Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malewarebytes found PUP.bundleinstaller.OI


  • Please log in to reply
23 replies to this topic

#1 101AB

101AB

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 30 September 2012 - 06:01 PM

My pc has been slower than usual for awhile now and so I downloaded Spybot and Malwarebytes last evening.

It was late and I don’t remember what Spybot came up with and fixed but it was today that I ran Malwarebytes and it came up with 5 instances of pup.bundleinstaller.oi and 2 instances of Adware.GamePlayLab.

I told Malwarebytes to Quarantine them and then did a little research and have decided to seek your help (once again) to make sure that this stuff is out of my pc.

I am running Win XP and Kaspersky IS 2012.

Thanks,
jB


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:40 AM

Posted 30 September 2012 - 06:55 PM

Uninstall SPYBOT it is garbage.


Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/


Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE


Run a scan with Eset.
http://www.eset.com/us/online-scanner/
When the scan finish list found threats save to clipboard copy to notepad Post the log here.




Please download FarbarServiceScanner and run it on the computer with the issue.
http://download.bleepingcomputer.com/farbar/FSS.exe


Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Download Norman Malware Cleaner Run it Go to options then put a tick next to Enable rootkit cleaning. Hit the Full Scan>>>>>>>>Let it finish>>>>>>>>Go to the quarantine Tab>>>>>>> Tick the Select All>>>>>Then the Delete>>>>>>Quit
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
A log will appear on your desktop post that here in your next reply.


REBoot after Norman.

#3 101AB

101AB
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 30 September 2012 - 09:55 PM

What, Spybot is no good any more, up until late last year anyone I dealt with at B/C.com couldn't say enough good about it, what has changed?

Do you want to see Kaspersky I/S 2012 paused during these scans?

Also, I'm not sure what you mean by "save to clipboard copy to notepad" .. how to do this?

Thanks
jB

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:40 AM

Posted 01 October 2012 - 06:52 PM

Spybot.
http://www.pcmag.com/article2/0,2817,2282701,00.asp


By copy to clipboard I mean copy and paste to notepad. :)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,070 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:40 AM

Posted 01 October 2012 - 10:04 PM

No need to Run FarbarServiceScanner here.
You have already run MBAm so it would be better to see that log.

So just do the other scans as you only had adware..

Do you want to see Kaspersky I/S 2012 paused during these scans?

only if ESET won't scan.

Edited by boopme, 01 October 2012 - 10:06 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 101AB

101AB
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 02 October 2012 - 10:10 AM

I stopped after running Eset and did not run the rest until I hear from someone to do so.


I DID NOT remove the results of the Eset scan as you didn’t mention to do so, you only asked for a copy of it’s log I ran the scan but unchecked the box to remove threats.






Malwarebytes Scan Log

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org



Database version: v2012.09.29.05



Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: OWNER-X89PXNMMN [administrator]



9/30/2012 8:46:38 AM

mbam-log-2012-09-30 (08-46-38).txt



Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 288726

Time elapsed: 2 hour(s), 14 minute(s), 37 second(s)



Memory Processes Detected: 0

(No malicious items detected)



Memory Modules Detected: 0

(No malicious items detected)



Registry Keys Detected: 2

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.



Registry Values Detected: 0

(No malicious items detected)



Registry Data Items Detected: 0

(No malicious items detected)



Folders Detected: 0

(No malicious items detected)



Files Detected: 5

C:\Program Files\Uninstall Information\ib_uninst_342\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

C:\Program Files\Uninstall Information\ib_uninst_343\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

C:\Program Files\Uninstall Information\ib_uninst_383\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

C:\Program Files\Uninstall Information\ib_uninst_566\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.

C:\Program Files\Uninstall Information\ib_uninst_569\uninstall.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.



