Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CVE-2012-1723.am &


  • This topic is locked This topic is locked
19 replies to this topic

#1 allsmiles

allsmiles

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 19 August 2012 - 09:52 AM

Hello. I am very frustrated because both my desktop and my laptop are infected. First I want to focus on my desktop. I have security essentials set to automatically run a full scan every day. On July 24th it detected the following items:

Trojan:Win32/Tracur.AU
Exploit:Java/CVE-2012-1723.P
Trojan:Win32/Tracur.AU
Exploit:Java/CVE-2012-1723.P
TrojanDownloader:Java/OpenStream.BY
Exploit:Java/CVE-2012-0507.CQ

Next, I ran Malwarebytes and below is the log for it:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: MEDIA [administrator]

7/24/2012 10:12:55 PM
mbam-log-2012-07-24 (22-12-55).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 327780
Time elapsed: 1 hour(s), 18 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00599587.exe (Trojan.Agent.Gen) -> Data: "C:\Documents and Settings\Owner\Application Data\KB00599587.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Owner\Local Settings\Temp\1jfuweif.exe (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\KB00599587.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)

I then ran another scan using both and came back clean so I assumed there was nothing left.

Last night, I rebooted into safemode and ran Malwarebytes again and it came up with the following log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.19.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Owner :: MEDIA [administrator]

8/18/2012 10:51:01 PM
mbam-log-2012-08-18 (22-51-01).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 361241
Time elapsed: 43 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Owner\Local Settings\Application Data\Sonic Foundry\oahmpwpm.dll.bak (Spyware.Password) -> Quarantined and deleted successfully.

(end)



Then I ran ESET online scanner which found 2 files labeled CVE-2012-1723.am

I have run both scanners again and they come back clean but I don't believe it. Not with my luck. Can someone please work through checking this with me?

THanks in advance.

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:14 PM

Posted 19 August 2012 - 02:26 PM

Good evening. :)

Please go here, follow steps six, seven and eight as best you can, skipping those that you cannot run for any reason, and then post accordingly into this thread.

So long, and thanks for all the fish.

 

 


#3 allsmiles

allsmiles
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 19 August 2012 - 03:43 PM

First of all, thank you for taking the time to help. I am sorry if this is a stupid question, but should I do these steps in safemode or boot into XP in standard fashion?
Thanks again for your help. :)

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:14 PM

Posted 19 August 2012 - 04:28 PM

Normal Mode please.

So long, and thanks for all the fish.

 

 


#5 allsmiles

allsmiles
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 19 August 2012 - 06:40 PM

FYI: After I first posted this topic up this morning, I ran avast and it detected a file that it classified as a THREAT: HTML:Iframe-inf. So I think I guess it's safe to assume I didn't fix anything :).
I have since only followed your instructions.:)
Hopefully with your help, my luck will change for the better.


