: February 05, 2014, 08:32:14 PM »
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Édition Familiale Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2014-02-03 16:03:19
System Uptime: 2014-02-05 16:33:45 (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | B85M-E
Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz | SOCKET 1150 | 3101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 190,103 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 2014-02-03 16:05:08 - Windows Update
RP4: 2014-02-03 16:10:37 - Installé Realtek Ethernet Controller Driver
RP5: 2014-02-03 16:12:22 - Windows Update
RP6: 2014-02-03 16:21:11 - Windows Update
RP7: 2014-02-04 09:30:41 - Windows Update
RP8: 2014-02-04 09:50:34 - Windows Live Essentials
RP9: 2014-02-04 09:50:45 - DirectX est installé
RP10: 2014-02-04 09:50:59 - DirectX est installé
RP11: 2014-02-04 09:51:07 - DirectX est installé
RP12: 2014-02-04 09:51:22 - WLSetup
RP13: 2014-02-04 09:54:13 - Installé Power2Go
RP14: 2014-02-04 10:08:22 - Windows Update
RP15: 2014-02-05 14:11:09 - Installed AVG 2014
RP16: 2014-02-05 14:11:13 - Installed AVG 2014
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Reader XI (11.0.06) - Français
AVG 2014
CyberLink Power2Go 8
D3DX10
Galerie de photos
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Junk Mail filter update
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (FRA)
Microsoft .NET Framework 4.5.1 (Français)
Microsoft Application Error Reporting
Microsoft Office Famille et Etudiant 2013 - fr-fr
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Photo Common
Photo Gallery
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RightSurf
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

