Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Maljava.A.20


  • Please log in to reply
8 replies to this topic

#1 daazndrgon

daazndrgon

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 03 February 2012 - 08:08 PM

Hi,

A recent scan with Avira found a trojan named TR/Maljava.A.20. I moved it to the quarantine. Can someone help me make sure my computer is clean?

Thank You for your time.


Here is a log of the scan:



Avira AntiVir Personal
Report file date: Friday, February 03, 2012 15:58

Scanning for 3417738 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : COMPAQ-LAPTOP

Version information:
BUILD.DAT : 10.2.0.704 35934 Bytes 9/28/2011 13:34:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 6/30/2011 19:41:39
AVSCAN.DLL : 10.0.5.0 47464 Bytes 6/30/2011 19:41:39
LUKE.DLL : 10.3.0.5 45416 Bytes 6/30/2011 19:41:39
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 6/30/2011 19:41:39
AVREG.DLL : 10.3.0.9 88833 Bytes 7/13/2011 19:16:01
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:35:52
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 18:32:35
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 21:34:59
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 21:07:31
VBASE004.VDF : 7.11.21.239 2048 Bytes 2/1/2012 21:07:32
VBASE005.VDF : 7.11.21.240 2048 Bytes 2/1/2012 21:07:32
VBASE006.VDF : 7.11.21.241 2048 Bytes 2/1/2012 21:07:33
VBASE007.VDF : 7.11.21.242 2048 Bytes 2/1/2012 21:07:33
VBASE008.VDF : 7.11.21.243 2048 Bytes 2/1/2012 21:07:33
VBASE009.VDF : 7.11.21.244 2048 Bytes 2/1/2012 21:07:34
VBASE010.VDF : 7.11.21.245 2048 Bytes 2/1/2012 21:07:34
VBASE011.VDF : 7.11.21.246 2048 Bytes 2/1/2012 21:07:34
VBASE012.VDF : 7.11.21.247 2048 Bytes 2/1/2012 21:07:35
VBASE013.VDF : 7.11.22.33 1486848 Bytes 2/3/2012 18:50:00
VBASE014.VDF : 7.11.22.56 687616 Bytes 2/3/2012 18:51:14
VBASE015.VDF : 7.11.22.57 2048 Bytes 2/3/2012 18:51:15
VBASE016.VDF : 7.11.22.58 2048 Bytes 2/3/2012 18:51:15
VBASE017.VDF : 7.11.22.59 2048 Bytes 2/3/2012 18:51:15
VBASE018.VDF : 7.11.22.60 2048 Bytes 2/3/2012 18:51:15
VBASE019.VDF : 7.11.22.61 2048 Bytes 2/3/2012 18:51:17
VBASE020.VDF : 7.11.22.62 2048 Bytes 2/3/2012 18:51:17
VBASE021.VDF : 7.11.22.63 2048 Bytes 2/3/2012 18:51:18
VBASE022.VDF : 7.11.22.64 2048 Bytes 2/3/2012 18:51:18
VBASE023.VDF : 7.11.22.65 2048 Bytes 2/3/2012 18:51:19
VBASE024.VDF : 7.11.22.66 2048 Bytes 2/3/2012 18:51:19
VBASE025.VDF : 7.11.22.67 2048 Bytes 2/3/2012 18:51:19
VBASE026.VDF : 7.11.22.68 2048 Bytes 2/3/2012 18:51:19
VBASE027.VDF : 7.11.22.69 2048 Bytes 2/3/2012 18:51:19
VBASE028.VDF : 7.11.22.70 2048 Bytes 2/3/2012 18:51:21
VBASE029.VDF : 7.11.22.71 2048 Bytes 2/3/2012 18:51:22
VBASE030.VDF : 7.11.22.72 2048 Bytes 2/3/2012 18:51:22
VBASE031.VDF : 7.11.22.73 2048 Bytes 2/3/2012 18:51:22
Engineversion : 8.2.8.48
AEVDF.DLL : 8.1.2.2 106868 Bytes 10/28/2011 01:13:39
AESCRIPT.DLL : 8.1.4.3 438649 Bytes 2/3/2012 18:56:00
AESCN.DLL : 8.1.8.2 131444 Bytes 1/26/2012 22:28:39
AESBX.DLL : 8.2.4.5 434549 Bytes 12/4/2011 18:17:10
AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 16:53:31
AEPACK.DLL : 8.2.16.2 799095 Bytes 1/26/2012 22:28:37
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 12/31/2011 22:06:51
AEHEUR.DLL : 8.1.3.24 4387190 Bytes 2/3/2012 18:55:59
AEHELP.DLL : 8.1.19.0 254327 Bytes 1/20/2012 21:11:04
AEGEN.DLL : 8.1.5.21 409971 Bytes 2/3/2012 18:51:57
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/24/2010 18:33:38
AECORE.DLL : 8.1.25.3 201079 Bytes 1/26/2012 22:27:16
AEBB.DLL : 8.1.1.0 53618 Bytes 4/23/2010 19:33:21
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38
AVPREF.DLL : 10.0.3.2 44904 Bytes 6/30/2011 19:41:39
AVREP.DLL : 10.0.0.10 174120 Bytes 5/25/2011 17:08:58
AVARKT.DLL : 10.0.26.1 255336 Bytes 6/30/2011 19:41:39
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 6/30/2011 19:41:39
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 6/30/2011 19:41:38
RCTEXT.DLL : 10.0.64.0 97640 Bytes 6/30/2011 19:41:38