Log for DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Owner at 17:47:12 on 2012-08-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1184 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\acs.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\ASUS\AASP\1.00.91\aaCenter.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
svchost.exe
C:\Program Files\SuperSignMgr\server\Apache2.2\bin\httpd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\SuperSignMgr\server\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.131.2322.0.exe
C:\WINDOWS\system32\MpSigStub.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [CPU Power Monitor] "c:\program files\asus\ai suite\aigear3\CpuPowerMonitor.exe"
mRun: [ASUS Energy Saving] "c:\program files\asus\ai suite\energysaving\PwSave.exe"
mRun: [Cpu Level Up help] "c:\program files\asus\ai suite\CpuLevelUpHelp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CTHelper] CTHELPER.EXE
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn311\wlancfg5.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1317060914953
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.3.1 192.168.3.1
TCP: Interfaces\{0D636137-9425-476A-99F9-97C909C70AA9} : DhcpNameServer = 192.168.3.1 192.168.3.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\qb6vffuy.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-19 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-19 353688]
R2 Apache2.2_SS;Apache2.2_SS;c:\program files\supersignmgr\server\apache2.2\bin\httpd.exe [2012-6-30 24636]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-19 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-19 44808]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S1 bpveyftz;bpveyftz;\??\c:\windows\system32\drivers\bpveyftz.sys --> c:\windows\system32\drivers\bpveyftz.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-21 136176]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-8-21 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-21 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-19 21:47:04 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cd670a5f-5edb-4b31-a306-b6cecca4c9ee}\mpengine.dll
2012-08-19 14:55:12 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-19 14:54:59 41224 ----a-w- c:\windows\avastSS.scr
2012-08-19 14:54:44 -------- d-----w- c:\program files\AVAST Software
2012-08-19 14:54:44 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-08-19 04:17:02 -------- d-----w- c:\program files\ESET
2012-08-18 14:49:27 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-30 21:52:13 103904 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-07-25 13:00:39 -------- d-sha-r- C:\cmdcons
2012-07-25 12:58:04 98816 ----a-w- c:\windows\sed.exe
2012-07-25 12:58:04 518144 ----a-w- c:\windows\SWREG.exe
2012-07-25 12:58:04 256000 ----a-w- c:\windows\PEV.exe
2012-07-25 12:58:04 208896 ----a-w- c:\windows\MBR.exe
2012-07-25 03:51:59 -------- d-----w- c:\windows\system32\Adobe
2012-07-24 21:43:19 -------- d--h--w- c:\documents and settings\owner\application data\5D49E6DE
.
==================== Find3M ====================
.
2012-08-17 04:05:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 04:05:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 17:49:42.04 ===============

Attached Files



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:14 PM

Posted 20 August 2012 - 02:27 PM

Good evening. :)

I ran avast and it detected a file that it classified as a THREAT: HTML:Iframe-inf.

Did Avast give any file name(s) with regard to this nasty?

So long, and thanks for all the fish.

 

 


#7 allsmiles

allsmiles
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 20 August 2012 - 03:21 PM

It named itself as one of the html files in a folder(on my desktop) for one of my domain names. That was the only file that came up. Immediately afterwards, I chose the option to "delete" the file and then uninstalled avast as I was worried it would interfere with security essentials. Recently I switched hosting companies so that folder is a back up of everything I had stored there. I FTP'd it all on August 2nd.

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:14 PM

Posted 21 August 2012 - 02:25 PM

Good evening. :)

The rule of thumb is to only have one resident scanner installed at any one time, so you did the right thing by removing one.

It is just possible that what you are seeing is the normal detritus that can be picked up by surfing the web, but we'll run an online scan to start and see if anything shows up. Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

So long, and thanks for all the fish.

 

 


#9 allsmiles

allsmiles
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 21 August 2012 - 09:34 PM

I ran Eset Online scanner and it said "No threats found." :)

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:14 PM

Posted 22 August 2012 - 03:01 PM

Good evening. :)

Always a good thing. Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Check the Scan All User box at the top.
  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    • netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      consrv.dll
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      C:\Windows\assembly\tmp\U\*.* /s
      %Temp%\smtmp\1\*.*
      %Temp%\smtmp\2\*.*
      %Temp%\smtmp\3\*.*
      %Temp%\smtmp\4\*.*
      >C:\commands.txt echo list vol /raw /hide /c
      /wait
      >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
      /wait
      type c:\diskreport.txt /c
      /wait
      erase c:\commands.txt /hide /c
      /wait
      erase c:\diskreport.txt /hide /c
      CREATERESTOREPOINT
  • Click the Run Scan button and allow it to do it's thing.
  • Once the scan has completed two notepad windows, OTL.Txt and Extras.Txt, will open - these text files will be saved in the same location as OTL.
  • Please post the contents of both in your next reply - you may need to post each seperately if they are overly long.

So long, and thanks for all the fish.

