|
#46
July 31st, 2012, 06:32 PM
|
|||
|
|||
|
Here you go!
ComboFix 12-07-30.03 - HP_Administrator 31/07/2012 18:17:36.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.529 [GMT 1:00] Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_EF39AD0045B57300 -------\Service_EF39AD0045B57300 . . ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 ))))))))))))))))))))))))))))))) . . 2012-07-31 16:34 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F949E507-C6EF-409B-A1A6-4D630B96CBA3}\mpengine.dll 2012-07-30 17:43 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-09 10:22 . 2012-07-09 10:22 -------- d-----w- c:\program files\iPod 2012-07-09 10:21 . 2012-07-09 10:24 -------- d-----w- c:\program files\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2012-07-28 07:55 . 2012-04-02 21:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-28 07:55 . 2011-09-02 21:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-13 13:19 . 2004-08-10 04:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2008-08-16 22:35 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2004-08-10 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2004-08-10 04:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 14:19 . 2007-07-30 18:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 14:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 14:19 . 2004-08-10 04:00 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 14:19 . 2004-08-10 04:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 14:19 . 2004-08-10 04:00 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 14:19 . 2007-07-30 18:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 14:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 14:19 . 2004-08-10 04:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 14:19 . 2004-08-10 04:00 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 14:19 . 2004-08-10 04:00 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 14:19 . 2007-07-30 18:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 14:19 . 2004-08-10 04:00 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 14:19 . 2004-08-10 04:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 14:18 . 2008-07-23 16:33 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 14:18 . 2008-07-23 16:33 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 14:18 . 2008-07-23 16:33 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2004-08-10 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-04 13:16 . 2004-08-10 04:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2004-08-10 11:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-07-19 05:00 . 2011-10-19 16:40 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-06-30 12:44 . 2008-08-30 14:19 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\SoftwareDistribution\Download\f5ce3558c dad2d0de1884dee71734a4a\SP3GDR\mshtml.dll [-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\SoftwareDistribution\Download\f5ce3558c dad2d0de1884dee71734a4a\SP3QFE\mshtml.dll [-] 2009-01-15 . 42B04AFD48BE284B1615E890FC028CB3 . 5888512 . . [8.00.6001.18372] . . c:\windows\system32\mshtml.dll [-] 2009-01-15 . 42B04AFD48BE284B1615E890FC028CB3 . 5888512 . . [8.00.6001.18372] . . c:\windows\system32\dllcache\mshtml.dll [7] 2008-12-14 . 2973F5FC57D2755AB57ED14FFF8DDA47 . 5699584 . . [8.00.6001.22342] . . c:\windows\$hf_mig$\KB960714-IE8\SP3QFE\mshtml.dll [7] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie8\mshtml.dll [7] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll [7] 2008-04-23 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll [7] 2008-04-23 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\SoftwareDistribution\Download\b3bf74f55 136e7636e609c29522f7318\SP2GDR\mshtml.dll [7] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll [7] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\SoftwareDistribution\Download\b3bf74f55 136e7636e609c29522f7318\SP2QFE\mshtml.dll [7] 2008-04-21 . C75C6AD32C28BCE0D14E1CA2AB4862DC . 3059712 . . [6.00.2900.3354] . . c:\windows\ie7\mshtml.dll [7] 2008-04-21 . 083B967E6B0B2BB539CE6B08D45D631F . 3066880 . . [6.00.2900.3354] . . c:\windows\$hf_mig$\KB950759\SP2QFE\mshtml.dll [7] 2008-04-21 . FE406DE0651C9E8201DCB0460609D739 . 3066880 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll [7] 2008-04-21 . 46A61BA430110F00DD990D058AA3D054 . 3067392 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll [7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll [7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll [-] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB950759$\mshtml.dll [-] 2005-11-23 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll [-] 2004-08-10 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB905915$\mshtml.dll . [-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\SoftwareDistribution\Download\f5ce3558c dad2d0de1884dee71734a4a\SP3GDR\wininet.dll [-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\SoftwareDistribution\Download\f5ce3558c dad2d0de1884dee71734a4a\SP3QFE\wininet.dll [-] 2009-01-15 . 