9
Analysis and Malware Removal / Re: Brand newborn PC and infected!
« on: February 05, 2014, 08:30:08 PM »
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Utilisateur at 17:07:35 on 2014-02-05
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.2.1036.18.8064.6601 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\RightSurf\updateRightSurf.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0CtB0DyCtCyD0ByDzztAtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1370479696&ir=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0CtB0DyCtCyD0ByDzztAtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1370479696&ir=
mWinlogon: Userinit = userinit.exe
BHO: RightSurf: {88be1aa9-6740-461c-9e3e-f35eb8fa741c} - C:\Program Files (x86)\RightSurf\RightSurfbho.dll
BHO: Programme d’aide de l’Assistant de connexion au compte Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
uRun: [Power2GoExpress8] NA
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B17E34D1-0847-4553-A4EE-80032F2B8888} : DHCPNameServer = 192.168.0.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0CtB0DyCtCyD0ByDzztAtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1370479696&ir=
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\rd2nuym9.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0B0CtB0DyCtCyD0ByDzztAtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1370479696&ir=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-26 20464]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\drivers\CLVirtualDrive.sys [2014-2-4 92536]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2014-2-3 927232]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-2-3 169432]
R2 OfficeSvc;Service Microsoft Office;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-2-4 1907896]
R2 Update RightSurf;Update RightSurf;C:\Program Files (x86)\RightSurf\updateRightSurf.exe [2014-2-5 80160]
R2 Util RightSurf;Util RightSurf;C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe [2014-2-5 80160]
R3 IntcDAud;Son Intel(R) pour écrans;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-17 442368]
R3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-26 368112]
R3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-26 786416]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-2-3 805088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-4 111616]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-3 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-3 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-3 30208]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-4 1255736]
.
=============== Created Last 30 ================
.
2014-02-05 20:59:29   --------   d-----w-   C:\Users\Utilisateur\AppData\Local\Mozilla
2014-02-05 19:34:45   --------   d-----w-   C:\Users\Utilisateur\AppData\Roaming\Windows Live Writer
2014-02-05 19:34:45   --------   d-----w-   C:\Users\Utilisateur\AppData\Local\Windows Live Writer
2014-02-05 19:11:43   --------   d-----w-   C:\Users\Utilisateur\AppData\Roaming\AVG2014
2014-02-05 19:11:26   --------   d-----w-   C:\Users\Utilisateur\AppData\Roaming\TuneUp Software
2014-02-05 19:11:24   --------   d--h--w-   C:\$AVG
2014-02-05 19:11:24   --------   d-----w-   C:\ProgramData\AVG2014
2014-02-05 19:11:12   --------   d-----w-   C:\Program Files (x86)\AVG
2014-02-05 19:07:53   --------   d--h--w-   C:\ProgramData\Common Files
2014-02-05 19:07:53   --------   d-----w-   C:\Users\Utilisateur\AppData\Local\MFAData
2014-02-05 19:07:53   --------   d-----w-   C:\Users\Utilisateur\AppData\Local\Avg2014
2014-02-05 19:07:53   --------   d-----w-   C:\ProgramData\MFAData
2014-02-04 15:04:11   --------   d-----w-   C:\Program Files (x86)\Microsoft SkyDrive
2014-02-04 15:04:11   --------   d-----r-   C:\Users\Utilisateur\SkyDrive
2014-02-04 15:04:06   --------   d-----w-   C:\ProgramData\Microsoft SkyDrive
2014-02-04 15:02:57   566480   ----a-w-   C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-02-04 15:02:43   --------   d-----w-   C:\ProgramData\regid.1991-06.com.microsoft
2014-02-04 15:00:57   --------   d-----w-   C:\Program Files\Microsoft Office 15
2014-02-04 14:56:31   --------   d-----w-   C:\Users\Utilisateur\AppData\Local\Power2Go8
2014-02-04 14:55:55   92536   ----a-w-   C:\Windows\System32\drivers\CLVirtualDrive.sys
2014-02-04 14:55:55   --------   d-----w-   C:\Program Files (x86)\Common Files\CyberLink
2014-02-04 14:54:17   --------   d-----w-   C:\ProgramData\install_clap
2014-02-04 14:52:54   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-04 14:52:54   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-04 14:52:23   --------   d-----w-   C:\Users\Utilisateur\AppData\Local\Adobe
2014-02-04 14:50:57   4398360   ----a-w-   C:\Windows\System32\d3dx9_32.dll
2014-02-04 14:50:57   3426072   ----a-w-   C:\Windows\SysWow64\d3dx9_32.dll
2014-02-04 14:50:37   525656   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\76a07c8a1cf21b804\DXSETUP.exe
2014-02-04 14:50:37   1691480   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\76a07c8a1cf21b804\dsetup32.dll
2014-02-04 14:50:36   94040   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\76a07c8a1cf21b804\DSETUP.dll
2014-02-04 14:50:36   89944   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\767a66851cf21b803\DSETUP.dll
