PROGRAM_ERROR_UPDATING (0, 0, Corrupt transfer)

[paultomasi]

I am convinced my computer is infected with 'something'.

When I download '.EXE' files and attempt to install them I receive a messege titled: 'Error' stating: 'The source file is corrupted'.

I did a scan of my system using Malwarebytes Anti-Malware 1.62.0.1300. My current database version is: v2012.08.21.04 so I attempted to update it.

A messege titled: 'Updating Malwarebutes Anti-Malware' states: 'Downloading v2012.08.21.08' '6,718.50 KB [100%]' but then I receive another messege stating the following:

An error has occured. Please report this issue to our support team...

PROGRAM_ERROR_UPDATING (0, 0, Corrupt transfer)

I have Windows' standard firewall running. I do not have background anti-virus software.

My concern is, something in the background may be interfering with .EXE downloads or executions.

I have attached copies of DDS.TXT and ATTACH.TXT.

Thank you for any assistance you may offer

dds.txt

attach.txt

[Maniac]

Hello paultomasi! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Please uninstall this application: BitTorrent

Step 2

Please download Rkill from here and save it to your Desktop:

http://www.bleepingcomputer.com/download/rkill/

Right-click on Rkill and select Run as Administrator.

A command window will open then disappear upon completion, this is normal.

Please leave Rkill on the Desktop until otherwise advised.

Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive. EG: C:\rkill.txt.

Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• RKill log
  
• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log

[paultomasi]

Thank you for your assistance.

Following your guidance above, I have attached the requested files.

Oh, I started Firefox and it started normally this time. Wow! It has been playing up for the past month or so. When I start it it opens and closes immediately. Then I would need to start it again. However, on this occasion, after rebooting, it seems normal again - it stayed open first time. Could the above actions have anyting to do with this? (although, I'm not sure it's not just one-off as I've only restarted Firefox this once so far).

Paul Tomasi

mbam.txt

Rkill.txt

dds.txt

attach.txt

[Maniac]

Glad to hear this, Paul!

Next time, make sure you read carefully my instructions:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Copy&Paste the entire report in your next reply.

In your next reply, post the following log files:

Now:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[paultomasi]

Before I continue, I would like to say you, and people like yourself are providing a wonderful service. What would be required for me to help provide the same service to others?

Okay, I have a few concerns.

I do not know how ComboFix decides which files are risky however, looking through ComboFix.txt, I note there are entries which may appear sinister to a casual observer however, the following files in BLUE are infact created by myself and are accounted for:

=========================================================================

ComboFix 12-08-22.01 - Paul 22/08/2012 16:25:10.1.6 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3325.2629 [GMT 1:00]

Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Paul\%%~a.tmp

c:\documents and settings\Paul\%%~fa.tmp

c:\documents and settings\Paul\%%~nf.tmp

c:\documents and settings\Paul\%~dpn1.tmp

c:\documents and settings\Paul\%~fa.tmp

c:\documents and settings\Paul\%fa.tmp

c:\documents and settings\Paul\%files[name]%.tmp

c:\documents and settings\Paul\01.mp3

c:\documents and settings\Paul\1234.txt

c:\documents and settings\Paul\27674015

c:\documents and settings\Paul\27674015\.tmp

c:\documents and settings\Paul\27674015\120415-1.txt

c:\documents and settings\Paul\27674015\27674015.bat

c:\documents and settings\Paul\31.bat

c:\documents and settings\Paul\exclude.tmp

c:\documents and settings\Paul\Favorites\Thumbs.db

c:\documents and settings\Paul\file.tmp

c:\documents and settings\Paul\find.tmp

c:\documents and settings\Paul\ftpscr.tmp

c:\documents and settings\Paul\lotto.csv-.tmp

c:\documents and settings\Paul\lotto.tmp

c:\documents and settings\Paul\lotto2.csv.tmp

c:\documents and settings\Paul\netview.tmp

c:\documents and settings\Paul\output.tmp

c:\documents and settings\Paul\output2.tmp

c:\documents and settings\Paul\output3.tmp

c:\documents and settings\Paul\pipe-delimited-file.txt.tmp

c:\documents and settings\Paul\real.txt

c:\documents and settings\Paul\sfk.exe

c:\documents and settings\Paul\sfk164.exe

c:\documents and settings\Paul\sizes.tmp

c:\documents and settings\Paul\test.tmp

c:\documents and settings\Paul\textfile14.txt.tmp

c:\documents and settings\Paul\tt..tmp

c:\documents and settings\Paul\zzz.tmp

C:\ipconfig.txt

c:\windows\system\VI30AUT.DLL

c:\windows\system32\Cache

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\ijl11.dll

c:\windows\system32\SystemFiles

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\system32\win.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))

.