203C05A174A45270A30CDD593092D91E . 911872 . . [8.00.6001.18372] . . c:\windows\system32\wininet.dll [-] 2009-01-15 . 203C05A174A45270A30CDD593092D91E . 911872 . . [8.00.6001.18372] . . c:\windows\system32\dllcache\wininet.dll [7] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie8\wininet.dll [7] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll [7] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll [7] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\SoftwareDistribution\Download\b3bf74f55 136e7636e609c29522f7318\SP2GDR\wininet.dll [7] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll [7] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\SoftwareDistribution\Download\b3bf74f55 136e7636e609c29522f7318\SP2QFE\wininet.dll [7] 2008-04-21 . 1EFB8A3EA8454AEC1BB8A240A2845598 . 659456 . . [6.00.2900.3354] . . c:\windows\ie7\wininet.dll [7] 2008-04-21 . 2E7DE1BF9418B071799EB53DE8CC22F5 . 666624 . . [6.00.2900.3354] . . c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll [7] 2008-04-21 . 2B0C24AA747A93A28987B6D65A4A74BC . 666112 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll [7] 2008-04-21 . 26F240C250E5B4B395CB4B178BA75437 . 666624 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll [7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll [7] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll [-] 2005-10-21 . E7B27B6B6E06CE34EA019FD8B858C613 . 658432 . . [6.00.2900.2781] . . c:\windows\$NtUninstallKB950759$\wininet.dll [-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll [-] 2004-08-10 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB905915$\wininet.dll . ((((((((((((((((((((((((((((( SnapShot@2012-07-30_17.10.31 ))))))))))))))))))))))))))))))))))))))))) . + 2012-07-31 17:29 . 2012-07-31 17:29 16384 c:\windows\temp\Perflib_Perfdata_2bc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.d ll" [2011-05-05 214840] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ftutil2"="ftutil2.dll" [2004-06-07 106496] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648] "nwiz"="nwiz.exe" [2005-12-14 1519616] "RTHDCPL"="RTHDCPL.EXE" [2006-01-12 15961088] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-4-29 27136] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-10-12 303104] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13:21 92592] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [29/04/2006 18:28 2815744] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/12/2009 19:10 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [02/04/2012 22:30 250056] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/12/2009 19:10 135664] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 22:27 113120] . Contents of the 'Scheduled Tasks' folder . 2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-02 07:55] . 2012-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-07-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . 2012-07-29 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-22 16:24] . 2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 18:09] . 2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 18:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.mileoakshootingclub.co.uk/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\documents and settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461 B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o1mn27oy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= . . ************************************************** ************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-31 18:30 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3960) c:\windows\system32\nview.dll c:\windows\system32\NVWRSENG.DLL c:\windows\system32\nvwddi.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM1 2.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\eHome\ehmsas.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe . ************************************************** ************************ . Completion time: 2012-07-31 18:36:24 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-31 17:36 ComboFix2.txt 2012-07-30 17:15 . Pre-Run: 183,784,034,304 bytes free Post-Run: 183,785,504,768 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windo ws XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - F1B4E53C192393FBF7C8368D3691CD50 
|
|
#47
July 31st, 2012, 10:00 PM
|
|||
|
|||
|
No threats found on the scan!
Mike.
|
|
#49
August 1st, 2012, 06:34 AM
|
|||
|
|||
|
The email alert still appears when i open Firefox to browse with the same stupid comment about using my email addy to sign in if problem persists but not sure yet if the adobe; 'please contact microsoft' warning comes up yet?
Usually happens at least once an evening. I did notice restarting my computer this morning it froze when i turned real time protection on, on microsoft security? Any thoughts? Thanks mike. 
|
|
#50
August 2nd, 2012, 12:40 AM
|
||||
|
||||
|
Let's see if some rebuilding Windows will make corrections. For Firefox, what webpage on you on when this alert occurs?