(end)

SUPERAntiSpyware Scan Log



http://www.superantispyware.com



Generated 10/02/2012 at 02:31 AM



Application Version : 5.5.1022



Core Rules Database Version : 9324

Trace Rules Database Version: 7136



Scan type : Complete Scan

Total Scan Time : 03:06:40



Operating System Information

Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator



Memory items scanned : 471

Memory threats detected : 0

Registry items scanned : 33896

Registry threats detected : 1

File items scanned : 94824

File threats detected : 10



PUP.bProtector

HKU\S-1-5-21-1935655697-963894560-725345543-1003\Software\Microsoft\Internet Explorer\Main#bProtector Start Page [ http://search.conduit.com?SearchSource=10&ctid=CT3227980 ]



Adware.Tracking Cookie

C:\Documents and Settings\Owner\Cookies\E26K3Q3U.txt [ /accounts.google.com ]



Adware.InstallCore

C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\MOZILLA-FIREFOX-TODOWNLOAD(1).EXE

C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\MOZILLA-FIREFOX-TODOWNLOAD.EXE

G:\S\S\S\S\S\CLICKFREE BACKUP\1\C\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\MOZILLA-FIREFOX-TODOWNLOAD(1).EXE

G:\S\S\S\S\S\CLICKFREE BACKUP\1\C\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\MOZILLA-FIREFOX-TODOWNLOAD.EXE



Trojan.Agent/Gen-Nullo[Short]

C:\SYSTEM VOLUME INFORMATION\_RESTORE{265BF980-22A0-4AF7-8462-AA7400A48E75}\RP13\A0003125.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{265BF980-22A0-4AF7-8462-AA7400A48E75}\RP13\A0003126.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{265BF980-22A0-4AF7-8462-AA7400A48E75}\RP13\A0003127.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{265BF980-22A0-4AF7-8462-AA7400A48E75}\RP13\A0003128.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{265BF980-22A0-4AF7-8462-AA7400A48E75}\RP13\A0003129.EXE




Eset Scan

C:\Documents and Settings\Owner\My Documents\Downloads\finalmediaplayer.exe a variant of Win32/InstallIQ application



C:\Documents and Settings\Owner\My Documents\Downloads\SoftonicDownloader_for_screamer-radio.exe a variant of Win32/SoftonicDownloader.E application





I DID NOT remove the results of the Eset scan above as you didn’t mention to do so, you only asked for a copy of it’s log. I ran the scan but unchecked the box to remove threats.



I stopped after running Eset and did not run the rest until I hear from someone to do so.





FarbarServiceScanner



MINITOOLBOX



Adware Cleaner



Norman Malware Cleaner



Regarding the cleaners, didn’t Bleeping Computer older members have a thing about NOT running any cleaners?



Thanks I appreciate your assistance everyone.








#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,070 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:40 AM

Posted 02 October 2012 - 10:51 AM

OK, looks a lot better got rid of that installer.

Just run Mini toolbox now.. I am not a fan of the Ad ware tool. Good tool but it indiscriminately removes everything.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 101AB

101AB
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 02 October 2012 - 11:34 AM

What items do I check when starting MiniToolBox?

And can you tell me how I can attach a file to a post?

Thanks

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,070 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:40 AM

Posted 02 October 2012 - 11:44 AM

Remove what ESET found.
You cannot attch in this section.

use copy/paste or the Spoiler tool under "Other Styles"

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 101AB

101AB
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 02 October 2012 - 12:41 PM

Before I run Eset again do you think that what it found when I searched Archives this morning pose a direct threat to anything?

C:\Documents and Settings\Owner\My Documents\Downloads\finalmediaplayer.exe a variant of Win32/InstallIQ application

C:\Documents and Settings\Owner\My Documents\Downloads\SoftonicDownloader_for_screamer-radio.exe a variant of Win32/SoftonicDownloader.E application

I run Screamer Radio all of the time, if I remove the above will it still function?

Thanks

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,070 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:40 AM

Posted 02 October 2012 - 01:31 PM

Ok ,if you use it than you can leave it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 101AB

101AB
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 02 October 2012 - 03:14 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 02-10-2012 at 16:03:00
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15266 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection 2 (Disconnected)
Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : owner-x89pxnmmn

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.fl.comcast.net.