 

 


#11 allsmiles

allsmiles
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 22 August 2012 - 04:43 PM

Ok. Here is the OTL file. :)

OTL logfile created on: 8/22/2012 5:26:34 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.49% Memory free
3.85 Gb Paging File | 3.29 Gb Available in Paging File | 85.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 38.58 Gb Free Space | 50.31% Space Free | Partition Type: NTFS
Drive D: | 76.62 Gb Total Space | 34.22 Gb Free Space | 44.66% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 788.21 Gb Free Space | 84.62% Space Free | Partition Type: NTFS
Drive F: | 621.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Unable to calculate disk information.

Computer Name: MEDIA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/22 17:25:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/07/19 10:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/08/23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2010/03/18 20:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/05/25 17:45:48 | 001,431,040 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
PRC - [2009/03/19 03:41:28 | 000,623,104 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.91\aaCenter.exe
PRC - [2009/01/22 21:43:54 | 001,352,704 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
PRC - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\SuperSignMgr\server\Apache2.2\bin\httpd.exe
PRC - [2008/09/08 12:10:20 | 000,450,560 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/09/08 12:09:40 | 000,184,320 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 11:17:18 | 000,627,200 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
PRC - [2004/10/25 14:02:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/19 10:17:05 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/07/14 17:37:20 | 000,450,560 | ---- | M] () -- C:\Program Files\SuperSignMgr\server\php\ext\ioncube_loader_win_5.2.dll
MOD - [2009/05/25 17:45:48 | 001,431,040 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
MOD - [2009/04/12 22:37:34 | 000,188,928 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.91\aasp.dll
MOD - [2009/03/19 03:41:28 | 000,623,104 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.91\aaCenter.exe
MOD - [2009/01/22 21:43:54 | 001,352,704 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
MOD - [2009/01/22 21:43:54 | 000,409,088 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\EnergySaving\AnimationView.dll
MOD - [2008/09/08 12:10:20 | 000,450,560 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
MOD - [2008/09/08 12:09:40 | 000,184,320 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
MOD - [2008/09/08 11:57:14 | 000,102,400 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
MOD - [2008/02/25 16:08:54 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.dll
MOD - [2008/01/18 00:17:16 | 000,073,782 | ---- | M] () -- C:\Program Files\SuperSignMgr\server\Apache2.2\bin\zlib1.dll
MOD - [2008/01/17 04:46:20 | 000,053,248 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.91\cpuutil.dll
MOD - [2008/01/09 11:17:18 | 000,627,200 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
MOD - [2006/01/10 04:50:20 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\AsIO.dll
MOD - [2005/06/22 05:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.91\PowerDll.dll
MOD - [2004/10/25 14:02:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/19 10:17:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/08/21 16:07:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\SuperSignMgr\server\Apache2.2\bin\httpd.exe -- (Apache2.2_SS)
SRV - [2008/09/08 12:10:20 | 000,450,560 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2008/09/08 12:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2004/10/25 14:02:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\bpveyftz.sys -- (bpveyftz)
DRV - [2012/08/22 10:48:29 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45868F52-E9CC-433C-8B58-64028A5AE409}\MpKsld392945e.sys -- (MpKsld392945e)
DRV - [2010/08/21 16:18:27 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X)
DRV - [2010/03/18 21:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 21:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 21:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 21:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 21:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 21:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 21:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 21:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 21:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2010/03/18 21:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 21:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 21:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 21:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 21:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2008/08/18 06:54:24 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/07/31 23:36:26 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/07/31 23:36:20 | 000,054,784 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/12/17 05:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/11/01 02:38:56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/01/27 18:51:02 | 000,400,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WPN311.sys -- (AR5211)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1202660629-839522115-682003330-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1202660629-839522115-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1202660629-839522115-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1202660629-839522115-682003330-1003\..\SearchScopes\{FD4F13FA-67AC-4F96-91E5-3C0D1459EBB0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ444STUS&apn_uid=58E2B852-9FCE-4FAB-B7AB-2C3D32B71EE1&apn_sauid=BC3E81E8-D32B-4E25-90EE-4BB012BA408C&
IE - HKU\S-1-5-21-1202660629-839522115-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 10:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 00:07:18 | 000,000,000 | ---D | M]

