floater44

Member
  • Content count

    47
  • Joined

  • Last visited

Community Reputation

0 Neutral

About floater44

  • Rank
    Member
  • Birthday

System Information

  • Operating System
    Windows XP
  • Firewall or HIPS Software
    Windows Firewall
  • Other Security Software
    Spy Protector
  1. I have sanitised my C drive using EAM 7 + companions. Service search and backup/restore all working OK. It's been an interesting experience. "Experience is what you get when you were expecting something else". Thank you.
  2. You are correct and as I did not know how to interpret the GMER and Rootkitrevealer output I didn't do any manual changes via regedit, however I did run regdelnull and lost internet connection for quite a while. Not very smart!! I don't have any sandbox application installed. I've tried Sandboxie and Virtual Sandbox and uninstalled them after a short time usage. Again without expert support difficult to interpret correctly. Windows Search 4.0 for XP uninstalled (Windows Support Tools). TFC removed.
  3. I am able to locate more 'strangers' using GMER and Rootkitrevealer GMER detects expdsfla.sys and Rootrevealer detects an HKU registry entry with timestamp 1/1/1601 01:00 Both report error during hive with null values and that the system cannot find the file specified. Lots of tmp files on desktop and the TFC program only works in Safe Mode. Clean C drive using EAM deep scan and MBAM full scan. External drive switched off. Windows search unavailable.
  4. Secunia updated Adobe Flash Player to v 11.4 . The previous version was insecure. Search + companion has returned
  5. On downloading the Java 7 up7 a popup occured warning of a corrupt download. I uninstalled v6 and the system accepted the updated Java 7 up7.
  6. Here is the MBAM log you have requested. Unusual events possibly caused by attempted installation and uninstallation of:Virtual Sandbox a) OTL's TFC stalls b) Extra drives appearing with red circled white coloured question marks Registry finds using regedit : Edit, Find on the text Sandbox Xenocode > XSandboxCache As you know I am currently on Java 7 update 6 and will now update to version 7 from your previous link
  7. Secuinia refers to a Java App I need to be confident that any more downloads do not exacerbate further.
  8. I have just located a trojan downloader (VirusTotal 36/42 Emsisoft Trojan-Dropper.Agent!IK ) but worryingly passed by right click and scan using the latest EAM version 7. The suspect file was located in a flash scan and quarantined using MBAM and was possibly downloaded in a recent (Firmware/Lacie) upgrade as my second external HD is proving difficult to load. If appropriate please close this topic and if any further problems arise I will raise in a new one, unless of course you wish this one to continue? Search+ companion unavailable, backup OK, some loading and unloading popups seen on opening and closing Windows. PS I have only just seen the Secunia Inspector, I will run that now and repot back
  9. With near record reboots and a desktop like a battle ground I suppose we must finish with a cleanup sometime soon. Until the next rootkit.. ...that which we are, we are; One equal temper of heroic hearts, Made weak by time and fate, but strong in will To strive, to seek, to find, and not to yield. from Alfred Lord Tennyson's poem Ulysses and also quoted by Edward Kennedy in his 1980 DNC address
  10. Windows search + companion is available intermittently. Backup facility OK I need to give my computer system some basic tasks to execute and will report back shortly.
  11. I have remembered some time ago reporting a possible malware not identified by EAM. I made a record of it by name and location It has returned and is still on my system Identified as RCS Remote Task Manager hkey_current user\software\smartlinevision 1 infection also Riskware P2P active ports hkey_current user\software\smartlinevision\aports 18 infections It may be a benign false positive as the software has not been supported for a few years I will leave these on my system which will remain unchanged awaiting your further instructions. .
  12. Here is the avz4 log
  13. Here is the Avenger log. One auto-reboot
  14. EAM not EMA. Yesterday there was a problem with a backup DVD indicating a CRC problem and on another copying system files to a DVD slowed right down.
  15. Avenger ran with the foregoing script pasted in and produced three OK screens. On the first program initiated reboot there was a window C:\Cleanup.exe Windows cannot find 'C:\cleanup.exe' During process EMA popup from tray with malware warning and automatically quaratined cleaner.exe ( Virustotal 15/41 EMA Win32.SuspectCrc!IK) No Avenger log In my computer's root directory is a msdos batch file cleanup.bat Virustotal gave 2/17 result cleanup.exe in EMA quarantine, cleanup.bat in root directory Avenger looking for cleanup.exe but EMA snatched it to quarantine?