Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.BundleInstaller.IB came up on Malwarebytes


  • Please log in to reply
12 replies to this topic

#1 Satman858

Satman858

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 24 August 2012 - 02:56 PM

I was running my Malwarebytes yesterday, and it detected the following items in the log.

Does anyone know what this problem was, and if there are anything else I should run besides Malwarebytes just to make sure I am no longer infected?



--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.23.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kenny :: VOSTRO-8987D925 [administrator]

8/23/2012 11:45:09 AM
mbam-log-2012-08-23 (11-45-09).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | P2P
Objects scanned: 231211
Time elapsed: 39 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\System Volume Information\_restore{B4BC6E2D-E2E4-4DB8-A30B-BEF7D028C202}\RP167\A0302126.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B4BC6E2D-E2E4-4DB8-A30B-BEF7D028C202}\RP167\A0302127.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B4BC6E2D-E2E4-4DB8-A30B-BEF7D028C202}\RP167\A0302146.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B4BC6E2D-E2E4-4DB8-A30B-BEF7D028C202}\RP167\A0302205.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\bProtector.job (PUP.BProtector) -> Quarantined and deleted successfully.

(end)

Edited by Satman858, 24 August 2012 - 02:58 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 PM

Posted 24 August 2012 - 03:39 PM

Hello, This adware came "bundled" with something else you installed.

It may leave a Toolbar installed.

Those listing are in the System restore points. we'll remove them after this scan.


Next run Superantisypware (SAS):

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Satman858

Satman858
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 24 August 2012 - 05:47 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/24/2012 at 05:38 PM

Application Version : 5.5.1012

Core Rules Database Version : 9121
Trace Rules Database Version: 6933

Scan type : Complete Scan
Total Scan Time : 00:26:19

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 460
Memory threats detected : 0
Registry items scanned : 32159
Registry threats detected : 0
File items scanned : 24184
File threats detected : 44

Adware.Tracking Cookie
C:\Documents and Settings\Kenny\Cookies\OE8CZT79.txt [ /adxpose.com ]
C:\Documents and Settings\Kenny\Cookies\EM5TKR0F.txt [ /yieldmanager.net ]
C:\Documents and Settings\Kenny\Cookies\EMO9XHNL.txt [ /fastclick.net ]
C:\Documents and Settings\Kenny\Cookies\C9R4GQ4I.txt [ /tribalfusion.com ]
C:\Documents and Settings\Kenny\Cookies\6WKY79ML.txt [ /doubleclick.net ]
C:\Documents and Settings\Kenny\Cookies\Z6KTQSS1.txt [ /specificclick.net ]
C:\Documents and Settings\Kenny\Cookies\U6ZGL2QY.txt [ /advertising.com ]
C:\Documents and Settings\Kenny\Cookies\F30EDMXM.txt [ /serving-sys.com ]
C:\Documents and Settings\Kenny\Cookies\LXZ6VU4K.txt [ /interclick.com ]
C:\Documents and Settings\Kenny\Cookies\RUJXKXTR.txt [ /mediaplex.com ]
C:\Documents and Settings\Kenny\Cookies\E045S32W.txt [ /ads.pointroll.com ]
C:\Documents and Settings\Kenny\Cookies\YW9HTK5O.txt [ /atdmt.com ]
C:\Documents and Settings\Kenny\Cookies\SVJOF0LP.txt [ /invitemedia.com ]
C:\Documents and Settings\Kenny\Cookies\Z5TMG3CI.txt [ /ads.bridgetrack.com ]
C:\Documents and Settings\Kenny\Cookies\5CNDY80S.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Kenny\Cookies\OWULAUQ1.txt [ /adinterax.com ]
C:\Documents and Settings\Kenny\Cookies\SFAF6G6J.txt [ /pointroll.com ]
C:\Documents and Settings\Kenny\Cookies\FQX7DK9B.txt [ /a1.interclick.com ]
C:\Documents and Settings\Kenny\Cookies\FYD9CVAB.txt [ /uac.advertising.com ]
C:\Documents and Settings\Kenny\Cookies\YRS7G5RO.txt [ /imrworldwide.com ]
C:\Documents and Settings\Kenny\Cookies\D08PTIRS.txt [ /zedo.com ]
C:\Documents and Settings\Kenny\Cookies\HW2D30NF.txt [ /questionmarket.com ]
C:\Documents and Settings\Kenny\Cookies\IZ1VLYDX.txt [ /apmebf.com ]
art.aim4media.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
core.saymedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
ec.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
konac.kontera.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
media-vimg-net.vimg.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
media.charter.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
media.wwltv.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
mediabrix.hs.llnwd.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
richmedia247.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
s1.2mdn.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
sftrack.searchforce.net [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
stat.easydate.biz [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
static.cdn.360.sorensonmedia.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]
video-http.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\KENNY\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QXNVCV7C ]