.

2012-08-22 01:23 . 2012-08-22 01:23 -------- d-----w- c:\documents and settings\Paul\New Folder

2012-08-22 00:30 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2A06E28-1B34-4495-9DF2-5F20743B0A9A}\mpengine.dll

2012-08-21 01:42 . 2012-08-21 01:47 -------- d-----w- C:\tdskiller

2012-08-21 00:31 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-20 20:21 . 2012-08-20 20:21 -------- d-----w- C:\DriveKey

2012-08-20 13:38 . 2012-08-20 13:38 -------- d-----w- c:\program files\ESET

2012-08-20 11:49 . 2012-08-20 11:50 -------- d-----w- c:\program files\CamStudio 2.6b

2012-08-20 11:49 . 2010-10-23 23:56 49664 ----a-w- c:\windows\system32\CamCodec.dll

2012-08-17 10:53 . 2012-08-17 10:53 -------- d-----w- c:\program files\SDA

2012-08-17 10:53 . 2012-08-17 10:53 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Downloaded Installations

2012-08-10 21:41 . 2012-08-10 21:41 -------- d-----w- c:\program files\Advanced Port Scanner

2012-08-09 18:46 . 2012-08-10 02:07 -------- d-----w- C:\TOSHIBAL100

2012-08-07 16:46 . 2012-08-07 16:46 -------- d-----w- C:\orig2

2012-07-31 00:03 . 2012-07-31 00:03 855 ----a-w- c:\documents and settings\Paul\search100b.bat

2012-07-30 14:46 . 2012-07-30 14:46 -------- d---a-w- C:\tttt

2012-07-30 14:38 . 2012-07-30 14:41 125 ----a-w- c:\documents and settings\Paul\excludexcopy.bat

2012-07-27 16:15 . 2012-07-30 13:45 901 ----a-w- c:\documents and settings\Paul\search100.bat

2012-07-27 06:37 . 2012-07-27 06:43 120 ----a-w- c:\documents and settings\Paul\findenterprise.bat

2012-07-27 06:37 . 2012-07-27 06:37 492 ----a-w- c:\documents and settings\Paul\find enterprise.bat

2012-07-27 06:02 . 2012-07-27 06:20 433 ----a-w- c:\documents and settings\Paul\findfolder.bat

2012-07-27 05:32 . 2012-07-27 05:38 207 ----a-w- c:\documents and settings\Paul\maklgmulttab.bat

2012-07-26 22:55 . 2012-07-26 23:15 267 ----a-w- c:\documents and settings\Paul\findregitem.bat

2012-07-26 22:24 . 2012-07-26 22:24 42441800 ----a-w- c:\documents and settings\Paul\EE reg-orig.reg

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-28 03:25 . 2012-01-14 11:27 740 ----a-w- c:\documents and settings\Paul\tt.vbs

2012-07-28 03:25 . 2012-01-18 00:26 264 ----a-w- c:\documents and settings\Paul\refreshxls.vbs

2012-07-23 01:08 . 2012-01-09 00:48 3135 ----a-w- c:\documents and settings\Paul\tstmenu2.bat

2012-07-21 22:08 . 2012-07-20 20:40 1171 ----a-w- c:\documents and settings\Paul\progressxcopy.bat

2012-07-20 03:47 . 2012-07-20 02:17 1316 ----a-w- c:\documents and settings\Paul\xcopyfiles.bat

2012-07-20 02:48 . 2012-01-11 23:59 0 ----a-w- c:\documents and settings\Paul\TempWmicBatchFile.bat

2012-07-18 08:34 . 2012-07-18 08:34 1327 ----a-w- c:\documents and settings\Paul\obda.bat

