Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The same popup constantly appearing


  • Please log in to reply
4 replies to this topic

#1 1123581220

1123581220

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 11 November 2011 - 08:17 PM

Hi!

Earlier today I decided to open a WindowsMediaPlayer.hta file via my Firefox. It proceeded to open WindowsMediaPlayer. Then soon after this one particular popup would constantly appear in Japanese. While I can close the popup (it's not a regular IE/Firefox window), it always returns in but few seconds. Also to note, occassionally there would be a IE script error: file:///C:/Documents%20and%20Settings/All%20Users.WINDOWS/Application%20Data/netad/4666MHMF.hta and the prompt would ask me if i would like to continue to run it. I always selected "No". The thing is I rarely even use my IE, and when I have a window open/running, whenever I press "Alt + Tab" I would see the Japanese pop up window but unable to change to it.

I quickly googled around a bit and stumbled upon this forum topic which i find disturbing similar: http://www.bleepingcomputer.com/forums/topic412878.html. Lastly, I saw a multitude of trojan reports associated with this problem, so I figured it's best if I get some good advice here. Thus, here I am.

What I've done so far:
Ran Malwarebyte's anti-malware
Ran SUPER AntiSpyware
Ran Gmer
Ran ESET OnlineScan
*each were done after a seperate reboot*

Here are the logs i saved from those scans:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8142

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/11/2011 5:43:56 PM
mbam-log-2011-11-11 (17-43-56).txt

Scan type: Quick scan
Objects scanned: 220624
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\muchpomp_cd9e91a635597bf4451ae43738119244d471117ff5d28942 (Trojan.PMovie) -> Value: muchpomp_cd9e91a635597bf4451ae43738119244d471117ff5d28942 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\andi.andi-07\application data\SogouPY\muchpomp_cd9e91a635597bf4451ae43738119244d471117ff5d28942.vbs (Trojan.PMovie) -> Quarantined and deleted successfully.

-------------------------------------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/11/2011 at 06:20 PM

Application Version : 5.0.1134

Core Rules Database Version : 7934
Trace Rules Database Version: 5746

Scan type : Complete Scan
Total Scan Time : 00:15:01

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 480
Memory threats detected : 0
Registry items scanned : 36440
Registry threats detected : 0
File items scanned : 30711
File threats detected : 82

Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\ANDI\Cookies\andi@statse.webtrendslive[1].txt [ Cookie:andi@statse.webtrendslive.com/ ]
C:\DOCUMENTS AND SETTINGS\ANDI\Cookies\andi@microsoftwga.112.2o7[1].txt [ Cookie:andi@microsoftwga.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\ANDI\Cookies\andi@microsoftwindows.112.2o7[1].txt [ Cookie:andi@microsoftwindows.112.2o7.net/ ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.microsoftgamestudio.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ANDI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NCK3JA7Q.DEFAULT\COOKIES.SQLITE ]
C:\DOCUMENTS AND SETTINGS\ANDI\COOKIES\ANDI@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
alotporn.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
asianmediawiki.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
banners.securedataimages.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
candeohealthysexuality.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
cdn-small.content.adultcentro.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
cdn.complexmedianetwork.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
cdn.insights.gravity.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
cdn1.static.pornhub.phncdn.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
cdn1.static1.pornrabbit.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
cdn2.themis-media.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
cdn5.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
content.oddcast.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
content.yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
m.mediashare.cn [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
macromedia.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
media.heavy.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
media.ign.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
media.movieweb.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
media.noob.us [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
media.oprah.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
media.scanscout.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
media.socialvibe.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
media.steampowered.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
media.wkbw.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
mymedia.yam.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
pornotube.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
secure-it.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
serial2.logcounter.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
sexier.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
thebigpornsecret.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
videos.adultnicheblog.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
vidii.hardsextube.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
www.99counters.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
www.media.gov.on.ca [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]
www.naiadsystems.com [ C:\DOCUMENTS AND SETTINGS\ANDI.ANDI-07\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7LWQ8CJB ]

Adware.Zango
C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB181F74-84D7-428F-B3DC-F3A99447E446}\RP245\A0027162.EXE

------------------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-11 18:59:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000065 WDC_WD1500ADFD-00NLR1 rev.20.07P20
Running: spcd1cm8.exe; Driver: C:\DOCUME~1\ANDI~1.AND\LOCALS~1\Temp\kxrdrpog.sys