2014-02-04 14:50:36   89944   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\7618ce1a1cf21b802\DSETUP.dll
2014-02-04 14:50:36   537432   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\767a66851cf21b803\DXSETUP.exe
2014-02-04 14:50:36   537432   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\7618ce1a1cf21b802\DXSETUP.exe
2014-02-04 14:50:36   1801048   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\767a66851cf21b803\dsetup32.dll
2014-02-04 14:50:36   1801048   -c--a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\7618ce1a1cf21b802\dsetup32.dll
2014-02-04 14:50:34   --------   d-----w-   C:\Users\Utilisateur\AppData\Local\Windows Live
2014-02-04 14:50:25   --------   d-----w-   C:\Program Files (x86)\Common Files\Windows Live
2014-02-04 14:30:39   96768   ----a-w-   C:\Windows\System32\fsutil.exe
2014-02-04 08:26:17   --------   d-----w-   C:\Windows\SysWow64\wbem\en-US
2014-02-04 08:26:17   --------   d-----w-   C:\Windows\System32\wbem\en-US
2014-02-04 08:26:16   --------   d-----w-   C:\Windows\SysWow64\Wat
2014-02-04 08:26:16   --------   d-----w-   C:\Windows\System32\Wat
2014-02-03 22:22:37   167424   ----a-w-   C:\Program Files\Windows Media Player\wmplayer.exe
2014-02-03 22:22:37   164864   ----a-w-   C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-02-03 22:22:37   12625920   ----a-w-   C:\Windows\System32\wmploc.DLL
2014-02-03 22:22:37   12625408   ----a-w-   C:\Windows\SysWow64\wmploc.DLL
2014-02-03 22:15:33   --------   d-----w-   C:\Windows\Migration
2014-02-03 21:47:49   2560   ----a-w-   C:\Windows\System32\drivers\fr-FR\wdf01000.sys.mui
2014-02-03 21:21:20   --------   d-----w-   C:\Windows\System32\MRT
2014-02-03 21:19:59   5120   ----a-w-   C:\Windows\SysWow64\wmi.dll
2014-02-03 21:19:59   5120   ----a-w-   C:\Windows\System32\wmi.dll
2014-02-03 21:19:59   23408   ----a-w-   C:\Windows\System32\drivers\fs_rec.sys
2014-02-03 21:17:44   723456   ----a-w-   C:\Windows\System32\EncDec.dll
2014-02-03 21:16:53   10315576   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-03 21:15:21   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2014-02-03 21:15:21   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2014-02-03 21:15:21   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2014-02-03 21:12:26   2622464   ----a-w-   C:\Windows\System32\wucltux.dll
2014-02-03 21:12:25   99840   ----a-w-   C:\Windows\System32\wudriver.dll
2014-02-03 21:12:25   36864   ----a-w-   C:\Windows\System32\wuapp.exe
2014-02-03 21:12:25   186752   ----a-w-   C:\Windows\System32\wuwebv.dll
2014-02-03 21:10:44   805088   ----a-w-   C:\Windows\System32\drivers\Rt64win7.sys
2014-02-03 21:10:44   74344   ----a-w-   C:\Windows\System32\RtNicProp64.dll
2014-02-03 21:10:44   107552   ----a-w-   C:\Windows\System32\RTNUninst64.dll
2014-02-03 21:10:41   --------   d-----w-   C:\Program Files (x86)\Realtek
2014-02-03 21:10:14   16344   ----a-w-   C:\Windows\System32\drivers\IntelMEFWVer.dll
2014-02-03 21:10:01   --------   d-sh--w-   C:\Windows\Installer
2014-02-03 21:09:58   --------   d-----w-   C:\Program Files (x86)\Common Files\postureAgent
2014-02-03 21:09:22   41984   ----a-w-   C:\Windows\System32\drivers\USB3Ver.dll
2014-02-03 21:09:04   64000   ----a-w-   C:\Windows\System32\OpenCL.DLL
2014-02-03 21:09:04   60416   ----a-w-   C:\Windows\SysWow64\OpenCL.DLL
2014-02-03 21:05:50   --------   d-----w-   C:\Intel
2014-02-03 21:05:13   16896   ----a-w-   C:\Windows\AsTaskSched.dll
2014-02-03 21:05:13   --------   d-----w-   C:\Windows\Intel_Chipset_Win7_8_VER9401016
2014-02-03 21:05:11   296320   ----a-w-   C:\Windows\System32\drivers\volsnap.sys
2014-02-03 13:16:01   --------   d-----w-   C:\Windows\Panther
.
==================== Find3M  ====================
.
2014-01-16 14:59:44   270496   ------w-   C:\Windows\System32\MpSigStub.exe
2013-11-27 01:41:37   343040   ----a-w-   C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15   99840   ----a-w-   C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11   53248   ----a-w-   C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11   325120   ----a-w-   C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:03   7808   ----a-w-   C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00   376768   ----a-w-   C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56   3156480   ----a-w-   C:\Windows\System32\win32k.sys
2013-11-26 10:19:07   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57   708608   ----a-w-   C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02   5769216   ----a-w-   C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16   553472   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12   4243968   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16   1995264   ----a-w-   C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06   1928192   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57   2334208   ----a-w-   C:\Windows\System32\wininet.dll
2013-11-26 06:33:33   1820160   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20   417792   ----a-w-   C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34   465920   ----a-w-   C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09   2048   ----a-w-   C:\Windows\System32\tzres.dll
2013-11-12 02:07:29   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 17:07:44,44 ===============