Follow the steps here to uninstall Service Pack 3, being sure to reboot after. Then redo the update to Service Pack 3. The easiest way I found to complete that is to download the independent installer from here (disregard the verbiage - that is the normal installer for SP3). That way you are not dependent on MS updates to complete the job. This can also be downloaded at a different location and transferred, if other download locations are faster there. Once that has downloaded temp disable all security software, to include disabling it from starting at reboot if you can, and click that downloaded file to start the upgrade process. It will take a good long time to complete.
|
|
#51
August 4th, 2012, 06:18 AM
|
|||
|
|||
|
The web page i am on is basically as soon as i open my browser...whether firefox or internet explorer, this is when i get the 'sign in to email alert'
The microsoft warning seems to happen at any time? Though to be fair it hasn't happened for a while?!! Not quite sure if i download them updates before doing the install or after? My computer is quite slow and i donot have access to another, will it affect you or do you mind if i try this at a later date if my computer gets the better of me or would you advise that i do it now? Kindest regards Mike 
|
|
#53
August 5th, 2012, 12:49 AM
|
||||
|
||||
|
Also please run a Gmer regular scan, and post that log.
Go here and download USEC.at's radix_installer_trial.zip. Then unzip that and click the radixgui.exe to open the scan display (agree to the warning). With the "1-click check" tab selected, and without making any other changes click the Check button to start the scan. Once it has completed click the Save Log button and save that to a location you can return to. Then click the "X" to close the Radix scanner. That will be a corker of a log, so zip a copy of it, and send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files - byfordmike/cth/radix" as the email Subject.
|
|
#54
August 5th, 2012, 04:47 PM
|
|||
|
|||
|
Quote:
Here you go!; SystemLook 30.07.11 by jpshortstuff Log created at 16:44 on 05/08/2012 by HP_Administrator Administrator - Elevation successful ========== filefind ========== Searching for "imm32.dll" C:\WINDOWS\$NtServicePackUninstall$\imm32.dll -----c- 110080 bytes [07:23 24/08/2008] [04:00 10/08/2004] 87CA7CE6469577F059297B9D6556D66D C:\WINDOWS\erdnt\cache\imm32.dll --a---- 110080 bytes [17:12 30/07/2012] [00:11 14/04/2008] 0DA85218E92526972A821587E6A8BF8F C:\WINDOWS\ServicePackFiles\i386\imm32.dll ------- 110080 bytes [22:34 16/08/2008] [00:11 14/04/2008] 0DA85218E92526972A821587E6A8BF8F C:\WINDOWS\system32\imm32.dll --a---- 110080 bytes [04:00 10/08/2004] [00:11 14/04/2008] 0DA85218E92526972A821587E6A8BF8F -= EOF =-
|
|
#55
August 5th, 2012, 06:30 PM
|
|||
|
|||
|
Thankyou what is a 'regular' gmer scan?...is it just open gmer and scan?...sounds obvious but that is where i was getting problems before when it kept crashing, so i did it in safe mode excluding windows files from memory.
Also how do i 'zip' a paste/log? mike.
|
|
#56
August 6th, 2012, 01:28 AM
|
||||
|
||||
|
For now, and sorry for the delays, please just send that Radix log.
Quote:
|
|
#57
August 11th, 2012, 10:28 PM
|
|||
|
|||
|
Haven't given up just not been around, will be on the case soon as i get a minute!
(haven't sussed how to 'Zip' a file for emailing yet either..) Thanks for your patience! Mike.
|
|
#59
October 16th, 2012, 09:52 AM
|
|||
|
|||
|
I think everything is sorted (sorry not been very well) my only problem is this window that pops up but i started using google chrome and i am problem free!!!!
I would like to thank you so much for all your patience and hard work! Kindest regards and deepest respect, Mike 
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 12:55 PM.