[2010/08/21 16:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/05/01 23:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qb6vffuy.default\extensions
[2011/11/11 01:13:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qb6vffuy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/26 07:39:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/19 10:17:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/24 23:37:29 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/17 16:28:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/17 16:28:27 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/25 09:04:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1202660629-839522115-682003330-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ASUS Energy Saving] C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe ()
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-839522115-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1317060914953 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D636137-9425-476A-99F9-97C909C70AA9}: DhcpNameServer = 192.168.3.1 192.168.3.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/21 15:06:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/20 01:46:50 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/25 20:24:33 | 001,003,520 | R--- | M] (Microsoft Corporation) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/07/13 16:14:15 | 000,000,161 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/22 17:25:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/08/21 17:21:56 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2012/08/19 17:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2012/08/19 17:46:52 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds(1).com
[2012/08/19 17:43:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2012/08/19 10:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/19 10:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/19 10:15:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/08/19 00:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/17 00:06:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/02 01:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\trancenotic
[2012/08/02 01:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\euronotic
[2012/08/02 01:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2012/08/02 01:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2012/08/02 01:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/07/25 09:05:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/07/25 09:00:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/25 08:58:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/25 08:58:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/25 08:58:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/25 08:58:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/25 08:57:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/25 08:57:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/24 23:51:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/07/24 23:33:12 | 070,504,480 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\msert.exe
[2012/07/24 17:43:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Application Data\5D49E6DE
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/22 17:25:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/08/22 17:06:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/22 17:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/08/22 10:47:25 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/21 20:06:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/21 17:22:09 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2012/08/21 14:59:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/21 14:59:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/21 14:59:13 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/19 23:05:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/08/19 22:56:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/19 22:53:56 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000007-00000000-00000006-00001102-00000004-00511102}.rfx
[2012/08/19 22:53:56 | 000,030,648 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000007-00000000-00000006-00001102-00000004-00511102}.rfx
[2012/08/19 22:53:56 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000007-00000000-00000006-00001102-00000004-00511102}.rfx
[2012/08/19 22:53:56 | 000,029,100 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000007-00000000-00000006-00001102-00000004-00511102}.rfx
[2012/08/19 22:53:56 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000007-00000000-00000006-00001102-00000004-00511102}.rfx
[2012/08/19 22:53:26 | 003,162,278 | ---- | M] () -- C:\WINDOWS\{00000007-00000000-00000006-00001102-00000004-00511102}.CDF
[2012/08/19 22:53:26 | 003,162,278 | ---- | M] () -- C:\WINDOWS\{00000007-00000000-00000006-00001102-00000004-00511102}.BAK
[2012/08/19 17:55:38 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/08/19 17:47:05 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds(1).com
[2012/08/19 17:47:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2012/08/19 17:40:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/08/19 00:41:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/17 00:07:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/08/17 00:05:39 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/17 00:05:38 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/17 00:01:13 | 000,127,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/16 23:12:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/02 01:31:47 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2012/07/25 09:52:47 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/07/25 09:04:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/24 23:33:15 | 070,504,480 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\msert.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/19 23:00:43 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/19 17:55:37 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/08/19 17:40:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/08/02 01:31:47 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2012/07/25 09:52:47 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/07/25 09:00:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/07/25 09:00:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/25 08:58:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/25 08:58:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/25 08:58:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/25 08:58:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/25 08:58:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/27 00:03:57 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/11/02 05:05:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/01/12 11:00:41 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: MEDIA
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F AOE3X CDFS DVD-ROM 621 MB
Volume 1 G CD-ROM 0 B
Volume 2 C NTFS Partition 77 GB Healthy System
Volume 3 D NTFS Partition 77 GB Healthy
Volume 4 E New Volume NTFS Partition 932 GB Healthy