10
Analysis and Malware Removal / Brand newborn PC and infected!
« on: February 05, 2014, 08:29:18 PM »
HI! all of you. I am here, red with shame and blue with anger. Trying to figure out this new baby and it cries already with cramps!  I was downloading/installing Firefox and it gave me mywebsearch along with it. We'll laugh later... first, let me post... OK?... :thud:

Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Adobe Reader XI 
 Mozilla Firefox 24.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent````````[/u] 
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````[/u]

11
Got tired of waiting and wondering... but thanks to a very helpful GHOST who kindly helped me through, I managed to have all scans clean, including HJT log. The PC is now all updated and safe and back to her owner.
So you can consider this post as closed.

12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:39, on 2010-01-06
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Mediom\CONNEX~1\app\pppoeservice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\imapi.exe
C:\Documents and Settings\Myriam\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT2102473
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Fichiers communs\PC Tools\sMonitor\StartManSvc.exe (file missing)
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Mediom\CONNEX~1\app\pppoeservice.exe

--
End of file - 2658 bytes

13
Hi! Corrine... pleasure to see you here too!... And believe it or not, I'm almost getting a kick out of working on that old PC for her. Half fun/half fear!  :laughing:
I did a Belarc analysis of her system before anything else, to see what was in it... and since there was a risk of losing all, I had d/l SP2 and SP3 but did'nt want to install anything until I knew what was wrong...
Well, here are the results:

ComboFix 10-01-04.01 - Myriam 2010-01-06  16:40:15.1.1 - x86
Microsoft Windows XP Professionnel  5.1.2600.0.1252.2.1036.18.511.264 [GMT -5:00]
Lancé depuis: c:\documents and settings\Myriam\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
   /wow section - STAGE 4


((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycled\Dc4

c:\windows\system32\qmgr.dll . . . est infecté!!

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-12-06 au 2010-01-06  ))))))))))))))))))))))))))))))))))))
.

2010-01-06 16:28 . 2010-01-06 16:28   --------   d-----w-   C:\rsit
2010-01-06 16:28 . 2010-01-06 16:28   --------   d-----w-   c:\program files\trend micro
2010-01-06 14:29 . 2010-01-06 14:29   --------   d-----w-   c:\documents and settings\Myriam\Application Data\AVG8
2010-01-06 14:17 . 2010-01-06 14:17   --------   d-----w-   c:\program files\Mediom
2010-01-06 14:17 . 2010-01-06 14:17   --------   d-----w-   c:\program files\Efficient Networks
2010-01-06 14:17 . 2001-08-03 16:32   159552   ----a-w-   c:\windows\system32\drivers\ntspppoe.sys
2010-01-06 14:17 . 2000-08-03 15:41   1056768   ----a-w-   c:\windows\system32\ROBOEX32.DLL
2010-01-06 14:17 . 1998-11-13 18:20   308224   ----a-w-   c:\windows\IsUn0c0c.exe
2010-01-06 14:09 . 2001-08-28 11:00   3584   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\USMT\iconlib.dll
2009-12-26 13:35 . 2009-12-26 13:35   2560   ----a-w-   c:\windows\_MSRSTRT.EXE
2009-12-09 17:49 . 2009-12-09 17:49   --------   d-----w-   C:\found.000

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 14:26 . 2008-05-03 11:29   --------   d-----w-   c:\program files\CCleaner
2010-01-06 14:25 . 2008-07-03 12:16   --------   d-----w-   c:\program files\SpywareBlaster
2009-12-26 13:43 . 2009-11-11 01:39   --------   d---a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-12-26 13:34 . 2009-11-11 01:21   --------   d-----w-   c:\program files\Pando Networks
2009-12-26 13:31 . 2009-07-13 23:50   --------   d-----w-   c:\program files\OpenOffice.org 3
2009-12-26 13:27 . 2009-06-05 23:20   --------   d-----w-   c:\program files\Google
2009-12-26 13:26 . 2009-06-02 01:28   --------   d-----w-   c:\program files\eMule
2009-12-25 17:26 . 2009-05-08 01:21   --------   d-----w-   c:\documents and settings\Myriam\Application Data\MSN6
2009-12-21 01:54 . 2009-06-02 02:14   --------   d-----w-   c:\documents and settings\Myriam\Application Data\LimeWire
2009-12-11 02:24 . 2009-07-12 01:49   39   ----a-w-   c:\documents and settings\Myriam\jagex_runescape_preferences.dat
2009-12-11 00:24 . 2009-09-15 00:23   69   ----a-w-   c:\documents and settings\Myriam\jagex_runescape_preferences2.dat
2009-12-06 21:40 . 2009-12-06 21:40   53312   ----a-w-   c:\documents and settings\Myriam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 02:18 . 2009-11-11 02:00   90112   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-11-11 02:18 . 2009-11-11 02:00   561152   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMDll.dll
2009-11-11 02:18 . 2009-11-11 02:00   393216   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMResource.dll
2009-11-11 02:18 . 2009-11-11 02:00   258352   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\unicows.dll
2009-11-11 02:18 . 2009-11-11 02:00   118784   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\nxgameus.dll
2009-11-11 02:18 . 2009-11-11 02:00   167936   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGM.exe
2009-11-11 02:00 . 2009-11-11 02:00   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS
2009-11-11 01:39 . 2009-11-11 01:39   --------   d-----w-   c:\program files\Fichiers communs\PC Tools
2009-11-09 01:01 . 2001-08-28 11:00   48820   ----a-w-   c:\windows\system32\perfc00C.dat
2009-11-09 01:01 . 2001-08-28 11:00   367988   ----a-w-   c:\windows\system32\perfh00C.dat
2009-10-31 22:09 . 2009-07-13 23:54   1   ----a-w-   c:\documents and settings\Myriam\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2008-05-03 11:48 . 2008-05-03 11:48   20906864   ----a-w-   c:\program files\aaw2007.exe
2008-04-02 13:52 . 2008-04-02 13:52   22115   ---ha-w-   c:\program files\folder.htt
.

