Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.sharpro removal?


  • Please log in to reply
7 replies to this topic

#1 xxxkenndoxxx

xxxkenndoxxx

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 25 October 2011 - 10:49 AM

I picked up this little annoying nugget the other day. Malwarebytes is having a hard time removing it. Any and all help would be much appreciated. Thanks! Here is what the log said :

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8008

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10/25/2011 11:48:45 AM
mbam-log-2011-10-25 (11-48-29).txt

Scan type: Quick scan
Objects scanned: 179350
Time elapsed: 8 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\programdata\javabackupverifier.dll (Trojan.SHarpro.PGen) -> No action taken.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JavaBackupVerifier (Trojan.SHarpro.PGen) -> Value: JavaBackupVerifier -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\javabackupverifier.dll (Trojan.SHarpro.PGen) -> No action taken.

Edited by hamluis, 25 October 2011 - 11:01 AM.
Moved from Vista to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:15 PM

Posted 25 October 2011 - 12:42 PM

Hello,I first need to ask if you clicked the Remove slected button as the log shows "No action taken"

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 xxxkenndoxxx

xxxkenndoxxx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 26 October 2011 - 09:46 PM

I'm doing the scan again and will follow the directions with your online scanner shortly. Thank yo for the prompt response!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:15 PM

Posted 26 October 2011 - 10:17 PM

Ok, I have to leave now,but will look again in the morning.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 xxxkenndoxxx

xxxkenndoxxx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 27 October 2011 - 01:04 PM

Scan results:

C:\Qoobox\Quarantine\C\Windows\system32\Drivers\i8042prt.sys.vir a variant of Win32/Kryptik.TKY trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\i8042prt.sys.vir_ a variant of Win32/Kryptik.TKY trojan cleaned by deleting - quarantined
C:\Users\Sean\AppData\Local\AOL\AOLUpdate\AOLup.dll a variant of Win32/Kryptik.UJM trojan cleaned by deleting - quarantined
C:\Users\Sean\AppData\Local\Apple Computer\AppleUpdate\Appleup.dll a variant of Win32/Kryptik.UJM trojan cleaned by deleting - quarantined
C:\Users\Sean\AppData\Local\Apps\AppsUpdate\Appsup.dll a variant of Win32/Kryptik.UJM trojan cleaned by deleting - quarantined
C:\Users\Sean\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftup.dll a variant of Win32/Kryptik.UJM trojan cleaned by deleting - quarantined
C:\Users\Sean\AppData\Local\temp\nsq7464.tmp\blog.html a variant of Win32/Kryptik.UJM trojan cleaned by deleting - quarantined
C:\Users\Sean\AppData\Local\temp\nsq7464.tmp\style.css a variant of Win32/Kryptik.UJM trojan cleaned by deleting - quarantined
C:\Users\Sean\AppData\Local\temp\nsq7464.tmp\tbd.txt a variant of Win32/Kryptik.UJM trojan cleaned by deleting - quarantined
C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3f4ea40d-3945263a multiple threats deleted - quarantined
C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\28ba41e1-1a0d4d42 multiple threats deleted - quarantined
C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\649d042e-3a3d683e multiple threats deleted - quarantined
C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\193eeaf9-31cec22e multiple threats deleted - quarantined
C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\8c6243e-7aec99e9 a variant of Java/Exploit.Agent.NAL trojan deleted - quarantined
C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\z5v62tfx.default\extensions\{80f5050d-af32-4078-b051-8b84ceba13ce}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\z5v62tfx.default\extensions\{9e09cb20-5cc7-4d8b-8ca4-72f731945b48}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/TrojanDownloader.Tracur.I trojan




MiniToolBox by Farbar
Ran by Sean (administrator) on 27-10-2011 at 14:00:48
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.ftp", ":0"
"network.proxy.gopher", ":0"
"network.proxy.http", ":0"
"network.proxy.share_proxy_settings", true
"network.proxy.socks", ":0"
"network.proxy.ssl", ":0"