---- System - GMER 1.0.15 ----

SSDT spiq.sys ZwCreateKey [0xB7EB50E0]
SSDT spiq.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spiq.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT spiq.sys ZwOpenKey [0xB7EB50C0]
SSDT spiq.sys ZwQueryKey [0xB7ECE20A]
SSDT spiq.sys ZwQueryValueKey [0xB7ECE08A]
SSDT spiq.sys ZwSetValueKey [0xB7ECE29C]

INT 0x63 ? 89E53BF8
INT 0x73 ? 89E53BF8
INT 0x94 ? 89B16BF8
INT 0xB4 ? 89DE6F00

---- Kernel code sections - GMER 1.0.15 ----

? spiq.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5C263A0, 0x59FFE5, 0xE8000020]
.text USBPORT.SYS!DllUnload B5BF28AC 5 Bytes JMP 89B161D8
.text ab3q471k.SYS B5AD4386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ab3q471k.SYS B5AD43AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ab3q471k.SYS B5AD43C4 3 Bytes [00, 80, 02]
.text ab3q471k.SYS B5AD43C9 1 Byte [30]
.text ab3q471k.SYS B5AD43C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3660] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0040131F C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4028] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 105D6996 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spiq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spiq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spiq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spiq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spiq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spiq.sys
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\ab3q471k.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89DE11F8
Device \Driver\PCI_PNP8968 \Device\00000041 spiq.sys
Device \Driver\usbohci \Device\USBPDO-0 89A591F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89E541F8
Device \Driver\dmio \Device\DmControl\DmConfig 89E541F8
Device \Driver\dmio \Device\DmControl\DmPnP 89E541F8
Device \Driver\dmio \Device\DmControl\DmInfo 89E541F8
Device \Driver\usbehci \Device\USBPDO-1 89B171F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89DE41F8
Device \Driver\nvata \Device\00000065 89E531F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89DE41F8
Device \Driver\Cdrom \Device\CdRom0 89B0F1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 89B0F1F8
Device \Driver\nvata \Device\00000066 89E531F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 88D351F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9E7E8DF0-0C88-4E99-A84D-F9E372AA4376} 88D351F8
Device \Driver\NetBT \Device\NetbiosSmb 88D351F8
Device \Driver\usbohci \Device\USBFDO-0 89A591F8
Device \Driver\nvata \Device\NvAta0 89E531F8
Device \Driver\usbehci \Device\USBFDO-1 89B171F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89917500
Device \Driver\nvata \Device\NvAta1 89E531F8
Device \Driver\USBSTOR \Device\0000006e 88CE01F8
Device \Driver\USBSTOR \Device\0000006f 88CE01F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89917500
Device \Driver\sptd \Device\464143968 spiq.sys
Device \Driver\Ftdisk \Device\FtControl 89DE41F8
Device \Driver\ab3q471k \Device\Scsi\ab3q471k1 89A461F8
Device \Driver\JRAID \Device\Scsi\JRAID1 89DE21F8
Device \Driver\ab3q471k \Device\Scsi\ab3q471k1Port5Path0Target0Lun0 89A461F8
Device \FileSystem\Cdfs \Cdfs 88CE81F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEF 0xC9 0x98 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x4A 0xF5 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x22 0xC9 0x46 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEF 0xC9 0x98 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x4A 0xF5 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x22 0xC9 0x46 ...

---- EOF - GMER 1.0.15 ----

C:\Documents and Settings\Andi.ANDI-07\Application Data\Sun\Java\Deployment\cache\6.0\31\281e7c9f-6d673117 Java/Agent.CK trojan deleted - quarantined
C:\Documents and Settings\Andi.ANDI-07\Application Data\Sun\Java\Deployment\cache\6.0\36\7e537e4-153e4242 multiple threats deleted - quarantined
C:\Documents and Settings\Andi.ANDI-07\Application Data\Sun\Java\Deployment\cache\6.0\37\1e0742a5-31deedb6 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Documents and Settings\Andi.ANDI-07\Application Data\Sun\Java\Deployment\cache\6.0\48\35d60d30-2d1ab310 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined
C:\Documents and Settings\Andi.ANDI-07\Application Data\Sun\Java\Deployment\cache\6.0\48\3904c070-1c644aa8 Java/Exploit.Agent.NAO trojan deleted - quarantined
C:\Documents and Settings\Andi.ANDI-07\Application Data\Sun\Java\Deployment\cache\6.0\51\126a5b73-624a6810 Java/Agent.DW trojan deleted - quarantined
C:\Documents and Settings\Andi.ANDI-07\Application Data\Sun\Java\Deployment\cache\6.0\7\623a2f47-38c2b6b3 Java/Agent.DU trojan deleted - quarantined