------- Sigcheck -------

Erreur des Services de cryptographie !!

c:\windows\System32\wscntfy.exe ... manque !!
c:\windows\System32\xmlprov.dll ... manque !!
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2001-08-02 1077277]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-08-28 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2001-08-28 12:00   208949   ----a-w-   c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50   155648   ----a-w-   c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2001-08-28 12:00   737360   ----a-w-   c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2001-08-28 12:00   737360   ----a-w-   c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Fichiers communs\PC Tools\sMonitor\StartManSvc.exe

R3 RAWESR;RAWESR;c:\progra~1\Mediom\CONNEX~1\app\RAWESR.SYS [2001-08-06 9988]
S2 PPPoEService;PPPoE Service;c:\progra~1\Mediom\CONNEX~1\app\pppoeservice.exe [2000-07-11 49152]
S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN  Miniport Driver;c:\windows\system32\DRIVERS\ntspppoe.sys [2001-08-03 159552]

.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2102473
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

- - - - - - - > 'lsass.exe'(728)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(220)
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
.
Heure de fin: 2010-01-06  16:53:07 - La machine a redémarré
ComboFix-quarantined-files.txt  2010-01-06 21:53

Avant-CF: 27 011 473 408 octets libres
Après-CF: 28 391 907 328 octets libres

- - End Of File - - 834505E88F41587C68D72A7230D3B02A



14
Hi!
This is not about my PC (fully healthy) but one of my relatives with what seems, a bad move on her part or her son's. She can no longer connect to the internet even after trying hard with her cable company. PC froze while downloading something and slow since. Now her PC had an old dead version of AVG never updated for a long time. No other protections...( maybe Spywareblaster). So can't even think of trying to go online with it for now and using my own pc to transmit reports.
What I did up to now:
1) uninstalled the old AVG
2) uninstalled Limewire!!! (of course)
3) deactivated a few startup items (IMJPMIG and 2 diff.  TINTSETP)
4) tried to install AVG9... but it refuses to install because Windows op. system does not support all functions required for correct op. (Windows XP Pro with SP2 at the most... no SP3 for sure).
5) ran CCleaner et rebooted
6) backed up up the Registry with ERUNT
7) ran RSIT and RootRepeal and here are the logs/reports


info.txt logfile of random's system information tool 1.06 2010-01-06 11:28:43

======Uninstall list======

-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Connexion HV-->C:\WINDOWS\IsUn0c0c.exe -f"C:\Program Files\Mediom\Connexion HV\Uninst.isu" -c"C:\Program Files\Mediom\Connexion HV\NTSUninstall.dll"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Package du correctif Windows XP [voir Q329115 pour plus de détails]-->C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Windows XP Hotfix (SP1) [See Q329048 for more information]-->C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329390 for more information]-->C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329441 for more information]-->C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329834 for more information]-->C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q810833-->C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q815021-->C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe

======System event log======

Computer Name: MYMY-N0Q8UKV4A2
Event Code: 59
Message: Resolve Partial Assembly a échoué pour Microsoft.VC80.CRT.
Message d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Record Number: 4138
Source Name: SideBySide
Time Written: 20091030183042.000000-300
Event Type: error
User:

Computer Name: MYMY-N0Q8UKV4A2
Event Code: 32
Message: L'assemblage dépendant Microsoft.VC80.CRT ne peut pas être trouvé. La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Record Number: 4137
Source Name: SideBySide
Time Written: 20091030183042.000000-300
Event Type: error
User:

Computer Name: MYMY-N0Q8UKV4A2
Event Code: 59
Message: Generate Activation Context a échoué pour C:\Program Files\LimeWire\lib\jacob-1.14.1-x86.dll.
Message d'erreur de référence : Opération réussie.
.