< End of report >

#12 allsmiles

allsmiles
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 22 August 2012 - 04:46 PM

And here is the Extras file :) :

OTL Extras logfile created on: 8/22/2012 5:26:34 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.49% Memory free
3.85 Gb Paging File | 3.29 Gb Available in Paging File | 85.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.69 Gb Total Space | 38.58 Gb Free Space | 50.31% Space Free | Partition Type: NTFS
Drive D: | 76.62 Gb Total Space | 34.22 Gb Free Space | 44.66% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 788.21 Gb Free Space | 84.62% Space Free | Partition Type: NTFS
Drive F: | 621.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Unable to calculate disk information.

Computer Name: MEDIA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires Online\Spartan.exe" = C:\Program Files\Microsoft Games\Age of Empires Online\Spartan.exe:*:Enabled:Age of Empires Online -- (Microsoft Studios)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\SuperSignMgr\server\Apache2.2\bin\httpd.exe" = C:\Program Files\SuperSignMgr\server\Apache2.2\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\SuperSignMgr\PreviewPlayer.exe" = C:\Program Files\SuperSignMgr\PreviewPlayer.exe:*:Enabled:SuperSign Media Player -- (LG Electronics)
"C:\Program Files\SuperSignMgr\SMCServer.exe" = C:\Program Files\SuperSignMgr\SMCServer.exe:*:Enabled:SMC Server for SuperSign -- (LG Electronics Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java™ SE Development Kit 6 Update 23
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78BC10C5-A668-433F-A9DF-954135FE11D2}" = Sonic Foundry ACID 4.0a
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{968CB479-6163-415F-A9D3-4489BF07DAFF}" = Sonic Foundry Sound Forge 6.0b
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB938897-211A-4999-9749-236D2E8E464A}" = NETGEAR Wireless Adapter WPN311
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Android SDK Tools" = Android SDK Tools
"AudioCS" = Creative Audio Console
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.3
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"Grand Theft Auto" = Grand Theft Auto
"GTA2" = GTA2
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{AB938897-211A-4999-9749-236D2E8E464A}" = NETGEAR Wireless Adapter WPN311
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Opera 11.01.1190" = Opera 11.01
"Red Alert 2" = Command & Conquer Red Alert 2
"SimCity 3000" = SimCity 3000
"SuperSign Manager" = SuperSign Manager
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Messenger" = Yahoo! Messenger
"Zune" = Zune

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/29/2012 4:24:25 PM | Computer Name = MEDIA | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\.~LOCK.DC TRIP!!.ODS#>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 7/20/2012 10:20:33 AM | Computer Name = MEDIA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2012 5:54:38 PM | Computer Name = MEDIA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2012 5:54:39 PM | Computer Name = MEDIA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2012 11:37:35 PM | Computer Name = MEDIA | Source = Application Hang | ID = 1002
Description = Hanging application FlashPlayerApp.exe, version 11.3.300.265, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2012 11:38:27 PM | Computer Name = MEDIA | Source = Application Hang | ID = 1002
Description = Hanging application FlashPlayerApp.exe, version 11.3.300.265, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/2/2012 1:28:17 AM | Computer Name = MEDIA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/19/2012 5:45:59 PM | Computer Name = MEDIA | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.0.1526.0, P3 timeout, P4 1.1.8601.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/19/2012 5:46:00 PM | Computer Name = MEDIA | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 4.0.1526.0, P3 timeout, P4 1.1.8601.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 8/22/2012 5:25:53 PM | Computer Name = MEDIA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 14.0.1.4577, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/19/2012 10:01:34 PM | Computer Name = MEDIA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/19/2012 10:01:34 PM | Computer Name = MEDIA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/19/2012 10:01:37 PM | Computer Name = MEDIA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/19/2012 10:01:37 PM | Computer Name = MEDIA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/19/2012 10:52:43 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 8/19/2012 10:56:17 PM | Computer Name = MEDIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/19/2012 10:56:26 PM | Computer Name = MEDIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 8/19/2012 10:57:04 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AsIO aswSnx aswSP aswTdi Fips intelppm MpFilter