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-10-18-0C-5B-8E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.15.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.15.1

DHCP Server . . . . . . . . . . . : 192.168.15.1

DNS Servers . . . . . . . . . . . : 208.67.222.222

208.67.220.222

75.75.75.75

Lease Obtained. . . . . . . . . . : Tuesday, October 02, 2012 3:46:38 PM

Lease Expires . . . . . . . . . . : Wednesday, October 03, 2012 3:46:38 PM

Server: resolver1.opendns.com
Address: 208.67.222.222

Name: google.com.hsd1.fl.comcast.net
Address: 67.215.65.132



Pinging google.com [74.125.130.139] with 32 bytes of data:



Reply from 74.125.130.139: bytes=32 time=34ms TTL=47

Reply from 74.125.130.139: bytes=32 time=34ms TTL=47



Ping statistics for 74.125.130.139:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 34ms, Maximum = 34ms, Average = 34ms

Server: resolver1.opendns.com
Address: 208.67.222.222

Name: yahoo.com.hsd1.fl.comcast.net
Address: 67.215.65.132



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=666ms TTL=49

Reply from 72.30.38.140: bytes=32 time=711ms TTL=49



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 666ms, Maximum = 711ms, Average = 688ms

Server: resolver1.opendns.com
Address: 208.67.222.222

Name: bleepingcomputer.com.hsd1.fl.comcast.net
Address: 67.215.65.132



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 10 18 0c 5b 8e ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.15.1 192.168.15.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.15.0 255.255.255.0 192.168.15.100 192.168.15.100 20
192.168.15.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.15.255 255.255.255.255 192.168.15.100 192.168.15.100 20
224.0.0.0 240.0.0.0 192.168.15.100 192.168.15.100 20
255.255.255.255 255.255.255.255 192.168.15.100 192.168.15.100 1
Default Gateway: 192.168.15.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/30/2012 06:13:42 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/23/2012 00:43:55 PM) (Source: Application Hang) (User: )
Description: Fault bucket -1150946237.

Error: (09/23/2012 00:43:49 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 15.0.1.4631, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/15/2012 09:24:10 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 15.0.1.4631, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/11/2012 04:20:38 PM) (Source: Application Hang) (User: )
Description: Hanging application screamer.exe, version 0.4.4.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2012 03:39:58 PM) (Source: Application Hang) (User: )
Description: Hanging application OfficeGuardian.exe, version 3.9.78.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/23/2012 08:02:35 AM) (Source: MsiInstaller) (User: OWNER-X89PXNMMN)OWNER-X89PXNMMN
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003 Junk E-mail Filter (KB2687403): OUTLFLTR' could not be removed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/23/2012 06:08:04 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Office 2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/23/2012 06:08:03 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1311. Source file not found(cabinet): C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB. Verify that the file exists and that you can access it.

Error: (08/22/2012 01:24:37 PM) (Source: MsiInstaller) (User: OWNER-X89PXNMMN)OWNER-X89PXNMMN
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Office 2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\Owner\LOCALS~1\Temp\OHotfix\OHotfix(00001)_Msi.log.


System errors:
=============
Error: (10/02/2012 00:50:48 PM) (Source: Print) (User: OWNER-X89PXNMMN)
Description: The document 5 x 7 in. cutout prints owned by Owner failed to print on printer Canon iP3500 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 2479752. Number of bytes printed: 2479664. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\OWNER-X89PXNMMN. Win32 error code returned by the print processor: 5 x 7 in. cutout prints0. 5 x 7 in. cutout prints1

Error: (10/02/2012 11:22:42 AM) (Source: Print) (User: OWNER-X89PXNMMN)
Description: The document img061.pdf owned by Owner failed to print on printer Canon iP3500 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 50504256. Number of bytes printed: 25252072. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\OWNER-X89PXNMMN. Win32 error code returned by the print processor: img061.pdf0. img061.pdf1

Error: (10/01/2012 02:45:08 PM) (Source: 0) (User: )
Description: \Device\LanmanDatagramReceiverTHECAVENetBT_Tcpip_{FA2DB228-7C99-4B6B-A

Error: (09/30/2012 09:22:25 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.15.102 for the Network Card with network address 0010180C5B8E has been
denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).

