Jump to content

paultomasi

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. paultomasi
    The Firefox issue is still intermittent however, I'm exploring the possibility it could be due to corrupted files, corrupted disk space, the volume of instances of FF and tabs constantly open and compatibility issues with FF plugins and activeX components. I have PM'd you the link as requested. Please comment wherever you see fit. Thank you. PS, speed and functionality was never an issue (save for the Firefox thing) so it's difficult to guage any other effect at this early time.
  2. paultomasi
    Dear Maniac I don't think we're going to find anything ugly on my computer and that scares me even more. It would be satisfying to know something malicious has been eradicated. The only two entries in RKILL are: * C:\WINDOWS\system32\Ati2evxx.exe (PID: 1080) [WD-HEUR] * C:\WINDOWS\system32\Ati2evxx.exe (PID: 1440) [WD-HEUR] ESET returned less than that! All very worrying to say it's rare I use either a firewall or background antivirus program although, even though I am very paranoid about viral infections. All I can assume is my surfing habits are probably 'safer' than the average surfer (although your opinion might differ on this having laid out personal details about my computer). Where do we go from here? ====================================================================== ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=bf55c15025c66845850b5bdce87ee19c # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-20 03:44:54 # local_time=2012-08-20 04:44:54 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 10982171 10982171 0 0 # compatibility_mode=2817 16777215 100 100 20703494 48169843 0 0 # compatibility_mode=5891 16776870 42 92 66797 13202675 0 0 # compatibility_mode=8192 67108863 100 0 1847 1847 0 0 # scanned=581939 # found=10 # cleaned=10 # scan_time=5768 C:\Documents and Settings\Paul\Local Settings\Temp\ICReinstall\cnet2_unhackme_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Paul\Local Settings\Temp\Temporary Directory 1 for pdf2txtocrcmd.zip\pdf2txtocrcmd\pdf2txtocr.exe a variant of Win32/Packed.BoxedApp.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\IDYBF26Z\landing[1].php HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Paul\My Documents\Downloads\MIDI FILES\cnet2_MidiPianoSuite_v172_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Paul\My Documents\Downloads\MIDI FILES\cnet2_MidiPiano_216_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Documents and Settings\Paul\.clamwin\quarantine\testvirus.txt.infected Eicar test file (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Documents and Settings\Paul\.clamwin\quarantine\XvidSetup.exe.infected a variant of Win32/Adware.HotBar.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Documents and Settings\Paul\.clamwin\quarantine\XvidSetup.exe.infected.000.infected a variant of Win32/Adware.HotBar.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Documents and Settings\Paul\.clamwin\quarantine\XvidSetup.exe.infected.001.infected a variant of Win32/Adware.HotBar.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Documents and Settings\Paul\.clamwin\quarantine\XvidSetup.exe.infected.002.infected a variant of Win32/Adware.HotBar.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=bf55c15025c66845850b5bdce87ee19c # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-24 02:15:49 # local_time=2012-08-24 03:15:49 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 11321735 11321735 0 0 # compatibility_mode=2817 16777215 100 100 21043058 48509407 0 0 # compatibility_mode=5891 16776869 42 92 0 13542239 0 0 # compatibility_mode=8192 67108863 100 0 341411 341411 0 0 # scanned=587075 # found=0 # cleaned=0 # scan_time=6457 ======================================================================
  3. paultomasi
    Thank you. All seems good. On a down note, the Firefox problem has returned however, I have shed new light on the problem of my downloaded .EXE files becoming corrupted. Even after undertaking the above diagnostic procedures, the problem still persists. I am unable to execute any (or so it seems) .EXE file that I download onto my primary hard drive. Windows returns a 'corrupted file' error messege. However, I was able to download and execute the same files onto drive D: without any problems. Is this a symptom of malware or should I now focus my attention elsewhere? A CHKSDK of drive C: showed no discernible problems save for a few minor inconsistencies which were rectified. As far as malware is concerned, is it safe to assume all is well now? Thank you.
