virus/malware/worms

View previous topic View next topic Go down

virus/malware/worms

Post by sarietab on 28th November 2011, 4:20 pm

Error: Unable to interpret <%APPDATA%\Microsoft\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\config\systemprofile\*.dat /x> in the current context!
Error: Unable to interpret <%USERPROFILE%\Desktop\*.exe> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Common Files\*.*> in the current context!
Error: Unable to interpret <%systemroot%\winn32\*.*> in the current context!
Error: Unable to interpret <%USERPROFILE%\My Documents\*.exe> in the current context!
Error: Unable to interpret <%USERPROFILE%\*.exe> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Mozilla Firefox\*.exe> in the current context!
Error: Unable to interpret <%ProgramFiles%\TinyProxy.> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.* /lockedfiles> in the current context!
Error: Unable to interpret <%systemroot%\Tasks\*.job /lockedfiles> in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\*.* /lockedfiles> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\*.> in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 11282011_101707

OTL Extras logfile created on: 11/28/2011 10:09:55 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Downloads
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.95 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 71.38% Memory free
3.89 Gb Paging File | 3.45 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 71.30 Gb Free Space | 76.54% Space Free | Partition Type: NTFS

Computer Name: PCBLTBRYANT | User Name: SERIT | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%program files%\datatel\UI\wintegsm.exe:192.168.0.0/16,204.49.0.0/16:ENABLED:Datatel" = %program files%\datatel\UI\wintegsm.exe:192.168.0.0/16,204.49.0.0/16:ENABLED:Datatel
"%program files%\McAfee\Common Framework\Frameworkservice.exe:192.168.0.0/16:ENABLED:GP McAfee Framework Services 3" = %program files%\McAfee\Common Framework\Frameworkservice.exe:192.168.0.0/16:ENABLED:GP McAfee Framework Services 3
"%program files%\Network Associates\Common Framework\cmdagent.exe:192.168.0.0/16:ENABLED:Enables connection to McAfee Server" = %program files%\Network Associates\Common Framework\cmdagent.exe:192.168.0.0/16:ENABLED:Enables connection to McAfee Server
"%program files%\Network Associates\Common Framework\Frameworkservice.exe:192.168.0.0/16:ENABLED:GP MCafee FW Service in NA dir" = %program files%\Network Associates\Common Framework\Frameworkservice.exe:192.168.0.0/16:ENABLED:GP MCafee FW Service in NA dir
"%program files%\realvnc\vnc4\winvnc4.exe:192.168.0.0/16,204.49.0.0/16:ENABLED:VNC4Server" = %program files%\realvnc\vnc4\winvnc4.exe:192.168.0.0/16,204.49.0.0/16:ENABLED:VNC4Server