2012-07-16 17:04 . 2012-07-16 17:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-16 17:04 . 2011-08-09 07:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-15 15:19 . 2012-07-15 15:19 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS

2012-07-06 13:58 . 2010-09-17 15:32 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-05 13:38 . 2012-07-05 13:13 519919451 ----a-w- C:\DeletedConduit.zip

2012-07-04 14:05 . 2009-01-02 20:04 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40 . 2001-08-23 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-03 12:46 . 2011-02-04 18:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-02 17:49 . 2010-09-17 15:39 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2010-09-17 15:35 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2010-09-17 15:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2010-09-17 21:14 385024 ------w- c:\windows\system32\html.iec

2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50 . 2010-10-18 16:17 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2010-09-17 15:36 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 16:35 . 2010-09-17 21:14 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-04 16:35 . 2009-08-06 19:23 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32 . 2001-08-23 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-03 00:17 . 2012-07-18 08:08 56 ----a-w- c:\documents and settings\Paul\TEST1.COM

2012-06-02 14:19 . 2010-11-24 21:08 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 14:19 . 2010-11-24 21:08 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 14:19 . 2010-09-17 21:14 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 14:19 . 2010-09-17 21:14 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 14:19 . 2012-07-17 06:35 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 14:19 . 2010-11-24 21:08 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 14:19 . 2010-09-17 21:14 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 14:19 . 2010-09-17 15:39 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 14:19 . 2010-09-17 15:32 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 14:19 . 2010-11-24 21:08 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 14:19 . 2010-09-17 21:14 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 14:19 . 2010-09-17 15:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 14:18 . 2011-11-29 14:14 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 14:18 . 2011-11-29 14:14 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2010-09-17 15:32 599040 ----a-w- c:\windows\system32\crypt32.dll

2010-03-31 10:09 . 2010-03-31 10:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll

2010-04-08 12:36 . 2010-04-08 12:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll

2012-07-18 20:39 . 2011-09-08 12:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2006-05-03 11:06 163328 --sha-r- c:\windows\system32\flvDX.dll

2007-02-21 12:47 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 14:30 216064 --sha-r- c:\windows\system32\nbDX.dll

2010-01-06 23:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Paul^Start Menu^Programs^Startup^SmartVision.lnk]

path=c:\documents and settings\Paul\Start Menu\Programs\Startup\SmartVision.lnk

backup=c:\windows\pss\SmartVision.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-21 15:43 148776 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]

2011-02-15 23:34 86016 ----a-w- c:\program files\ClamWin\bin\ClamTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R340 Series]

2006-12-26 04:00 177664 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIAJE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 04:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-06-11 08:44 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2012-05-15 09:40 108352 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-05-23 23:14 421888 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]

2011-09-01 17:47 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 14:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"WSearch"=2 (0x2)

"wscsvc"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NMIndexingService"=3 (0x3)

"idsvc"=3 (0x3)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"cisvc"=3 (0x3)

"Bonjour Service"=2 (0x2)

"gupdatem"=3 (0x3)

"FirebirdServerMAGIXInstance"=3 (0x3)

"Fabs"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=

"c:\\Program Files\\Boxee\\BOXEE.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\eclipse\\eclipse.exe"=

"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\GameHouse Games Collection\\Wheel of Fortune\\Wheel of Fortune.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [15/07/2012 4:19 pm 7936]

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [25/03/2010 9:49 am 82360]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [10/12/2011 3:51 pm 21992]

R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [23/08/2001 1:00 pm 14336]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [04/02/2011 7:01 pm 655944]

R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [18/09/2010 8:48 am 22016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/02/2011 7:01 pm 22344]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI --> c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/11/2010 12:42 am 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16/07/2012 6:08 pm 1691480]

S3 cg300;cg300VidCap;c:\windows\system32\drivers\cg300vc.sys [10/11/2010 2:59 am 13468]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [28/10/2011 1:04 am 23456]

S3 etdrv;etdrv;c:\windows\etdrv.sys [25/04/2011 9:03 pm 17488]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30/11/2010 12:42 am 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26/04/2012 12:21 am 113120]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?]

S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]

S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [18/09/2010 8:48 am 29440]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [18/09/2010 8:48 am 17536]

S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [07/08/2008 12:10 pm 3276800]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 23:42]

.