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Sean-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter
Physical Address. . . . . . . . . : 00-16-44-9D-04-7E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
Description . . . . . . . . . . . : Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-03-25-59-19-15
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b1b4:8ccf:ad89:db3f%8(Preferred)
IPv4 Address. . . . . . . . . . . : 69.247.247.87(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Lease Obtained. . . . . . . . . . : Wednesday, October 26, 2011 9:41:30 AM
Lease Expires . . . . . . . . . . : Monday, October 31, 2011 1:37:43 PM
Default Gateway . . . . . . . . . : 69.247.240.1
DHCP Server . . . . . . . . . . . : 76.96.92.196
DHCPv6 IAID . . . . . . . . . . . : 201327397
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-D3-59-8A-00-03-25-4F-EC-DE
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
Description . . . . . . . . . . . : isatap.hsd1.fl.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:a2:ad9:ba08:8a8(Preferred)
Link-local IPv6 Address . . . . . : fe80::a2:ad9:ba08:8a8%10(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:45f7:f757::45f7:f757(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.65.99
74.125.65.103
74.125.65.106
74.125.65.104
74.125.65.147
74.125.65.105



Pinging google.com [74.125.65.104] with 32 bytes of data:

Reply from 74.125.65.104: bytes=32 time=48ms TTL=53

Reply from 74.125.65.104: bytes=32 time=33ms TTL=53



Ping statistics for 74.125.65.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 48ms, Average = 40ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
67.195.160.76
72.30.2.43



Pinging yahoo.com [67.195.160.76] with 32 bytes of data:

Reply from 67.195.160.76: bytes=32 time=40ms TTL=51

Reply from 67.195.160.76: bytes=32 time=39ms TTL=51



Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 39ms, Maximum = 40ms, Average = 39ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 16 44 9d 04 7e ...... Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter
8 ...00 03 25 59 19 15 ...... Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
18 ...00 00 00 00 00 00 00 e0 isatap.hsd1.fl.comcast.net.
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
20 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
27 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 69.247.240.1 69.247.247.87 20
69.247.240.0 255.255.248.0 On-link 69.247.247.87 276
69.247.247.87 255.255.255.255 On-link 69.247.247.87 276
69.247.247.255 255.255.255.255 On-link 69.247.247.87 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 69.247.247.87 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 69.247.247.87 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
27 1088 ::/0 2002:c058:6301::
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:a2:ad9:ba08:8a8/128
On-link
27 1025 2002::/16 On-link
27 281 2002:45f7:f757::45f7:f757/128
On-link
8 276 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::a2:ad9:ba08:8a8/128
On-link
8 276 fe80::b1b4:8ccf:ad89:db3f/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/25/2011 09:38:06 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 7.0.1.4288 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 12a8
Start Time: 01cc92b8b49609a1
Termination Time: 337

Error: (10/24/2011 09:52:06 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 7.0.1.4288 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 4d0
Start Time: 01cc92a1e024a7a1
Termination Time: 304

Error: (10/23/2011 05:53:35 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 7.0.1.4288 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 5fd0
Start Time: 01cc91cde7441bb8
Termination Time: 12

Error: (10/15/2011 05:35:40 PM) (Source: Application Error) (User: )
Description: Faulting application distnoted.exe, version 1.550.36.0, time stamp 0x4cca5e36, faulting module CoreFoundation.dll, version 1.550.36.0, time stamp 0x4cca5e34, exception code 0xc0000005, fault offset 0x000600d1,
process id 0x1a0, application start time 0xdistnoted.exe0.

Error: (10/10/2011 06:00:38 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe_HPSLPSVC, version 6.0.6001.18000, time stamp 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000374, fault offset 0x000b06fc,
process id 0xa10, application start time 0xsvchost.exe_HPSLPSVC0.

Error: (10/06/2011 05:10:49 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (10/06/2011 04:45:04 AM) (Source: MsiInstaller) (User: Sean)Sean
Description: Product: QuickTime -- A newer version of QuickTime is already installed. This installation cannot proceed while the newer version of QuickTime is installed.