How should I proceed in fixing this problem? I thought about just following the instructions that were given on the previously mentioned thread but thought better of it.

Many Thanks in advance,

1123581220


*UPDATE
For some reason the popups stopped appearing and it doesn't even appear in the "Alt + Tab" window anymore either. Everything has gone back to normal as if it didn't happen in the first place. This feels kind of abnormal to me... somewhat like the calm before the storm. If this is the doing of a spyware/adware then it's the first time I've encountered this type of situation.

*UPDATE 2
I booted up my computer again today and the same popup came back, it was also visible in the "Alt + Tab" window. However, i ended mshta.exe process in my task manager and everything seems to have returned to normal.

Edited by 1123581220, 12 November 2011 - 01:00 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:40 AM

Posted 14 November 2011 - 08:42 PM

Hello and welcome. Let's take a look.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

This post has been edited by boopme: 02 October 2011 - 08:28 PM



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 1123581220

1123581220
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 14 November 2011 - 11:36 PM

Hi and thank you for responding!


MiniToolBox by Farbar
Ran by Andi (administrator) on 14-11-2011 at 21:33:13
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : andi-07

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 3:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-1A-92-D7-A6-1E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 64.71.255.198

Lease Obtained. . . . . . . . . . : November 14, 2011 6:30:11 PM

Lease Expires . . . . . . . . . . : November 15, 2011 6:30:11 PM

Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

Name: google.com
Addresses: 72.14.204.104, 72.14.204.99, 72.14.204.147, 72.14.204.103
72.14.204.105



Pinging google.com [72.14.204.104] with 32 bytes of data:



Reply from 72.14.204.104: bytes=32 time=33ms TTL=54

Reply from 72.14.204.104: bytes=32 time=33ms TTL=54



Ping statistics for 72.14.204.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 33ms, Average = 33ms

Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 67.195.160.76, 72.30.2.43
98.137.149.56



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=37ms TTL=53

Reply from 98.139.180.149: bytes=32 time=37ms TTL=53



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 37ms, Maximum = 37ms, Average = 37ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a 92 d7 a6 1e ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/11/2011 09:14:30 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 1.9.2.4324, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/11/2011 09:14:04 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.1.33, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/04/2011 03:40:05 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x05f0aa20.
Processing media-specific event for [explorer.exe!ws!]

Error: (11/02/2011 03:14:05 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module ffdshow.ax, version 1.0.7.3064, fault address 0x00192da0.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (10/31/2011 08:40:07 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module ffdshow.ax, version 1.0.7.3064, fault address 0x00192da0.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (10/31/2011 08:31:08 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module ffdshow.ax, version 1.0.7.3064, fault address 0x0019339c.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (10/31/2011 07:48:33 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module ffdshow.ax, version 1.0.7.3064, fault address 0x0019339c.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (10/31/2011 07:28:19 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module ffdshow.ax, version 1.0.7.3064, fault address 0x0019339c.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (10/31/2011 07:12:13 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module ffdshow.ax, version 1.0.7.3064, fault address 0x0019339c.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (10/31/2011 07:12:02 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module ffdshow.ax, version 1.0.7.3064, fault address 0x00192da0.
Processing media-specific event for [wmplayer.exe!ws!]


System errors:
=============
Error: (11/13/2011 02:30:21 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (11/13/2011 02:30:21 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (11/13/2011 02:30:13 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.100 on the
Network Card with network address 001A92D7A61E.

Error: (11/11/2011 07:00:38 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/11/2011 07:00:11 PM) (Source: Service Control Manager) (User: )
Description: The WD SmartWare Drive Manager service terminated unexpectedly. It has done this 1 time(s).