2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 23:42]

.

2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1715567821-839522115-1003Core.job

- c:\documents and settings\Paul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-21 07:24]

.

2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1715567821-839522115-1003UA.job

- c:\documents and settings\Paul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-21 07:24]

.

2012-08-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\fr9bboj4.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 8118

FF - prefs.js: network.proxy.socks - 127.0.0.1

FF - prefs.js: network.proxy.socks_port - 9050

FF - prefs.js: network.proxy.ssl - 127.0.0.1

FF - prefs.js: network.proxy.ssl_port - 8118

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe

MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe

MSConfigStartUp-UnHackMe Monitor - c:\program files\UnHackMe\hackmon.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-22 16:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(856)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2012-08-22 16:37:13

ComboFix-quarantined-files.txt 2012-08-22 15:37

.

Pre-Run: 16,215,941,120 bytes free

Post-Run: 26,334,232,576 bytes free

.

- - End Of File - - D682DC4AA9B457209B465BBBDC1ED907

=========================================================================

I must recover 31.bat and tstmenu2.bat as these are brograms I am developing. Ideally, I would like to recover all the files marked blue.

[Maniac]

What would be required for me to help provide the same service to others?

Here we have tips for those who want to learn and fight against malware:

http://forums.malwarebytes.org/index.php?showtopic=12264

I'm sorry about that, will take care for this now.

Please post the content of C:\Qoobox\ComboFix-quarantined-files.txt in your next reply.

[paultomasi]

2012-08-22 15:36:21 . 2012-08-22 15:36:21 596 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-UnHackMe Monitor.reg.dat

2012-08-22 15:36:21 . 2012-08-22 15:36:21 630 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Freecorder FLV Service.reg.dat

2012-08-22 15:36:21 . 2012-08-22 15:36:21 674 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DivX Download Manager.reg.dat

2012-08-22 15:36:20 . 2012-08-22 15:36:20 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat

2012-08-22 15:36:20 . 2012-08-22 15:36:20 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat

2012-08-22 15:33:13 . 2012-08-22 15:33:13 8,063 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-08-22 15:23:08 . 2012-08-22 15:23:08 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

2012-07-28 03:25:34 . 2012-07-28 03:25:34 24 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\find.tmp.vir

2012-07-28 03:25:31 . 2012-07-28 03:25:31 0 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%~dpn1.tmp.vir

2012-07-28 03:25:28 . 2012-07-28 03:25:28 75 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%%~nf.tmp.vir

2012-07-28 03:25:27 . 2012-07-28 03:25:27 3 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\ftpscr.tmp.vir

2012-07-27 18:17:26 . 2012-07-28 03:25:45 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\output.tmp.vir

2012-07-27 17:26:37 . 2012-07-27 17:30:00 27 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%%~a.tmp.vir

2012-07-27 17:26:37 . 2012-07-28 03:25:09 4 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%%~fa.tmp.vir

2012-07-27 16:23:45 . 2012-07-27 16:24:57 4 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%FILES~1.TMP.vir

2012-04-17 16:22:12 . 2012-04-17 16:23:33 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\file.tmp.vir

2012-04-13 21:14:42 . 2012-04-13 21:14:42 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\27674015\.tmp.vir

2012-04-13 21:09:53 . 2012-04-13 21:20:10 93,670 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\27674015\120415-1.txt.vir

2012-04-13 20:59:27 . 2012-04-13 21:19:49 258 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\27674015\27674015.bat.vir

2012-03-30 17:39:39 . 2012-03-30 17:39:39 36 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\textfile14.txt.tmp.vir

2012-03-29 04:47:05 . 2012-03-29 04:47:05 193 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\pipe-delimited-file.txt.tmp.vir

2012-03-28 07:15:46 . 2012-03-28 07:15:58 66 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\%~fa.tmp.vir

2012-03-27 21:34:01 . 2012-03-27 21:34:01 58 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%fa.tmp.vir

2012-03-26 22:31:42 . 2012-03-26 22:31:42 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\tt..tmp.vir

2012-03-23 07:43:11 . 2012-07-30 14:46:32 32,718 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\exclude.tmp.vir