Error: (10/03/2011 04:47:51 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (10/03/2011 01:58:16 PM) (Source: Application Error) (User: )
Description: Faulting application DivXUpdate.exe, version 1.0.1.10, time stamp 0x4c06fc6d, faulting module MSVCP80.dll, version 8.0.50727.6195, time stamp 0x4dcddc6c, exception code 0xc0000005, fault offset 0x000100b5,
process id 0x8f0, application start time 0xDivXUpdate.exe0.

Error: (10/03/2011 01:29:35 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


System errors:
=============
Error: (10/26/2011 04:21:29 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer RUDOLF
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{07A1C592-ED0C-4C50-8544-58D56CF33ED.
The master browser is stopping or an election is being forced.

Error: (10/26/2011 02:25:07 PM) (Source: Service Control Manager) (User: )
Description: 30000WerSvc

Error: (10/26/2011 02:52:16 AM) (Source: Dhcp) (User: )
Description: The IP address lease 69.247.247.87 for the Network Card with network address 000325591915 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (10/25/2011 01:42:36 PM) (Source: Service Control Manager) (User: )
Description: Lavasoft Ad-Aware Service%%5

Error: (10/25/2011 01:42:36 PM) (Source: Service Control Manager) (User: )
Description: Lavasoft Ad-Aware Service%%5

Error: (10/24/2011 04:31:28 PM) (Source: Service Control Manager) (User: )
Description: 30000WerSvc

Error: (10/23/2011 09:53:02 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (10/23/2011 09:53:02 PM) (Source: Service Control Manager) (User: )
Description: Lavasoft Ad-Aware Service%%5

Error: (10/23/2011 09:52:28 PM) (Source: Print) (User: SYSTEM)
Description: The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.

Error: (10/23/2011 06:27:16 PM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.1)
4500_G510nz_Help (Version: 000.0.439.000)
4500G510nz (Version: 000.0.439.000)
4500G510nz_Software_Min (Version: 000.0.423.000)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Ad-Aware
Ad-Aware (Version: 8.3.0)
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 10 Plugin (Version: 10.3.183.7)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Agere Systems HDA Modem
AirMac (Version: 5.5.1.17)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
ATI Catalyst Install Manager (Version: 3.0.641.0)
avast! Antivirus (Version: 4.8)
Bonjour (Version: 2.0.4.0)
Browser Address Error Redirector
BufferChm (Version: 130.0.331.000)
Camera Assistant Software for Gateway (Version: 1.7.040.0629)
Catalyst Control Center Core Implementation (Version: 2007.0613.2249.38957)
Catalyst Control Center Graphics Full Existing (Version: 2007.0613.2249.38957)
Catalyst Control Center Graphics Full New (Version: 2007.0613.2249.38957)
Catalyst Control Center Graphics Light (Version: 2007.0613.2249.38957)
Catalyst Control Center Graphics Previews Vista (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Czech (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Danish (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Dutch (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Finnish (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization French (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization German (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Greek (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Hungarian (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Italian (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Japanese (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Korean (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Norwegian (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Polish (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Portuguese (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Russian (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Spanish (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Swedish (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Thai (Version: 2007.0613.2249.38957)
Catalyst Control Center Localization Turkish (Version: 2007.0613.2249.38957)
ccc-core-static (Version: 2007.0613.2249.38957)
ccc-utility (Version: 2007.0613.2249.38957)
CCC Help Chinese Standard (Version: 2007.0613.2248.38957)
CCC Help Chinese Traditional (Version: 2007.0613.2248.38957)
CCC Help Czech (Version: 2007.0613.2248.38957)
CCC Help Danish (Version: 2007.0613.2248.38957)
CCC Help Dutch (Version: 2007.0613.2248.38957)
CCC Help English (Version: 2007.0613.2248.38957)
CCC Help Finnish (Version: 2007.0613.2248.38957)
CCC Help French (Version: 2007.0613.2248.38957)
CCC Help German (Version: 2007.0613.2248.38957)
CCC Help Greek (Version: 2007.0613.2248.38957)
CCC Help Hungarian (Version: 2007.0613.2248.38957)
CCC Help Italian (Version: 2007.0613.2248.38957)
CCC Help Japanese (Version: 2007.0613.2248.38957)
CCC Help Korean (Version: 2007.0613.2248.38957)
CCC Help Norwegian (Version: 2007.0613.2248.38957)
CCC Help Polish (Version: 2007.0613.2248.38957)
CCC Help Portuguese (Version: 2007.0613.2248.38957)
CCC Help Russian (Version: 2007.0613.2248.38957)
CCC Help Spanish (Version: 2007.0613.2248.38957)
CCC Help Swedish (Version: 2007.0613.2248.38957)
CCC Help Thai (Version: 2007.0613.2248.38957)
CCC Help Turkish (Version: 2007.0613.2248.38957)
CCleaner (Version: 3.09)
Comcast High-Speed Internet Install Wizard
Desktop Doctor (Version: 2.5.5)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
DVD or CD Sharing (Version: 1.0.1.4)
ESET Online Scanner v3
Fax (Version: 130.0.418.000)
Gateway Connect (Version: 1.1.0)
Gateway Recovery Center Installer (Version: 1.01.033)
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.79)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP LaserJet P1000 series
HP Officejet 4500 G510n-z (Version: 13.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPCarePackCore (Version: 10.0.0.1)
HPCarePackProducts (Version: 1.0.0.1)
hppMSRedist (Version: 1.00.0000)
HPProductAssistant (Version: 130.0.371.000)
hppusgP1000 (Version: 000.000.00003)
IDT Audio (Version: 5.10.5303.0)
iPhone Configuration Utility (Version: 3.1.0.256)
iTunes (Version: 10.1.0.56)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Money Essentials (Version: 16)
Microsoft Money Shared Libraries (Version: 16.0.0.705)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 2.0 SP3 Runtime (Version: 2.0.5050.0)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Netflix Movie Viewer (Version: 1.2.211)
Network (Version: 130.0.374.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PERRLA
Power2Go 5.0
QuickTime (Version: 7.69.80.9)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek USB 2.0 Card Reader (Version: )
REALTEK USB Wireless LAN Driver (Version: 6.1082.0504.2007)
Scan (Version: 13.0.0.0)
Skins (Version: 2007.0613.2249.38957)
Skype™ 4.2 (Version: 4.2.169)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.5.2)
Spybot - Search & Destroy 1.5.2.20
Status (Version: 130.0.373.000)
Synaptics Pointing Device Driver (Version: 9.1.3.0)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Virus Guard - powered by BitDefender (Version: 1.0.0.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.0.3 (Version: 1.0.3)
WebReg (Version: 130.0.132.017)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

========================= Memory info: ===================================

Percentage of memory in use: 65%
Total physical RAM: 1661.39 MB
Available physical RAM: 577.13 MB
Total Pagefile: 3583.32 MB
Available Pagefile: 1897.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.77 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:221.68 GB) (Free:79.37 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:11.21 GB) (Free:4.49 GB) NTFS

========================= Users: ========================================

User accounts for \\SEAN-PC

Administrator ASPNET Guest
Sean

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:15 PM

Posted 27 October 2011 - 02:50 PM

Looks good. Did you rerun MBAM?
How long ago did you run ComboFix?

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 xxxkenndoxxx

xxxkenndoxxx
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 27 October 2011 - 08:54 PM

I followed our directions and things look much better. I'm re-running Malware now. Combofix was last run by a company I previously took my computer to so they could get rid of the opencloud virus. I noticed that I haven't had these problems until I started using p2p programs to watch out of state sporting events. I won't be doing anything like that anymore and deleted the programs associated with it. Thank you very much for your help, MUCH appreciated.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:15 PM

Posted 27 October 2011 - 09:08 PM

Very true.. peer-to-peer (P2P) or file sharing programs which too are a security risk. The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications. Read P2P Software User Advisories, Risks of File-Sharing Technology and P2P file sharing: Anticipate the risks....



If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:

You are welcome!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users