  4. paultomasi
    2012-08-22 15:36:21 . 2012-08-22 15:36:21 596 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-UnHackMe Monitor.reg.dat 2012-08-22 15:36:21 . 2012-08-22 15:36:21 630 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Freecorder FLV Service.reg.dat 2012-08-22 15:36:21 . 2012-08-22 15:36:21 674 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DivX Download Manager.reg.dat 2012-08-22 15:36:20 . 2012-08-22 15:36:20 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat 2012-08-22 15:36:20 . 2012-08-22 15:36:20 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat 2012-08-22 15:33:13 . 2012-08-22 15:33:13 8,063 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-08-22 15:23:08 . 2012-08-22 15:23:08 51 ----a-w- C:\Qoobox\Quarantine\catchme.log 2012-07-28 03:25:34 . 2012-07-28 03:25:34 24 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\find.tmp.vir 2012-07-28 03:25:31 . 2012-07-28 03:25:31 0 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%~dpn1.tmp.vir 2012-07-28 03:25:28 . 2012-07-28 03:25:28 75 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%%~nf.tmp.vir 2012-07-28 03:25:27 . 2012-07-28 03:25:27 3 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\ftpscr.tmp.vir 2012-07-27 18:17:26 . 2012-07-28 03:25:45 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\output.tmp.vir 2012-07-27 17:26:37 . 2012-07-27 17:30:00 27 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%%~a.tmp.vir 2012-07-27 17:26:37 . 2012-07-28 03:25:09 4 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%%~fa.tmp.vir 2012-07-27 16:23:45 . 2012-07-27 16:24:57 4 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%FILES~1.TMP.vir 2012-04-17 16:22:12 . 2012-04-17 16:23:33 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\file.tmp.vir 2012-04-13 21:14:42 . 2012-04-13 21:14:42 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\27674015\.tmp.vir 2012-04-13 21:09:53 . 2012-04-13 21:20:10 93,670 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\27674015\120415-1.txt.vir 2012-04-13 20:59:27 . 2012-04-13 21:19:49 258 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\27674015\27674015.bat.vir 2012-03-30 17:39:39 . 2012-03-30 17:39:39 36 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\textfile14.txt.tmp.vir 2012-03-29 04:47:05 . 2012-03-29 04:47:05 193 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\pipe-delimited-file.txt.tmp.vir 2012-03-28 07:15:46 . 2012-03-28 07:15:58 66 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\%~fa.tmp.vir 2012-03-27 21:34:01 . 2012-03-27 21:34:01 58 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%fa.tmp.vir 2012-03-26 22:31:42 . 2012-03-26 22:31:42 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\tt..tmp.vir 2012-03-23 07:43:11 . 2012-07-30 14:46:32 32,718 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\exclude.tmp.vir 2012-03-23 07:37:45 . 2012-03-23 07:37:45 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\zzz.tmp.vir 2012-03-11 14:59:41 . 2012-03-11 14:59:41 4,593 ----a-w- C:\Qoobox\Quarantine\C\ipconfig.txt.vir 2012-03-07 19:22:49 . 2012-03-07 19:22:49 723 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\real.txt.vir 2012-03-03 03:02:15 . 2012-03-03 03:20:28 95 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\sizes.tmp.vir 2012-03-01 13:28:03 . 2012-03-01 13:28:03 26 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\test.tmp.vir 2012-01-25 01:21:28 . 2012-01-25 01:04:08 1,179,648 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\sfk164.exe.vir 2012-01-24 19:46:12 . 2012-01-24 21:12:27 19,435 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\lotto.tmp.vir 2012-01-24 19:09:23 . 2012-01-24 19:17:23 194,577 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\lotto.csv-.tmp.vir 2012-01-24 19:09:23 . 2012-01-24 19:17:23 193 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\lotto2.csv.tmp.vir 2012-01-17 04:00:16 . 2012-01-17 04:00:58 8 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\1234.txt.vir 2012-01-09 13:25:24 . 2012-01-10 19:54:29 1,062 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\netview.tmp.vir 2012-01-06 00:04:28 . 2012-01-06 00:25:04 48,159 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\output3.tmp.vir 2012-01-05 23:44:11 . 2012-01-05 23:57:16 78,077 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\output2.tmp.vir 2012-01-02 00:17:21 . 