2012-03-23 07:37:45 . 2012-03-23 07:37:45 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\zzz.tmp.vir

2012-03-11 14:59:41 . 2012-03-11 14:59:41 4,593 ----a-w- C:\Qoobox\Quarantine\C\ipconfig.txt.vir

2012-03-07 19:22:49 . 2012-03-07 19:22:49 723 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\real.txt.vir

2012-03-03 03:02:15 . 2012-03-03 03:20:28 95 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\sizes.tmp.vir

2012-03-01 13:28:03 . 2012-03-01 13:28:03 26 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\test.tmp.vir

2012-01-25 01:21:28 . 2012-01-25 01:04:08 1,179,648 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\sfk164.exe.vir

2012-01-24 19:46:12 . 2012-01-24 21:12:27 19,435 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\lotto.tmp.vir

2012-01-24 19:09:23 . 2012-01-24 19:17:23 194,577 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\lotto.csv-.tmp.vir

2012-01-24 19:09:23 . 2012-01-24 19:17:23 193 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\lotto2.csv.tmp.vir

2012-01-17 04:00:16 . 2012-01-17 04:00:58 8 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\1234.txt.vir

2012-01-09 13:25:24 . 2012-01-10 19:54:29 1,062 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\netview.tmp.vir

2012-01-06 00:04:28 . 2012-01-06 00:25:04 48,159 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\output3.tmp.vir

2012-01-05 23:44:11 . 2012-01-05 23:57:16 78,077 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\output2.tmp.vir

2012-01-02 00:17:21 . 2012-01-07 02:37:00 912 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\31.bat.vir

2011-12-17 17:01:11 . 2011-11-13 13:18:44 3,492,658 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\01.mp3.vir

2011-09-16 10:34:48 . 2011-06-19 09:20:00 1,155,072 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\sfk.exe.vir

2011-06-07 12:23:17 . 2008-03-19 15:22:42 7 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\win.dll.vir

2011-06-07 12:23:16 . 2006-10-12 18:52:54 180,224 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ijl11.dll.vir

2010-11-30 18:29:46 . 2010-11-30 18:29:46 8,192 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\Favorites\Thumbs.db.vir

2010-10-18 16:15:16 . 2008-04-14 04:42:18 294,912 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\dlimport.exe.vir

2010-09-17 17:08:13 . 2010-09-17 17:08:13 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir

2010-09-17 17:08:13 . 2003-02-21 03:42:22 348,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir

2010-09-17 17:08:13 . 2003-02-20 18:06:24 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir

2010-09-17 17:08:13 . 2003-02-20 18:09:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir

2010-09-17 17:08:13 . 2003-02-20 18:08:32 2,482,176 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir

2010-09-17 17:08:13 . 2003-02-20 18:06:20 282,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir

2003-02-21 04:16:08 . 2003-02-21 04:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir

1998-05-24 23:00:00 . 1998-05-24 23:00:00 84,225 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system\VI30AUT.DLL.vir

[Maniac]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DeQuarantine::
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\find.tmp.vir
C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%%~a.tmp.vir
C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%%~fa.tmp.vir
C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%%~nf.tmp.vir
C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%~dpn1.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\%~fa.tmp.vir
C:\Qoobox\Quarantine\C\DOCUME~1\Paul\%fa.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\01.mp3.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\1234.txt.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\27674015
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\31.bat.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\exclude.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\file.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\find.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\ftpscr.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\lotto.csv-.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\lotto.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\lotto2.csv.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\netview.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\output3.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\output2.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\output.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\pipe-delimited-file.txt.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\real.txt.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\sizes.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\test.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\textfile14.txt.tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\tt..tmp.vir
C:\Qoobox\Quarantine\C\Documents and Settings\Paul\zzz.tmp.vir
C:\Qoobox\Quarantine\C\ipconfig.txt.vir

JavaClearCache::

Quit::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

[paultomasi]

Thank you. All seems good.

On a down note, the Firefox problem has returned however, I have shed new light on the problem of my downloaded .EXE files becoming corrupted. Even after undertaking the above diagnostic procedures, the problem still persists. I am unable to execute any (or so it seems) .EXE file that I download onto my primary hard drive. Windows returns a 'corrupted file' error messege.