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced
Deviating risk categories...........: +APPL,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Friday, February 03, 2012 15:58

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '74' Module(s) have been scanned
Scan process 'avscan.exe' - '28' Module(s) have been scanned
Scan process 'AUDIODG.EXE' - '44' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '58' Module(s) have been scanned
Scan process 'plugin-container.exe' - '92' Module(s) have been scanned
Scan process 'plugin-container.exe' - '78' Module(s) have been scanned
Scan process 'firefox.exe' - '148' Module(s) have been scanned
Scan process 'svchost.exe' - '60' Module(s) have been scanned
Scan process 'hpqToaster.exe' - '44' Module(s) have been scanned
Scan process 'Com4QLBEx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '109' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '16' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '18' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'SbieCtrl.exe' - '38' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '45' Module(s) have been scanned
Scan process 'jusched.exe' - '52' Module(s) have been scanned
Scan process 'igfxpers.exe' - '33' Module(s) have been scanned
Scan process 'hkcmd.exe' - '48' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '76' Module(s) have been scanned
Scan process 'avgnt.exe' - '56' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '56' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'avguard.exe' - '63' Module(s) have been scanned
Scan process 'taskhost.exe' - '50' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'spoolsv.exe' - '76' Module(s) have been scanned
Scan process 'Explorer.EXE' - '167' Module(s) have been scanned
Scan process 'Dwm.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '75' Module(s) have been scanned
Scan process 'SbieSvc.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '77' Module(s) have been scanned
Scan process 'svchost.exe' - '159' Module(s) have been scanned
Scan process 'svchost.exe' - '117' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '67' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '484' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\Compaq\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\10906365-5d13e130
[0] Archive type: ZIP
--> main.class
[DETECTION] Is the TR/Maljava.A.20 Trojan
Begin scan in 'D:\' <RECOVERY>

Beginning disinfection:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
C:\Users\Compaq\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\10906365-5d13e130
[DETECTION] Is the TR/Maljava.A.20 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4b50251c.qua'.


End of the scan: Friday, February 03, 2012 17:06
Used time: 56:48 Minute(s)

The scan has been done completely.

23209 Scanned directories
559128 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
559127 Files not concerned
6728 Archives were scanned
0 Warnings
1 Notes
484767 Objects were scanned with rootkit scan
0 Hidden objects were found

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:48 AM

Posted 03 February 2012 - 08:27 PM

Hello, that one is gone.
We should run these now to be sure.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

[b]Troubleshoot Malwarebytes' Anti-Malware [/b
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 daazndrgon

daazndrgon
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 03 February 2012 - 09:24 PM

Hi Boopme,

Thanks for the quick reply. Here are the logs you requested. I had to run MiniToolBox twice because I forgot to close Firefox the first time.


MiniToolBox by Farbar Version: 18-01-2012
Ran by Compaq (administrator) on 03-02-2012 at 18:09:19
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR5007 802.11b/g WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="ethernet_9" address=192.168.59.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Compaq-Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
Physical Address. . . . . . . . . : 00-25-56-77-2B-B9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c94b:d54d:15cd:5eed%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, February 03, 2012 10:42:02 AM
Lease Expires . . . . . . . . . . : Saturday, February 04, 2012 10:42:02 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218113366
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-08-E2-0C-00-1F-16-DC-65-90
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1F-16-DC-65-90
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:107b:38d8:b976:6270(Preferred)
Link-local IPv6 Address . . . . . : fe80::107b:38d8:b976:6270%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{A2008EB8-BA22-4C8B-A2EC-2562ACEF27F9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.224.145
74.125.224.146
74.125.224.147
74.125.224.148
74.125.224.144


Pinging google.com [74.125.224.50] with 32 bytes of data:
Reply from 74.125.224.50: bytes=32 time=11ms TTL=52
Reply from 74.125.224.50: bytes=32 time=11ms TTL=52