2012-01-07 02:37:00 912 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\31.bat.vir 2011-12-17 17:01:11 . 2011-11-13 13:18:44 3,492,658 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\01.mp3.vir 2011-09-16 10:34:48 . 2011-06-19 09:20:00 1,155,072 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\sfk.exe.vir 2011-06-07 12:23:17 . 2008-03-19 15:22:42 7 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\win.dll.vir 2011-06-07 12:23:16 . 2006-10-12 18:52:54 180,224 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ijl11.dll.vir 2010-11-30 18:29:46 . 2010-11-30 18:29:46 8,192 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\Favorites\Thumbs.db.vir 2010-10-18 16:15:16 . 2008-04-14 04:42:18 294,912 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\dlimport.exe.vir 2010-09-17 17:08:13 . 2010-09-17 17:08:13 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir 2010-09-17 17:08:13 . 2003-02-21 03:42:22 348,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir 2010-09-17 17:08:13 . 2003-02-20 18:06:24 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir 2010-09-17 17:08:13 . 2003-02-20 18:09:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir 2010-09-17 17:08:13 . 2003-02-20 18:08:32 2,482,176 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir 2010-09-17 17:08:13 . 2003-02-20 18:06:20 282,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir 2003-02-21 04:16:08 . 2003-02-21 04:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir 1998-05-24 23:00:00 . 1998-05-24 23:00:00 84,225 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system\VI30AUT.DLL.vir
  5. paultomasi
    Before I continue, I would like to say you, and people like yourself are providing a wonderful service. What would be required for me to help provide the same service to others? Okay, I have a few concerns. I do not know how ComboFix decides which files are risky however, looking through ComboFix.txt, I note there are entries which may appear sinister to a casual observer however, the following files in BLUE are infact created by myself and are accounted for: ========================================================================= ComboFix 12-08-22.01 - Paul 22/08/2012 16:25:10.1.6 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3325.2629 [GMT 1:00] Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Paul\%%~a.tmp c:\documents and settings\Paul\%%~fa.tmp c:\documents and settings\Paul\%%~nf.tmp c:\documents and settings\Paul\%~dpn1.tmp c:\documents and settings\Paul\%~fa.tmp c:\documents and settings\Paul\%fa.tmp c:\documents and settings\Paul\%files[name]%.tmp c:\documents and settings\Paul\01.mp3 c:\documents and settings\Paul\1234.txt c:\documents and settings\Paul\27674015 c:\documents and settings\Paul\27674015\.tmp c:\documents and settings\Paul\27674015\120415-1.txt c:\documents and settings\Paul\27674015\27674015.bat c:\documents and settings\Paul\31.bat c:\documents and settings\Paul\exclude.tmp c:\documents and settings\Paul\Favorites\Thumbs.db c:\documents and settings\Paul\file.tmp c:\documents and settings\Paul\find.tmp c:\documents and settings\Paul\ftpscr.tmp c:\documents and settings\Paul\lotto.csv-.tmp c:\documents and settings\Paul\lotto.tmp c:\documents and settings\Paul\lotto2.csv.tmp c:\documents and settings\Paul\netview.tmp c:\documents and settings\Paul\output.tmp c:\documents and settings\Paul\output2.tmp c:\documents and settings\Paul\output3.tmp c:\documents and settings\Paul\pipe-delimited-file.txt.tmp c:\documents and settings\Paul\real.txt c:\documents and settings\Paul\sfk.exe c:\documents and settings\Paul\sfk164.exe c:\documents and settings\Paul\sizes.tmp c:\documents and settings\Paul\test.tmp c:\documents and settings\Paul\textfile14.txt.tmp c:\documents and settings\Paul\tt..tmp c:\documents and settings\Paul\zzz.tmp C:\ipconfig.txt c:\windows\system\VI30AUT.DLL c:\windows\system32\Cache c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\ijl11.dll c:\windows\system32\SystemFiles c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\system32\win.dll . . ((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 ))))))))))))))))))))))))))))))) . . 2012-08-22 01:23 . 