Record Number: 4093
Source Name: SideBySide
Time Written: 20091028204103.000000-300
Event Type: error
User:

Computer Name: MYMY-N0Q8UKV4A2
Event Code: 59
Message: Resolve Partial Assembly a échoué pour Microsoft.VC80.CRT.
Message d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Record Number: 4092
Source Name: SideBySide
Time Written: 20091028204103.000000-300
Event Type: error
User:

Computer Name: MYMY-N0Q8UKV4A2
Event Code: 32
Message: L'assemblage dépendant Microsoft.VC80.CRT ne peut pas être trouvé. La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Record Number: 4091
Source Name: SideBySide
Time Written: 20091028204103.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: MYMY-N0Q8UKV4A2
Event Code: 4354
Message: Le système d'événements de COM+ n'a pas pu déclencher la méthode ConnectionMade de l'abonnement {23EDCD59-FBF3-4E1F-8381-7A80CFDEC164}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. L'abonné a renvoyé HRESULT 80004001.
Record Number: 297
Source Name: EventSystem
Time Written: 20090803221325.000000-240
Event Type: warning
User:

Computer Name: MYMY-N0Q8UKV4A2
Event Code: 4354
Message: Le système d'événements de COM+ n'a pas pu déclencher la méthode ConnectionMade de l'abonnement {0F1944C5-AD3E-4C07-8FBC-8C3E862EC217}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. L'abonné a renvoyé HRESULT 80004001.
Record Number: 292
Source Name: EventSystem
Time Written: 20090802221730.000000-240
Event Type: warning
User:

Computer Name: MYMY-N0Q8UKV4A2
Event Code: 4354
Message: Le système d'événements de COM+ n'a pas pu déclencher la méthode ConnectionMade de l'abonnement {BFE19A36-8588-49C9-A6EE-202C89C70DC1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. L'abonné a renvoyé HRESULT 80004001.
Record Number: 279
Source Name: EventSystem
Time Written: 20090801095150.000000-240
Event Type: warning
User:

Computer Name: MYMY-N0Q8UKV4A2
Event Code: 4354
Message: Le système d'événements de COM+ n'a pas pu déclencher la méthode ConnectionMade de l'abonnement {00BE0508-BEDA-4FA0-BE76-9707A6EEF13B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. L'abonné a renvoyé HRESULT 80004001.
Record Number: 272
Source Name: EventSystem
Time Written: 20090730183810.000000-240
Event Type: warning
User:

Computer Name: MYMY-N0Q8UKV4A2
Event Code: 4354
Message: Le système d'événements de COM+ n'a pas pu déclencher la méthode ConnectionMade de l'abonnement {F394E48F-BC9A-43A3-994C-70AD1132D09C}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. L'abonné a renvoyé HRESULT 80004001.
Record Number: 268
Source Name: EventSystem
Time Written: 20090729203955.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Myriam at 2010-01-06 11:28:40
Microsoft Windows XP Professionnel
System drive C: has 26 GB (68%) free of 38 GB
Total RAM: 511 MB (72% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2001-08-28 847900]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2001-08-28 13312]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2001-08-02 1077277]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2001-08-28 208949]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2001-08-28 737360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2001-08-28 737360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-01-06 11:28:40 ----D---- C:\rsit
2010-01-06 11:28:40 ----D---- C:\Program Files\trend micro
2010-01-06 11:26:53 ----D---- C:\WINDOWS\ERDNT
2010-01-06 09:29:41 ----D---- C:\Documents and Settings\Myriam\Application Data\AVG8
2010-01-06 09:18:11 ----A---- C:\WINDOWS\ntsautodial.ini
2010-01-06 09:17:35 ----D---- C:\Program Files\Mediom
2010-01-06 09:17:35 ----D---- C:\Program Files\Efficient Networks
2010-01-06 09:17:35 ----A---- C:\WINDOWS\System32\ROBOEX32.DLL
2010-01-06 09:17:15 ----A---- C:\WINDOWS\IsUn0c0c.exe
2010-01-06 08:34:05 ----D---- C:\WINDOWS\pss
2009-12-26 08:55:33 ----D---- C:\WINDOWS\CSC
2009-12-26 08:35:17 ----A---- C:\WINDOWS\_MSRSTRT.EXE
2009-12-26 08:28:01 ----D---- C:\WINDOWS\System32\appmgmt
2009-12-09 12:49:02 ----SHD---- C:\found.000