Error - 8/19/2012 10:59:47 PM | Computer Name = MEDIA | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/21/2012 2:59:21 PM | Computer Name = MEDIA | Source = Microsoft Antimalware | ID = 2004
Description = %%860 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x80070003 Error description: The system cannot find the path specified. Signature
version: 1.131.2365.0;1.131.2365.0 Engine version: 1.1.8601.0


< End of report >

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:14 PM

Posted 23 August 2012 - 03:13 PM

Good evening. :)

Run OTL.exe.

  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\bpveyftz.sys -- (bpveyftz)

    :Files
    ipconfig /flushdns /c
    C:\WINDOWS\system32\drivers\bpveyftz.sys

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.
Please let me have a copy of the log that appears once OTL has completed it's run.


Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun Java needs updating, but sometimes it doesn't go according to plan, so for this I like to use a free utility available here called Revo Uninstaller - you want the Freeware version.

Install it, run it and select the following and have it remove them, accepting the default options:

Java DB 10.5.3.0
Java™ 6 Update 22
Java™ 6 Update 31
Java™ SE Development Kit 6 Update 23


Then go here and click on the appropriate link, either Windows Offline (32-bit) or Windows Offline (64-bit) depending on your operating system, in the Windows section near the top.
Save the file somewhere accessible and, once downloaded, double click the file to install the latest version of Java.
I suggest that you save the installation file, as long as you have the disc space, as it will save you downloading it again should you need to reinstall for some reason. You can also use it on any other computers you have to save bandwidth.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your copy of Adobe Reader is out of date. You can get the latest version here - feel free to uncheck the McAfee download option when it appears.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Let me know how the PC is behaving.

So long, and thanks for all the fish.

 

 


#14 allsmiles

allsmiles
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 23 August 2012 - 11:42 PM

Here it is :). Btw, I deleted from the log the filenames for the last 3 entries from the "files moved upon reboot" because they contained my first and last name (figured we shouldn't post that info. :) ) Hope this makes sense. I will update Acrobat Reader right now and clean up Java as you instructed. Thanks :)



All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys not found.
Service bpveyftz stopped successfully!
Service bpveyftz deleted successfully!
File C:\WINDOWS\system32\drivers\bpveyftz.sys not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
File\Folder C:\WINDOWS\system32\drivers\bpveyftz.sys not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 73602 bytes
->Temporary Internet Files folder emptied: 9183402 bytes
->FireFox cache emptied: 38908054 bytes
->Flash cache emptied: 57361 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 161136 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 1156403818 bytes
->Temporary Internet Files folder emptied: 768111605 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 92198250 bytes
->Opera cache emptied: 12018224 bytes
->Flash cache emptied: 61752 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 931608 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,984.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.58.1 log created on 08242012_002333

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\058JEC7V\7YWnY96yoa79KffwaUTQer7tZljOf8ynnVvadSeOMQWswzCS_i0YsUEcQpoEJrm5UQPMpRhDpgV8RtKAzZ32BB0yb3ZBtj8lq8Csz2K5vy9Oz_3IMUFjeZLZSod9tBCi2ZYqSX7Yhc6PaBqugLH6YyMVcedC9lKP[2].jpg not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 5 for not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#15 allsmiles

allsmiles
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 24 August 2012 - 12:20 AM

BTW, I was unable to remove the Java Development Kit using Revo. It kept loading the installation wizard, so I used the uninstaller on xp to do that one. Updated everything like you said. Computer runs fine still :).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users