Ping statistics for 74.125.224.50:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 11ms, Average = 11ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.2.43
98.137.149.56
98.139.180.149


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=75ms TTL=51
Reply from 98.137.149.56: bytes=32 time=77ms TTL=51

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 75ms, Maximum = 77ms, Average = 76ms
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 25 56 77 2b b9 ......Atheros AR5007 802.11b/g WiFi Adapter
10...00 1f 16 dc 65 90 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:107b:38d8:b976:6270/128
On-link
11 281 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::107b:38d8:b976:6270/128
On-link
11 281 fe80::c94b:d54d:15cd:5eed/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/28/2012 04:09:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/26/2012 06:47:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/24/2012 06:26:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/17/2012 05:38:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/07/2012 01:15:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/15/2011 04:56:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/11/2011 00:31:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/09/2011 11:08:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/26/2011 00:34:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/25/2011 09:41:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (11/26/2011 11:07:59 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy13.

Error: (11/26/2011 11:07:57 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy12.

Error: (11/26/2011 11:07:56 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy8.

Error: (11/26/2011 11:07:50 AM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.

Error: (11/25/2011 09:10:57 PM) (Source: Service Control Manager) (User: )
Description: The Scrybe Updater service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/18/2011 10:00:33 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (11/12/2011 09:27:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (11/04/2011 00:17:28 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (10/13/2011 05:54:58 PM) (Source: DCOM) (User: Compaq)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Compaq-LaptopCompaqS-1-5-21-2799981602-2970801225-1393050247-1000LocalHost (Using LRPC)

Error: (09/21/2011 00:18:13 PM) (Source: DCOM) (User: Compaq)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Compaq-LaptopCompaqS-1-5-21-2799981602-2970801225-1393050247-1000LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.5.0 (Version: 9.5.0)
AIM 7
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.704)
BlueJ 2.5.3
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.18.12)
CCleaner (Version: 2.28)
Conexant HD Audio (Version: 4.98.4.60)
Download Updater (AOL LLC)
Emacs 23.1.50.1 and EmacsW32 1.58 (distribution ID: CvsP091103)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
HP Quick Launch Buttons (Version: 6.50.3.1)
HP Wireless Assistant (Version: 3.50.10.1)
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Java Auto Updater (Version: 2.0.6.1)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ SE Development Kit 6 Update 18 (Version: 1.6.0.180)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Mercurial 1.7.0 (Version: 1.7.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Professional 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (Version: 2.0.1578.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2010 Express - ENU (Version: 10.0.30319)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
NetBeans IDE 6.8 (Version: 6.8)
QLBCASL (Version: 6.40.17.2)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0007)
Realtek USB 2.0 Card Reader (Version: 6.1.7100.30093)
Sandboxie 3.52
Synaptics Pointing Device Driver (Version: 11.1.3.0)
Ubuntu (Version: 10.04.1-rev190)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office Word 2007 (KB974631)
WinRAR archiver

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 3003.19 MB
Available physical RAM: 1870.5 MB
Total Pagefile: 6004.67 MB
Available Pagefile: 4873.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.45 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:221.96 GB) (Free:136.9 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.83 GB) NTFS

========================= Users: ========================================

User accounts for \\COMPAQ-LAPTOP

Administrator Compaq Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****







Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.03.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Compaq :: COMPAQ-LAPTOP [administrator]

2/3/2012 6:14:34 PM
mbam-log-2012-02-03 (18-14-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 172136
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:48 AM

Posted 03 February 2012 - 10:53 PM

Ok, looks clean.
You need to update Java and Adobe Reader

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.



Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 daazndrgon

daazndrgon
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 03 February 2012 - 11:33 PM

Hi Boopme,

All I see is Java DB 10.5.3.0 , Java™ 6 Update 29, and Java ™ SE Development Kit 6 Update 18. Which one of these do I uninstall? I think I need to keep the development kit for Java programming or should I update that to version 7 too?

Thanks.

Edited by daazndrgon, 03 February 2012 - 11:34 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:48 AM

Posted 03 February 2012 - 11:56 PM

Remove Old and update the ones you use
Java DB 10.5.3.0 (Version: 10.5.3.0)
I know these 2 have version 7 now
Java™ 6 Update 29 (Version: 6.0.290)
Java™ SE Development Kit 6 Update 18 (Version: 1.6.0.180)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 daazndrgon

daazndrgon
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 04 February 2012 - 02:04 AM

Okay, everything is up to date now.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:48 AM

Posted 04 February 2012 - 12:57 PM

Great! If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 daazndrgon

daazndrgon
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 04 February 2012 - 02:50 PM

Restore point created.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users