2012-08-22 01:23 -------- d-----w- c:\documents and settings\Paul\New Folder 2012-08-22 00:30 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2A06E28-1B34-4495-9DF2-5F20743B0A9A}\mpengine.dll 2012-08-21 01:42 . 2012-08-21 01:47 -------- d-----w- C:\tdskiller 2012-08-21 00:31 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-20 20:21 . 2012-08-20 20:21 -------- d-----w- C:\DriveKey 2012-08-20 13:38 . 2012-08-20 13:38 -------- d-----w- c:\program files\ESET 2012-08-20 11:49 . 2012-08-20 11:50 -------- d-----w- c:\program files\CamStudio 2.6b 2012-08-20 11:49 . 2010-10-23 23:56 49664 ----a-w- c:\windows\system32\CamCodec.dll 2012-08-17 10:53 . 2012-08-17 10:53 -------- d-----w- c:\program files\SDA 2012-08-17 10:53 . 2012-08-17 10:53 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Downloaded Installations 2012-08-10 21:41 . 2012-08-10 21:41 -------- d-----w- c:\program files\Advanced Port Scanner 2012-08-09 18:46 . 2012-08-10 02:07 -------- d-----w- C:\TOSHIBAL100 2012-08-07 16:46 . 2012-08-07 16:46 -------- d-----w- C:\orig2 2012-07-31 00:03 . 2012-07-31 00:03 855 ----a-w- c:\documents and settings\Paul\search100b.bat 2012-07-30 14:46 . 2012-07-30 14:46 -------- d---a-w- C:\tttt 2012-07-30 14:38 . 2012-07-30 14:41 125 ----a-w- c:\documents and settings\Paul\excludexcopy.bat 2012-07-27 16:15 . 2012-07-30 13:45 901 ----a-w- c:\documents and settings\Paul\search100.bat 2012-07-27 06:37 . 2012-07-27 06:43 120 ----a-w- c:\documents and settings\Paul\findenterprise.bat 2012-07-27 06:37 . 2012-07-27 06:37 492 ----a-w- c:\documents and settings\Paul\find enterprise.bat 2012-07-27 06:02 . 2012-07-27 06:20 433 ----a-w- c:\documents and settings\Paul\findfolder.bat 2012-07-27 05:32 . 2012-07-27 05:38 207 ----a-w- c:\documents and settings\Paul\maklgmulttab.bat 2012-07-26 22:55 . 2012-07-26 23:15 267 ----a-w- c:\documents and settings\Paul\findregitem.bat 2012-07-26 22:24 . 2012-07-26 22:24 42441800 ----a-w- c:\documents and settings\Paul\EE reg-orig.reg . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-28 03:25 . 2012-01-14 11:27 740 ----a-w- c:\documents and settings\Paul\tt.vbs 2012-07-28 03:25 . 2012-01-18 00:26 264 ----a-w- c:\documents and settings\Paul\refreshxls.vbs 2012-07-23 01:08 . 2012-01-09 00:48 3135 ----a-w- c:\documents and settings\Paul\tstmenu2.bat 2012-07-21 22:08 . 2012-07-20 20:40 1171 ----a-w- c:\documents and settings\Paul\progressxcopy.bat 2012-07-20 03:47 . 2012-07-20 02:17 1316 ----a-w- c:\documents and settings\Paul\xcopyfiles.bat 2012-07-20 02:48 . 2012-01-11 23:59 0 ----a-w- c:\documents and settings\Paul\TempWmicBatchFile.bat 2012-07-18 08:34 . 2012-07-18 08:34 1327 ----a-w- c:\documents and settings\Paul\obda.bat 2012-07-16 17:04 . 2012-07-16 17:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-16 17:04 . 2011-08-09 07:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-15 15:19 . 2012-07-15 15:19 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS 2012-07-06 13:58 . 2010-09-17 15:32 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-05 13:38 . 2012-07-05 13:13 519919451 ----a-w- C:\DeletedConduit.zip 2012-07-04 14:05 . 2009-01-02 20:04 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40 . 2001-08-23 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 12:46 . 2011-02-04 18:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-02 17:49 . 2010-09-17 15:39 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49 . 2010-09-17 15:35 43520 ------w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49 . 2010-09-17 15:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2010-09-17 21:14 385024 ------w- c:\windows\system32\html.iec 2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 15:50 . 2010-10-18 16:17 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2010-09-17 15:36 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 16:35 . 2010-09-17 21:14 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-04 16:35 . 2009-08-06 19:23 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-04 04:32 . 2001-08-23 12:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-03 00:17 . 2012-07-18 08:08 56 ----a-w- c:\documents and settings\Paul\TEST1.COM 2012-06-02 14:19 . 2010-11-24 21:08 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 14:19 . 2010-11-24 21:08 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 14:19 . 2010-09-17 21:14 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 14:19 . 