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"123:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:Domain Controllers NTP" = 123:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:Domain Controllers NTP
"135:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:DFS Remote Procedure Call (RPC) endpoint mapper" = 135:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:DFS Remote Procedure Call (RPC) endpoint mapper
"135:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:DFS Remote Procedure Call (RPC) endpoint mapper" = 135:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:DFS Remote Procedure Call (RPC) endpoint mapper
"137:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:DFS NetBIOS Name Service" = 137:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:DFS NetBIOS Name Service
"137:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:DFS NetBIOS Name Service" = 137:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:DFS NetBIOS Name Service
"138:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:DCOM/RXA COMMO WITH LEVEL 0 AND 1 DIR CONSOLE" = 138:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:DCOM/RXA COMMO WITH LEVEL 0 AND 1 DIR CONSOLE
"138:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:DCOM/RXA COMMO WITH LEVEL 0 AND 1 DIR CONSOLE" = 138:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:DCOM/RXA COMMO WITH LEVEL 0 AND 1 DIR CONSOLE
"139:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:DCOM/RXA COMMO WITH LEVEL 0 AND 1 DIR CONSOLE" = 139:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:DCOM/RXA COMMO WITH LEVEL 0 AND 1 DIR CONSOLE
"139:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:DCOM/RXA COMMO WITH LEVEL 0 AND 1 DIR CONSOLE" = 139:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:DCOM/RXA COMMO WITH LEVEL 0 AND 1 DIR CONSOLE
"14247:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:COMMO WITH DIRECTOR AGENT" = 14247:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:COMMO WITH DIRECTOR AGENT
"14247:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:COMMO WITH DIRECTOR AGENT" = 14247:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:COMMO WITH DIRECTOR AGENT
"14248:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:COMMO WITH DIRECTOR AGENT" = 14248:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:COMMO WITH DIRECTOR AGENT
"14248:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:COMMO WITH DIRECTOR AGENT" = 14248:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:COMMO WITH DIRECTOR AGENT
"14249:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:COMMO WITH DIRECTOR AGENT" = 14249:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:COMMO WITH DIRECTOR AGENT
"161:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:SNMP WITH XP AND DIR CONSOLE" = 161:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:SNMP WITH XP AND DIR CONSOLE
"161:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:SNMP WITH XP AND DIR CONSOLE" = 161:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:SNMP WITH XP AND DIR CONSOLE
"162:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:SNMP WITH XP AND DIR CONSOLE" = 162:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:SNMP WITH XP AND DIR CONSOLE
"162:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:SNMP WITH XP AND DIR CONSOLE" = 162:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:SNMP WITH XP AND DIR CONSOLE
"34571:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:IBM ServRAID" = 34571:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:IBM ServRAID
"37:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:Time Server" = 37:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:Time Server
"427:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:SLP SERVICE AGENTS WITH XP AND DIR CONSOLE" = 427:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:SLP SERVICE AGENTS WITH XP AND DIR CONSOLE
"427:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:SLP DIRECTORY AGENTS WITH XP AND DIR CONSOLE" = 427:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:SLP DIRECTORY AGENTS WITH XP AND DIR CONSOLE
"445:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:DFS Server Message Block (SMB)" = 445:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:DFS Server Message Block (SMB)
"445:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:DFS Server Message Block (SMB)" = 445:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:DFS Server Message Block (SMB)
"5900:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:VNC MS VMs" = 5900:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:VNC MS VMs
"5988:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:CIM-XML OVER HTTP INSTALL DIR CONSOLE" = 5988:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:CIM-XML OVER HTTP INSTALL DIR CONSOLE
"5989:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:CIM-XML OVER HTTP INSTALL DIR CONSOLE" = 5989:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:CIM-XML OVER HTTP INSTALL DIR CONSOLE
"6988:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:CIMOM AND CIM LISTENER DIR CONSOLE" = 6988:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:CIMOM AND CIM LISTENER DIR CONSOLE
"8081:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:McAfee for Agent Wakeup" = 8081:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:McAfee for Agent Wakeup
"8082:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:McAfee Agent Broadcast" = 8082:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:McAfee Agent Broadcast
"8083:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:McAfee Agent to Server" = 8083:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:McAfee Agent to Server
"8443:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:McAfee Event to Server" = 8443:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:McAfee Event to Server
"8444:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:McAfee Sensor to Server" = 8444:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:McAfee Sensor to Server
"88:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:Domain Controllers Kerberos" = 88:TCP:192.168.0.0/16,204.49.0.0/16:ENABLE:Domain Controllers Kerberos
"88:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:Domain Controllers Kerberos" = 88:UDP:192.168.0.0/16,204.49.0.0/16:ENABLE:Domain Controllers Kerberos