Error: (11/11/2011 07:00:06 PM) (Source: Service Control Manager) (User: )
Description: The WD SmartWare Background Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/11/2011 06:59:58 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.100 for the Network Card with network address 001A92D7A61E has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/11/2011 05:53:13 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.100 for the Network Card with network address 001A92D7A61E has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/11/2011 05:45:30 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (11/11/2011 03:26:47 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 001A92D7A61E has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================
Error: (11/11/2011 09:14:30 PM) (Source: Application Hang)(User: )
Description: firefox.exe1.9.2.4324hungapp0.0.0.000000000

Error: (11/11/2011 09:14:04 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe10.1.1.33hungapp0.0.0.000000000

Error: (11/04/2011 03:40:05 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.005f0aa20

Error: (11/02/2011 03:14:05 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145ffdshow.ax1.0.7.306400192da0

Error: (10/31/2011 08:40:07 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145ffdshow.ax1.0.7.306400192da0

Error: (10/31/2011 08:31:08 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145ffdshow.ax1.0.7.30640019339c

Error: (10/31/2011 07:48:33 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145ffdshow.ax1.0.7.30640019339c

Error: (10/31/2011 07:28:19 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145ffdshow.ax1.0.7.30640019339c

Error: (10/31/2011 07:12:13 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145ffdshow.ax1.0.7.30640019339c

Error: (10/31/2011 07:12:02 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145ffdshow.ax1.0.7.306400192da0


=========================== Installed Programs ============================


Adobe AIR (Version: 2.7.0.19480)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
µTorrent (Version: 2.0.4)
Audacity 1.2.6
Bonjour (Version: 2.0.5.0)
Canon iP4200
Combined Community Codec Pack 2009-09-09 (Version: 2009.09.09.0)
Counter-Strike
Heroes of Newerth (Version: 2.0.33)
ImgBurn (Version: 2.5.5.0)
iTunes (Version: 10.2.2.12)
JMB36X Raid Configurer (Version: 1.00.0000)
Junk Mail filter update (Version: 14.0.8117.416)
LAME v3.98.3 for Audacity
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Minecraft (Beta v1.2_01) (Version: Beta v1.2_01)
mIRC (Version: 7.1)
Mozilla Firefox (3.6.24) (Version: 3.6.24 (en-US))
MSVCRT (Version: 14.0.1468.721)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA nView Desktop Manager (Version: 6.14.10.13527)
NVIDIA PhysX (Version: 9.10.0224)
Pixillion Image Converter
QuickTime (Version: 7.69.80.9)
Real Alternative 2.0.2 Lite (Version: 2.0.2)
Realtek High Definition Audio Driver (Version: 5.10.0.5324)
Segoe UI (Version: 14.0.4327.805)
Shogun 2 Total War
Skype Toolbars (Version: 5.3.7555)
Skype™ 5.3 (Version: 5.3.120)
StarCraft II (Version: 1.4.1.19776)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1134)
Switch Sound File Converter
TestGen
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Veetle TV 0.9.18 (Version: 0.9.18)
Ventrilo Client (Version: 3.0.5)
VLC media player 1.1.11 (Version: 1.1.11)
WD SmartWare (Version: 1.2.0.20)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.581 )
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
WinRAR archiver
xVideos Video Downloader 3.23

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 2046.48 MB
Available physical RAM: 1500.44 MB
Total Pagefile: 3938.84 MB
Available Pagefile: 3507.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.44 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:139.73 GB) (Free:63.46 GB) NTFS
4 Drive e: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:100.98 GB) NTFS

========================= Users: ========================================

User accounts for \\ANDI-07

Administrator Andi Guest
HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini061611-01.dmp
C:\WINDOWS\Minidump\Mini062811-01.dmp
C:\WINDOWS\Minidump\Mini110911-01.dmp

**** End of log ****

just finished scanning ESET. no log.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:40 AM

Posted 15 November 2011 - 09:56 PM

By the way the scripts in the other post are for a WIN 7 PC.

I think the best next step in to Un and re install Firefox.
Uninstall Firefox

Install FF 8

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 1123581220

1123581220
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 15 November 2011 - 10:04 PM

O I see, I hope I didn't make anything worse by doing that... Okay I'll get right on it, let you know when it's done.

Edit: Just finished installing to the latest version of Firefox.

Edited by 1123581220, 15 November 2011 - 10:32 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users