2010-09-17 21:14 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 14:19 . 2012-07-17 06:35 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 14:19 . 2010-11-24 21:08 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 14:19 . 2010-09-17 21:14 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 14:19 . 2010-09-17 15:39 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 14:19 . 2010-09-17 15:32 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 14:19 . 2010-11-24 21:08 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 14:19 . 2010-09-17 21:14 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 14:19 . 2010-09-17 15:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 14:18 . 2011-11-29 14:14 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 14:18 . 2011-11-29 14:14 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2010-09-17 15:32 599040 ----a-w- c:\windows\system32\crypt32.dll 2010-03-31 10:09 . 2010-03-31 10:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 12:36 . 2010-04-08 12:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2012-07-18 20:39 . 2011-09-08 12:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 11:06 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 12:47 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 14:30 216064 --sha-r- c:\windows\system32\nbDX.dll 2010-01-06 23:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Paul^Start Menu^Programs^Startup^SmartVision.lnk] path=c:\documents and settings\Paul\Start Menu\Programs\Startup\SmartVision.lnk backup=c:\windows\pss\SmartVision.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-21 15:43 148776 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin] 2011-02-15 23:34 86016 ----a-w- c:\program files\ClamWin\bin\ClamTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R340 Series] 2006-12-26 04:00 177664 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIAJE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 04:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-06-11 08:44 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2012-05-15 09:40 108352 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-05-23 23:14 421888 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe] 2011-09-01 17:47 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-10-29 14:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "WSearch"=2 (0x2) "wscsvc"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NMIndexingService"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "gupdate"=2 (0x2) "cisvc"=3 (0x3) "Bonjour Service"=2 (0x2) "gupdatem"=3 (0x3) "FirebirdServerMAGIXInstance"=3 (0x3) "Fabs"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"= "c:\\Program Files\\Boxee\\BOXEE.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\eclipse\\eclipse.exe"= "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\GameHouse Games Collection\\Wheel of Fortune\\Wheel of Fortune.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [15/07/2012 4:19 pm 7936] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [25/03/2010 9:49 am 82360] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [10/12/2011 3:51 pm 21992] R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [23/08/2001 1:00 pm 14336] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [04/02/2011 7:01 pm 655944] R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [18/09/2010 8:48 am 22016] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/02/2011 7:01 pm 22344] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI --> c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/11/2010 12:42 am 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16/07/2012 6:08 pm 1691480] S3 cg300;cg300VidCap;c:\windows\system32\drivers\cg300vc.sys [10/11/2010 2:59 am 13468] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [28/10/2011 1:04 am 23456] S3 etdrv;etdrv;c:\windows\etdrv.sys [25/04/2011 9:03 pm 17488] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30/11/2010 12:42 am 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26/04/2012 12:21 am 113120] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?] S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?] S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [18/09/2010 8:48 am 29440] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [18/09/2010 8:48 am 17536] S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [07/08/2008 12:10 pm 3276800] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Contents of the 'Scheduled Tasks' folder . 