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 192.168.0.0/16

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = 192.168.0.0/16

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = 192.168.0.0/16

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
"Enabled" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{5033F411-4848-49D6-BAC2-DAA06AFA0AFC}" = HP Deskjet 2050 J510 series Basic Device Software
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D272539-9C06-4F74-8755-7125E08AA3C7}" = ApplicationXtender Spell Checker Component
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B79E313-F6DF-4DD7-A6F8-2C1BE47155DB}" = HP Color LaserJet CP4520-CP4020 Series User Guide
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C344D4A-69B8-430E-B463-BAA1A83D7F68}" = HP Deskjet 2050 J510 series Product Improvement Study
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B3315148-BE53-4CFD-9DBD-2A48C61D1AAD}" = ePO-MVT
"{B4496BE1-295F-4A17-9856-FEA2C9AA1A47}" = McAfee Agent
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BCFBD0D3-4169-4CBE-84D0-5DC3BC9298B5}" = Adobe PDFL 9.1 Component
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D180CEC5-1492-4E90-9B46-F251C3831427}" = HP Color LaserJet CP4520-CP4020 Series Screen Fonts
"{D2F3B366-830E-4371-9130-A8D6BE751363}" = CapturePerfect 3.0
"{DAD54794-3C9B-433B-9B7B-EF1E0522CA18}" = UI Desktop 2.3.0
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{ED55948E-6595-4265-9297-C377F55E36BE}" = ApplicationXtender Scanning Component
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F19553C5-F843-4C27-BF9F-9DE4D901B895}" = Verizon Mobile Broadband Drivers
"{FDC7DCC0-8A5E-4FD6-A445-551C237FD761}" = ApplicationXtender KeyView Component
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DR3080II" = Canon DR-3080CII driver
"HP Photo Creations" = HP Photo Creations
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MyWebSearch bar Uninstall" = My Web Search (My Fun Cards)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel(R) Network Connections Drivers
"SafeConnect" = SafeConnect
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"Ultravnc2_is1" = UltraVNC 1.0.9.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2011 4:37:49 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16700,
time stamp: 0x4cd23213 Faulting module name: RPCRT4.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdade Exception code: 0xc0000005 Fault offset: 0x00032047 Faulting
process id: 0xca8 Faulting application start time: 0x01cc94e848524226 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\RPCRT4.dll
Report
Id: 883ffb82-00db-11e1-9f17-002268e1fbbb

Error - 10/28/2011 3:49:39 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 10/29/2011 3:08:55 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = Application Error | ID = 1000
Description = Faulting application name: NWHelper_001.exe, version: 1.0.0.8, time
stamp: 0x4c085f11 Faulting module name: NWHelper_001.exe, version: 1.0.0.8, time
stamp: 0x4c085f11 Exception code: 0xc0000005 Fault offset: 0x0000b0b3 Faulting process
id: 0x754 Faulting application start time: 0x01cc966d8b357734 Faulting application
path: C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe Faulting
module path: C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
Report
Id: 7219ba77-0261-11e1-8daa-002268e1fbbb

Error - 10/29/2011 4:14:47 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 11/2/2011 1:17:01 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 11/4/2011 12:34:42 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 11/7/2011 12:28:17 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 11/7/2011 3:23:59 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16700,
time stamp: 0x4cd23213 Faulting module name: Mshtml.DLL, version: 8.0.7600.16700,
time stamp: 0x4cd24781 Exception code: 0xc0000005 Fault offset: 0x0033c87d Faulting
process id: 0x16d4 Faulting application start time: 0x01cc9d57e04d0f21 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Mshtml.DLL
Report
Id: 0a945097-0976-11e1-9e39-002268e1fbbb

Error - 11/8/2011 2:47:03 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 11/13/2011 7:30:18 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

[ System Events ]
Error - 9/12/2011 12:59:51 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain TSUSE due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 9/12/2011 4:59:52 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain TSUSE due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 9/12/2011 5:51:43 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain TSUSE due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 9/12/2011 5:52:13 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 9/12/2011 5:52:15 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 9/12/2011 5:54:22 PM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = TermService | ID = 1067
Description =

Error - 9/15/2011 8:51:17 AM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain TSUSE due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 9/15/2011 8:51:47 AM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 9/15/2011 8:51:49 AM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 9/15/2011 8:53:40 AM | Computer Name = PCBLTBRYANT.tsuse.edu | Source = TermService | ID = 1067
Description =


< End of report >
OTL logfile created on: 11/28/2011 10:09:55 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Downloads
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.95 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 71.38% Memory free
3.89 Gb Paging File | 3.45 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 71.30 Gb Free Space | 76.54% Space Free | Partition Type: NTFS

Computer Name: PCBLTBRYANT | User Name: SERIT | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/28 10:08:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.com
PRC - [2011/11/08 08:01:42 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


sarietab
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2011-11-28
OS OS : windows 7
Points Points : 18363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: virus/malware/worms

Post by Belahzur on 1st December 2011, 12:36 am

Hello.
Please post a full OTL log, it was cut off.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum