Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is the Win32/Cryptor virus still lurking around on my laptop?? Please help!


  • Please log in to reply
3 replies to this topic

#1 SWIM_GOOD

SWIM_GOOD

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 18 November 2011 - 06:07 AM

Hello,

I saw a post by another member detailing a very similar problem to mine only a couple of days ago, so here comes my cry for help..

Yesterday I was on my laptop, using the internet as usual. After I'd finished I ran a scan using AVG 9.0 which revealed the detection of the Win32/Cryptor virus in C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JGTU8D0\k3MJhwVz[1].exe:\$JF\kbdnetSvcs.dll

AVG 'removed and healed' the infection where it was moved to the virus vault. A follow up scan came up clean on AVG, as did a scan using Malwarebytes' Anti-Malware but I'm nervous that the virus is still lurking around in the shadows! I don't have enough faith in AVG that the problem is resolved when the virus was only detected as a result of me initiating a scan. Here is my latest Malwarebytes log just in case:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8183

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

18/11/2011 09:50:22
mbam-log-2011-11-18 (09-50-22).txt

Scan type: Quick scan
Objects scanned: 173976
Time elapsed: 10 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I'd like confirmation that my system is indeed safe again and also any advice on actions I could take to improve the security on my laptop (considering AVG 9.0, SUPERAntiSpyware Free Edition and Malwarebytes' Anti-Malware are currently used) Thanks in advance for any help that I recieve!

Cheers,

Dan

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:21 AM

Posted 18 November 2011 - 11:49 AM

Hello Dan,

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 SWIM_GOOD

SWIM_GOOD
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 18 November 2011 - 05:46 PM

Hello! Thanks for the speedy reply!

I ran the ESET OnlineScan but no threats were detected and I wasn't provided with a log.

Here is the result of running the MiniToolBox:


MiniToolBox by Farbar
Ran by Dan (administrator) on 18-11-2011 at 22:27:36
Windows Vista ™ Home Basic Service Pack 1 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.12 metric=1


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Dan-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Peer-Peer
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 5100
Physical Address. . . . . . . . . : 00-21-5D-38-12-2A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3d95:6927:5ad8:f424%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 18 November 2011 19:02:30
Lease Expires . . . . . . . . . . : 19 November 2011 19:02:37
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : SE572
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1E-68-EB-DE-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.SE572
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: api.home
Address: 192.168.1.254

Name: google.com
Addresses: 209.85.147.103
209.85.147.99
209.85.147.147
209.85.147.104
209.85.147.105
209.85.147.106



Pinging google.com [209.85.147.104] with 32 bytes of data:

Reply from 209.85.147.104: bytes=32 time=43ms TTL=49

Reply from 209.85.147.104: bytes=32 time=44ms TTL=49



Ping statistics for 209.85.147.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 44ms, Average = 43ms

Server: api.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=161ms TTL=46

Reply from 209.191.122.70: bytes=32 time=171ms TTL=47



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 161ms, Maximum = 171ms, Average = 166ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 21 5d 38 12 2a ...... Intel® Wireless WiFi Link 5100
10 ...00 1e 68 eb de df ...... Broadcom NetXtreme Gigabit Ethernet
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15 ...00 00 00 00 00 00 00 e0 isatap.home
14 ...00 00 00 00 00 00 00 e0 isatap.SE572
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 192.168.1.12 192.168.1.64 26
192.168.1.0 255.255.255.0 On-link 192.168.1.64 281
192.168.1.64 255.255.255.255 On-link 192.168.1.64 281
192.168.1.255 255.255.255.255 On-link 192.168.1.64 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.1.12 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::3d95:6927:5ad8:f424/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/18/2011 07:03:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2011 09:17:47 AM) (Source: Bonjour Service) (User: )
Description: 388: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (11/18/2011 08:19:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2011 11:13:30 PM) (Source: Bonjour Service) (User: )
Description: 384: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (11/17/2011 06:59:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2011 05:09:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2663327

Error: (11/17/2011 05:09:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2663327

Error: (11/17/2011 05:09:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/17/2011 05:09:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2662297

Error: (11/17/2011 05:09:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2662297


System errors:
=============
Error: (11/18/2011 07:04:36 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (11/18/2011 07:02:22 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/18/2011 08:21:14 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (11/18/2011 08:19:04 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/17/2011 06:59:51 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (11/17/2011 06:57:53 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/17/2011 00:06:20 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (11/17/2011 00:04:09 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/16/2011 04:49:38 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (11/16/2011 04:47:36 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 1.0.0)
4oD (Version: 2.0.23.0)
Acer Arcade Deluxe (Version: 2.0.5315)
Acer Crystal Eye Webcam 2.0.8 (Version: 2.0.8)
Acer eAudio Management (Version: 3.0.3007)
Acer eDataSecurity Management (Version: 3.0.3060)
Acer Empowering Technology (Version: 3.0.3006)
Acer ePower Management (Version: 3.0.3008)
Acer eRecovery Management (Version: 3.0.3013)
Acer eSettings Management (Version: 3.0.3007)
Acer GameZone Console 2.0.1.1
Acer GridVista (Version: 2.72.317)
Acer Mobility Center Plug-In (Version: 3.0.3000)
Acer ScreenSaver (Version: 1.12.0506)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 8.1.0 (Version: 8.1.0)
Agatha Christie Death on the Nile
Agere Systems HDA Modem
Alice Greenfingers
Apple Application Support (Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (Version: 2.1.1.116)
AVerMedia A310 (MiniCard, DVB-T) 1.1.0.27 (Version: 1.1.0.27)
AVG 9.0
Azada
Backspin Billiards
Big Kahuna Reef
Bonjour (Version: 2.0.3.0)
Bookworm Deluxe
Bricks of Egypt
Broadcom Gigabit Integrated Controller (Version: 11.11.03)
BT Broadband Desktop Help
BTHomeHub
BTOffer (Version: 1.00.0000)
BufferChm (Version: 100.0.170.000)
Cake Mania
Canon IJ Network Tool
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon Solution Menu EX
Chicken Invaders 3
Chuzzle
Copy (Version: 100.0.170.000)
CustomerResearchQFolder (Version: 1.00.0000)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
Diner Dash Flo on the Go
DJ_AIO_03_F4200_ProductContext (Version: 100.0.215.000)
DJ_AIO_03_F4200_Software (Version: 100.0.206.000)
DJ_AIO_03_F4200_Software_Min (Version: 100.0.213.000)
ESET Online Scanner v3
eSobi v2 (Version: 2.0.3.000189)
eSupportQFolder (Version: 1.00.0000)
F4200 (Version: 100.0.206.000)
F4200_Help (Version: 100.0.206.000)
Flip Words 2
GearDrvs (Version: 1.00.0000)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.79)
GPBaseService (Version: 100.0.187.000)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing (Version: 3.5)
HP Solution Center 10.0 (Version: 10.0)
HP Update (Version: 4.000.007.003)
HPProductAssistant (Version: 100.0.170.000)
HPSSupply (Version: 100.0.170.000)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.0.1.22)
Jewel Quest Solitaire
JMicron JMB38X Flash Media Controller (Version: 1.00.10.04)
Junk Mail filter update (Version: 14.0.8117.416)
Kick N Rush
Launch Manager
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 100.0.170.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox (3.6.24) (Version: 3.6.24 (en-GB))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup Now 5 (Version: 5.1.2.503)
NTI Backup Now Standard (Version: 5.1.2.503)
NTI Media Maker 8 (Version: 8.0.2.6322)
Orion (Version: 2.0.1)
Panda ActiveScan 2.0 (Version: 01.04.01.0000)
PhotoNow! (Version: 1.1.4619)
PowerDirector (Version: 6.5.2713)
PSSWCORE (Version: 2.02.0000)
QuickTime (Version: 7.68.75.0)
Realtek High Definition Audio Driver (Version: 6.0.1.5612)
Scan (Version: 10.0.0.0)
Shop for HP Supplies (Version: 10.0)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.155)
SmartWebPrintingOC (Version: 100.0.189.000)
SolutionCenter (Version: 100.0.175.000)
Status (Version: 100.0.175.000)
SUPERAntiSpyware Free Edition (Version: 4.26.0.1002)
Synaptics Pointing Device Driver (Version: 10.2.4.0)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 100.0.170.000)
Turbo Pizza
UnloadSupport (Version: 10.0.0)
VideoToolkit01 (Version: 100.0.128.000)
WebReg (Version: 100.0.170.000)
Winbond CIR Device Drivers (Version: 7.60.1012)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Zuma Deluxe

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 2999.94 MB
Available physical RAM: 1599.22 MB
Total Pagefile: 6208.17 MB
Available Pagefile: 4311.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.77 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:69.52 GB) (Free:7.12 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:69.02 GB) NTFS

========================= Users: ========================================

User accounts for \\DAN-PC

Administrator Dan Guest

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini011909-01.dmp

**** End of log ****

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:21 AM

Posted 18 November 2011 - 09:33 PM

Looks clean!

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users