======List of files/folders modified in the last 1 months======

2010-01-06 11:28:40 ----RD---- C:\Program Files
2010-01-06 11:26:53 ----D---- C:\WINDOWS
2010-01-06 11:23:31 ----D---- C:\WINDOWS\Prefetch
2010-01-06 11:15:10 ----D---- C:\WINDOWS\Temp
2010-01-06 11:13:10 ----D---- C:\WINDOWS\Debug
2010-01-06 11:09:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-06 10:06:11 ----SD---- C:\Documents and Settings\Myriam\Application Data\Microsoft
2010-01-06 10:06:11 ----D---- C:\WINDOWS\System32\drivers
2010-01-06 10:06:11 ----D---- C:\WINDOWS\system32
2010-01-06 09:26:47 ----D---- C:\Program Files\CCleaner
2010-01-06 09:25:40 ----D---- C:\Program Files\SpywareBlaster
2010-01-06 09:19:42 ----D---- C:\WINDOWS\System32\CatRoot2
2010-01-06 09:18:07 ----HD---- C:\WINDOWS\inf
2010-01-06 09:09:28 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2010-01-06 08:57:12 ----SH---- C:\boot.ini
2010-01-06 08:57:12 ----A---- C:\WINDOWS\win.ini
2010-01-06 08:57:12 ----A---- C:\WINDOWS\system.ini
2010-01-06 08:32:43 ----D---- C:\WINDOWS\security
2009-12-26 08:55:38 ----D---- C:\Documents and Settings
2009-12-26 08:43:09 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-12-26 08:43:01 ----D---- C:\Program Files\Registry Mechanic
2009-12-26 08:34:32 ----D---- C:\Program Files\Pando Networks
2009-12-26 08:32:07 ----D---- C:\WINDOWS\WinSxS
2009-12-26 08:31:40 ----D---- C:\Program Files\OpenOffice.org 3
2009-12-26 08:30:08 ----SHD---- C:\WINDOWS\Installer
2009-12-26 08:27:12 ----D---- C:\Program Files\Google
2009-12-26 08:27:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2009-12-26 08:26:44 ----D---- C:\Program Files\eMule
2009-12-26 08:23:01 ----RSHDC---- C:\WINDOWS\System32\dllcache
2009-12-26 08:23:00 ----D---- C:\WINDOWS\System32\bits
2009-12-26 08:22:33 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 12:26:21 ----D---- C:\Documents and Settings\Myriam\Application Data\MSN6
2009-12-25 12:26:15 ----D---- C:\Program Files\MSN
2009-12-20 20:54:42 ----D---- C:\Documents and Settings\Myriam\Application Data\LimeWire
2009-12-14 19:48:56 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 ac97intc;Service d'installation du pilote audio Intel(r) 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-23 117760]
R3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN  Miniport Driver; C:\WINDOWS\System32\DRIVERS\ntspppoe.sys [2001-08-03 159552]
R3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2001-08-28 50688]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2001-08-28 18944]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\System32\drivers\EagleNT.sys []
S3 RAWESR;RAWESR; \??\C:\PROGRA~1\Mediom\CONNEX~1\app\RAWESR.SYS []
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 PPPoEService;PPPoE Service; C:\PROGRA~1\Mediom\CONNEX~1\app\pppoeservice.exe [2000-07-11 49152]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Fichiers communs\PC Tools\sMonitor\StartManSvc.exe []
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/01/06 11:36
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP0
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF6F3B000   Size: 90112   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A5E000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\System32\drivers\rootrepeal.sys
Address: 0xF529C000   Size: 49152   File Visible: No   Signed: -
Status: -

==EOF==


Thank you for your time and efforts, I really appreciate!

Goatie

15
Analysis and Malware Removal / Re: A tiny problem...
« on: November 24, 2006, 02:33:09 PM »
Just the kind of answers I love... So I will get my Winchester and shoot them right now!!!  :Win73:

A big Thank you!!!!   :mitch:

Pages: [1] 2 3 ... 12