However, I was able to download and execute the same files onto drive D: without any problems. Is this a symptom of malware or should I now focus my attention elsewhere?

A CHKSDK of drive C: showed no discernible problems save for a few minor inconsistencies which were rectified.

As far as malware is concerned, is it safe to assume all is well now?

Thank you.

[Maniac]

Please re-run RKill again and then there will be no problem with exe files.

We are not finish the check your PC, so please stay with me.

Next:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[paultomasi]

Dear Maniac

I don't think we're going to find anything ugly on my computer and that scares me even more. It would be satisfying to know something malicious has been eradicated.

The only two entries in RKILL are:

* C:\WINDOWS\system32\Ati2evxx.exe (PID: 1080) [WD-HEUR]

* C:\WINDOWS\system32\Ati2evxx.exe (PID: 1440) [WD-HEUR]

ESET returned less than that!

All very worrying to say it's rare I use either a firewall or background antivirus program although, even though I am very paranoid about viral infections. All I can assume is my surfing habits are probably 'safer' than the average surfer (although your opinion might differ on this having laid out personal details about my computer).

Where do we go from here?

======================================================================

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=bf55c15025c66845850b5bdce87ee19c

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-20 03:44:54

# local_time=2012-08-20 04:44:54 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 10982171 10982171 0 0

# compatibility_mode=2817 16777215 100 100 20703494 48169843 0 0

# compatibility_mode=5891 16776870 42 92 66797 13202675 0 0

# compatibility_mode=8192 67108863 100 0 1847 1847 0 0

# scanned=581939

# found=10

# cleaned=10

# scan_time=5768

C:\Documents and Settings\Paul\Local Settings\Temp\ICReinstall\cnet2_unhackme_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Paul\Local Settings\Temp\Temporary Directory 1 for pdf2txtocrcmd.zip\pdf2txtocrcmd\pdf2txtocr.exe a variant of Win32/Packed.BoxedApp.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\IDYBF26Z\landing[1].php HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Paul\My Documents\Downloads\MIDI FILES\cnet2_MidiPianoSuite_v172_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Paul\My Documents\Downloads\MIDI FILES\cnet2_MidiPiano_216_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Documents and Settings\Paul\.clamwin\quarantine\testvirus.txt.infected Eicar test file (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Documents and Settings\Paul\.clamwin\quarantine\XvidSetup.exe.infected a variant of Win32/Adware.HotBar.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Documents and Settings\Paul\.clamwin\quarantine\XvidSetup.exe.infected.000.infected a variant of Win32/Adware.HotBar.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Documents and Settings\Paul\.clamwin\quarantine\XvidSetup.exe.infected.001.infected a variant of Win32/Adware.HotBar.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Documents and Settings\Paul\.clamwin\quarantine\XvidSetup.exe.infected.002.infected a variant of Win32/Adware.HotBar.H application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=bf55c15025c66845850b5bdce87ee19c

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-24 02:15:49

# local_time=2012-08-24 03:15:49 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 11321735 11321735 0 0

# compatibility_mode=2817 16777215 100 100 21043058 48509407 0 0

# compatibility_mode=5891 16776869 42 92 0 13542239 0 0

# compatibility_mode=8192 67108863 100 0 341411 341411 0 0

# scanned=587075

# found=0

# cleaned=0

# scan_time=6457

======================================================================

[Maniac]

Tell me how is your system now.

Could you please using 7-Zip compress this folder for me: C:\Qoobox\Quarantine . Then upload it somewhere, for example in www.rapidshare.com and to send me a download link via PM? Thanks in advance!

[paultomasi]

The Firefox issue is still intermittent however, I'm exploring the possibility it could be due to corrupted files, corrupted disk space, the volume of instances of FF and tabs constantly open and compatibility issues with FF plugins and activeX components.

I have PM'd you the link as requested. Please comment wherever you see fit.

Thank you.

PS, speed and functionality was never an issue (save for the Firefox thing) so it's difficult to guage any other effect at this early time.

[Maniac]

Thank you!

Please uninstall your Mozilla FireFox:

http://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Next, download and install it:

http://www.mozilla.org/en-US/firefox/new/

Then reboot and check again.

[Maniac]

Are you still with me?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!