2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 23:42] . 2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 23:42] . 2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1715567821-839522115-1003Core.job - c:\documents and settings\Paul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-21 07:24] . 2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1715567821-839522115-1003UA.job - c:\documents and settings\Paul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-21 07:24] . 2012-08-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\fr9bboj4.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8118 FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 9050 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 8118 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe MSConfigStartUp-UnHackMe Monitor - c:\program files\UnHackMe\hackmon.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-22 16:35 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(856) c:\windows\system32\Ati2evxx.dll . Completion time: 2012-08-22 16:37:13 ComboFix-quarantined-files.txt 2012-08-22 15:37 . Pre-Run: 16,215,941,120 bytes free Post-Run: 26,334,232,576 bytes free . - - End Of File - - D682DC4AA9B457209B465BBBDC1ED907 ========================================================================= I must recover 31.bat and tstmenu2.bat as these are brograms I am developing. Ideally, I would like to recover all the files marked blue.
  6. paultomasi
    Thank you for your assistance. Following your guidance above, I have attached the requested files. Oh, I started Firefox and it started normally this time. Wow! It has been playing up for the past month or so. When I start it it opens and closes immediately. Then I would need to start it again. However, on this occasion, after rebooting, it seems normal again - it stayed open first time. Could the above actions have anyting to do with this? (although, I'm not sure it's not just one-off as I've only restarted Firefox this once so far). Paul Tomasi mbam.txt Rkill.txt dds.txt attach.txt
  7. paultomasi
    Thank you. Didn't realise I had to post in a specific forum.
  8. paultomasi
    I am convinced my computer is infected with 'something'. When I download '.EXE' files and attempt to install them I receive a messege titled: 'Error' stating: 'The source file is corrupted'. I did a scan of my system using Malwarebytes Anti-Malware 1.62.0.1300. My current database version is: v2012.08.21.04 so I attempted to update it. A messege titled: 'Updating Malwarebutes Anti-Malware' states: 'Downloading v2012.08.21.08' '6,718.50 KB [100%]' but then I receive another messege stating the following: An error has occured. Please report this issue to our support team... PROGRAM_ERROR_UPDATING (0, 0, Corrupt transfer) I have Windows' standard firewall running. I do not have background anti-virus software. My concern is, something in the background may be interfering with .EXE downloads or executions. I have attached copies of DDS.TXT and ATTACH.TXT. Thank you for any assistance you may offer dds.txt attach.txt
  9. paultomasi
    I am convinced my computer is infected with 'something'. When I download '.EXE' files and attempt to install them I receive a messege titled: 'Error' stating: 'The source file is corrupted'. I did a scan of my system using Malwarebytes Anti-Malware 1.62.0.1300. My current database version is: v2012.08.21.04 so I attempted to update it. A messege titled: 'Updating Malwarebutes Anti-Malware' states: 'Downloading v2012.08.21.08' '6,718.50 KB [100%]' but then I receive another messege stating the following: An error has occured. Please report this issue to our support team... PROGRAM_ERROR_UPDATING (0, 0, Corrupt transfer) I have Windows' standard firewall running. I do not have background anti-virus software. My concern is, something in the background may be interfering with .EXE downloads or executions. I have attached copies of DDS.TXT and ATTACH.TXT. Thank you for any assistance you may offer. dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.