Adware.SoftonicDownloader
C:\DOCUMENTS AND SETTINGS\KENNY\MY DOCUMENTS\PROGRAM FILES AND DOWNLOADS\MICROSOFT WORD VIEWER.EXE

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 PM

Posted 24 August 2012 - 06:22 PM

Ok this looks good. One ,ore quick look before we mop up. I'll be here now for a while.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Satman858

Satman858
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 24 August 2012 - 06:49 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Kenny (administrator) on 24-08-2012 at 18:44:28
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : vostro-8987d925

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-24-E8-D0-18-46



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card

Physical Address. . . . . . . . . : 0C-60-76-00-E6-8B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

192.168.1.254

Lease Obtained. . . . . . . . . . : Friday, August 24, 2012 6:28:03 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Address: 74.125.130.100



Pinging google.com [74.125.130.100] with 32 bytes of data:



Reply from 74.125.130.100: bytes=32 time=37ms TTL=47

Reply from 74.125.130.100: bytes=32 time=37ms TTL=47



Ping statistics for 74.125.130.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 37ms, Maximum = 37ms, Average = 37ms

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Address: 72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=123ms TTL=50

Reply from 72.30.38.140: bytes=32 time=179ms TTL=50



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 123ms, Maximum = 179ms, Average = 151ms

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 e8 d0 18 46 ...... Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
0x3 ...0c 60 76 00 e6 8b ...... Dell Wireless 1397 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.4 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.4 192.168.2.4 30
192.168.2.4 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.2.255 255.255.255.255 192.168.2.4 192.168.2.4 30
224.0.0.0 240.0.0.0 192.168.2.4 192.168.2.4 30
255.255.255.255 255.255.255.255 192.168.2.4 192.168.2.4 1
255.255.255.255 255.255.255.255 192.168.2.4 2 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/23/2012 04:50:22 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.62.0.87, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00036822.
Processing media-specific event for [mbam.exe!ws!]

Error: (08/23/2012 04:22:50 PM) (Source: Application Hang) (User: )
Description: Fault bucket -1183896603.

Error: (08/23/2012 04:22:46 PM) (Source: Application Hang) (User: )
Description: Fault bucket -1183896603.

Error: (08/23/2012 04:22:27 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.4.38, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/23/2012 04:22:27 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.4.38, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/07/2012 04:32:43 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/21/2012 11:15:42 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (07/21/2012 11:15:37 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/16/2012 02:06:33 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (07/16/2012 02:06:28 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (08/24/2012 06:27:50 PM) (Source: 0) (User: )
Description: \Device\ACPIEC

Error: (08/23/2012 04:37:06 PM) (Source: 0) (User: )
Description: \Device\ACPIEC

Error: (08/22/2012 11:17:54 PM) (Source: Print) (User: NT AUTHORITY)
Description: The document http://chilis.fbmta.com/ViewOnce/ViewCoupon.aspx?Member=f4131d9 owned by Kenny failed to print on printer Lexmark 7300 Series. Data type: LEMF. Size of the spool file in bytes: 424483. Number of bytes printed: 424483. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\VOSTRO-8987D925. Win32 error code returned by the print processor: http://chilis.fbmta.com/ViewOnce/ViewCoupon.aspx?Member=f4131d90. http://chilis.fbmta.com/ViewOnce/ViewCoupon.aspx?Member=f4131d91

Error: (08/21/2012 02:32:35 PM) (Source: 0) (User: )
Description: \Device\Scsi\O2SDGRDR1

Error: (08/21/2012 02:18:59 PM) (Source: 0) (User: )
Description: \Device\ACPIEC

Error: (08/20/2012 08:07:44 AM) (Source: 0) (User: )
Description: \Device\ACPIEC

Error: (08/18/2012 11:10:31 AM) (Source: DCOM) (User: VOSTRO-8987D925)
Description: The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register with DCOM within the required timeout.

