| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 122610 | 2012-01-02 19:01:00 | Micro$oft Wants Information ---------------------> | SurferJoe46 (51) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1251746 | 2012-01-02 19:01:00 | I have had a bulletin show up a few times, and mostly I iggy it since I figger M$ is just fishing me for information. Well, I usually do (and this time is not an exception) leave my puter on with the CRT off, and just stream a radio station to make the house seem to have someone alive in it all the time, and when I re-lit the screen, there it was, a warning that M$ wants me to send a report. What it wants to have me send a report on is::: H:\System Restore Information\_restore{7a982 DD0-04F3-A361-9F1763958DB7}\RP702\A0140742.exe ...and I don't know what it is (nor do they it appears). I Googled it and at first it had results showing in the instant results pop-down, until I got a few more characters typed in and from there it went blank and couldn't match anything on the web. Anyone with any ideas? Win XP-Pro/SP3, 3G RAM, lots of MP3s and a few videos yet on the HDDs. |
SurferJoe46 (51) | ||
| 1251747 | 2012-01-02 19:41:00 | Here's a HJT Log File::: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:43:48 PM, on 1/2/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\svchost.exe H:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\system32\spoolsv.exe H:\Program Files\Microsoft Security Client\msseces.exe H:\Program Files\Bonjour\mDNSResponder.exe H:\Program Files\SOYO\HW Monitor\Itesmart.exe H:\Program Files\Common Files\Java\Java Update\jusched.exe H:\WINDOWS\system32\ctfmon.exe H:\Documents and Settings\Surfer\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.ex e H:\Program Files\Java\jre6\bin\jqs.exe H:\Program Files\Google\Update\GoogleUpdate.exe H:\Program Files\Kodak\AiO\Center\ekdiscovery.exe H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe H:\WINDOWS\system32\nvsvc32.exe H:\WINDOWS\system32\IoctlSvc.exe H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\fxssvc.exe H:\Documents and Settings\Surfer\Desktop\SECURITY\HijackThis.exe H:\Program Files\Mozilla Firefox\firefox.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ500 0MUI.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd O4 - HKLM\..\Run: [MSC] "H:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SmartGuardian] H:\Program Files\SOYO\HW Monitor\Itesmart.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Surfer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "h:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "h:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Shortcut to Shutdown_v5.lnk.disabled O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Convert for CLIÉ - H:\Program Files\Sony\Image Converter\menu.htm O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - H:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://forum.planetisuzoo.com O20 - AppInit_DLLs: H:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - H:\Program Files\Kodak\AiO\Center\ekdiscovery.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - H:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - H:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- End of file - 6301 bytes |
SurferJoe46 (51) | ||
| 1251748 | 2012-01-02 19:49:00 | A0140742.exe will more than likely be part of some malware, its in system restore. To clean that, right click My Computer,properties,System Restore Tab, "Turn Off System Restore on all Drives" click OK. Once turned off I normally reboot the PC, those actions will wipe out all restore points as well as anything thats in system restore. Then turn it back on again. |
wainuitech (129) | ||
| 1251749 | 2012-01-02 19:57:00 | The only monitored HDD for system restore, has not even been turned on for a few weeks, and isn't now nor was it running during my HJT scan. I only use that HDD to do back-ups to my media files, since I had that really nasty time with Ubuntu once. Hmmmmmmmmmmmmmmmmmmmmm. OK - I'll go check on System restore and turn it off on the non-running HDD too once I turn it on. But System Restore should not have any reports nor should it be running right now - so that's odd. |
SurferJoe46 (51) | ||
| 1251750 | 2012-01-02 20:18:00 | If you look at the details posted, the exe file mentioned is in system restore "H:\System Restore Information\_restore". It will more than likely be some random generated name,thats why google may not find to much info on it. | wainuitech (129) | ||
| 1251751 | 2012-01-02 20:21:00 | ...Ah so! Do you suspect that this 'file' has taken an alias? | SurferJoe46 (51) | ||
| 1251752 | 2012-01-02 21:07:00 | more like Al Ias | gary67 (56) | ||
| 1251753 | 2012-01-02 22:37:00 | Al Las? Who's he? | SurferJoe46 (51) | ||
| 1251754 | 2012-01-02 23:05:00 | I figger M$ is just fishing me for information. Actually. No. They really don't care. Malware. |
pctek (84) | ||
| 1251755 | 2012-01-03 23:02:00 | A0140742.exe => adware TR/Crypt.ULPM.Gen | bevy121 (117) | ||
| 1 | |||||