Error: (08/16/2012 05:38:24 PM) (Source: 0) (User: )
Description: {4BCDFF02-957F-4090-8B4F-D24CE9EBA532}

Error: (08/13/2012 03:12:06 PM) (Source: 0) (User: )
Description: \Device\ACPIEC

Error: (08/13/2012 10:05:48 AM) (Source: 0) (User: )
Description: \Device\ACPIEC


Microsoft Office Sessions:
=========================
Error: (08/23/2012 04:50:22 PM) (Source: Application Error)(User: )
Description: mbam.exe1.62.0.87ntdll.dll5.1.2600.605500036822

Error: (08/23/2012 04:22:50 PM) (Source: Application Hang)(User: )
Description: -1183896603

Error: (08/23/2012 04:22:46 PM) (Source: Application Hang)(User: )
Description: -1183896603

Error: (08/23/2012 04:22:27 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe10.1.4.38hungapp0.0.0.000000000

Error: (08/23/2012 04:22:27 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe10.1.4.38hungapp0.0.0.000000000

Error: (08/07/2012 04:32:43 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/21/2012 11:15:42 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (07/21/2012 11:15:37 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/16/2012 02:06:33 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (07/16/2012 02:06:28 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.41612)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Reader X (10.1.4) (Version: 10.1.4)
avast! Free Antivirus (Version: 7.0.1466.0)
CameraHelperMsi (Version: 13.31.1038.0)
Dell Resource CD (Version: 1.00.0000)
Dell Wireless WLAN Card Utility (Version: 4.170.77.18)
erLT (Version: 1.20.138.34)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
IDT Audio (Version: 1.0.6147.0)
Lexmark 7300 Series
Logitech Vid HD (Version: 7.2 (7248))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
magicJack (Version: 2.0.6073.4413)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MSN
NVIDIA Drivers
O2Micro Flash Memory Card Windows Driver (Version: 2.0.03)
Presto! Forms 3.50.01
Presto! PageManager 7.12.02
Print to Fax (Version: 1.00)
Rapport (Version: 3.5.1201.94)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.23.0000)
Skype™ 5.10 (Version: 5.10.116)
SUPERAntiSpyware (Version: 5.5.1012)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
WIDCOMM Bluetooth Software (Version: 5.1.0.3400)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
WinUtilities 10.53 Free Edition

========================= Memory info: ===================================

Percentage of memory in use: 17%
Total physical RAM: 3066.88 MB
Available physical RAM: 2539.14 MB
Total Pagefile: 4952.03 MB
Available Pagefile: 4554.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.34 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.08 GB) (Free:272.94 GB) NTFS

========================= Users: ========================================

User accounts for \\VOSTRO-8987D925

Administrator Guest HelpAssistant
Kenny SUPPORT_388945a0


**** End of log ****

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 PM

Posted 24 August 2012 - 07:12 PM

OK, that looks good ..

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Satman858

Satman858
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 24 August 2012 - 07:30 PM

I just completed the cleanup with no problems, but when after following the Restore point instructions you gave me it did not ask to restart the computer. Will the new restore point I created activate after I shut down or restart my computer?

Edited by Satman858, 24 August 2012 - 07:30 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 PM

Posted 24 August 2012 - 07:39 PM

Yes restart the PC and all should be good.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Satman858

Satman858
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 24 August 2012 - 07:46 PM

Thanks so much.

Oh! Should I remove the SUPERAntiSpyware Free Edition from my computer, since I have Malwarebytes already installed, or should I keep them both?

Edited by Satman858, 24 August 2012 - 07:54 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 PM

Posted 24 August 2012 - 07:55 PM

As lomg as SAS in not running in the System Tray by the clock, keep it and use it like MBAm as an in demand scanner,, Update either before use.

Edited by boopme, 24 August 2012 - 07:55 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Satman858

Satman858
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 24 August 2012 - 08:10 PM

No, it does not appear in the tray at startup. It only appears there which I open it. Do I keep the same settings as you instructed in your above post when I run a full scan from time to time?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:19 PM

Posted 24 August 2012 - 08:26 PM

Yes and Yes :thumbup2:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Satman858

Satman858
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 24 August 2012 - 08:36 PM

Thanks again! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users