Error: (09/30/2012 06:10:17 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (09/28/2012 11:56:17 PM) (Source: DCOM) (User: OWNER-X89PXNMMN)
Description: Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}.
The error:
"%{46986115-84D6-459C-8F95-52DD653E532E}"
Happened while starting this command:
"C:\Program Files\Winamp\winamp.exe" -Embedding

Error: (09/28/2012 10:11:49 PM) (Source: Print) (User: OWNER-X89PXNMMN)
Description: The document Gmail - Logitech MK520 -reciever wont connect [Incident: 120901-001353] owned by Owner failed to print on printer Canon iP3500 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 44096. Number of bytes printed: 43884. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\OWNER-X89PXNMMN. Win32 error code returned by the print processor: Gmail - Logitech MK520 -reciever wont connect [Incident: 120901-001353]0. Gmail - Logitech MK520 -reciever wont connect [Incident: 120901-001353]1

Error: (09/28/2012 05:13:40 PM) (Source: Print) (User: OWNER-X89PXNMMN)
Description: The document Microsoft Word - SEPT SELL DOC.doc owned by Owner failed to print on printer Canon iP3500 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 42604. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\OWNER-X89PXNMMN. Win32 error code returned by the print processor: Microsoft Word - SEPT SELL DOC.doc0. Microsoft Word - SEPT SELL DOC.doc1

Error: (09/27/2012 03:04:45 PM) (Source: Print) (User: OWNER-X89PXNMMN)
Description: The document Unemployment Cost Control « Thomas & Thorngren owned by Owner failed to print on printer Canon iP3500 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 51140. Number of bytes printed: 50976. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\OWNER-X89PXNMMN. Win32 error code returned by the print processor: Unemployment Cost Control « Thomas & Thorngren0. Unemployment Cost Control « Thomas & Thorngren1

Error: (09/27/2012 03:04:22 PM) (Source: Print) (User: OWNER-X89PXNMMN)
Description: The document Unemployment Cost Control « Thomas & Thorngren owned by Owner failed to print on printer Canon iP3500 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 186880. Number of bytes printed: 56088. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\OWNER-X89PXNMMN. Win32 error code returned by the print processor: Unemployment Cost Control « Thomas & Thorngren0. Unemployment Cost Control « Thomas & Thorngren1


Microsoft Office Sessions:
=========================
Error: (09/30/2012 06:13:42 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (09/23/2012 00:43:55 PM) (Source: Application Hang)(User: )
Description: -1150946237

Error: (09/23/2012 00:43:49 PM) (Source: Application Hang)(User: )
Description: firefox.exe15.0.1.4631hungapp0.0.0.000000000

Error: (09/15/2012 09:24:10 PM) (Source: Application Hang)(User: )
Description: firefox.exe15.0.1.4631hungapp0.0.0.000000000

Error: (09/11/2012 04:20:38 PM) (Source: Application Hang)(User: )
Description: screamer.exe0.4.4.0hungapp0.0.0.000000000

Error: (08/31/2012 03:39:58 PM) (Source: Application Hang)(User: )
Description: OfficeGuardian.exe3.9.78.0hungapp0.0.0.000000000

Error: (08/23/2012 08:02:35 AM) (Source: MsiInstaller)(User: OWNER-X89PXNMMN)OWNER-X89PXNMMN
Description: Microsoft Office Professional Edition 2003Update for Outlook 2003 Junk E-mail Filter (KB2687403): OUTLFLTR1603(NULL)

Error: (08/23/2012 06:08:04 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Microsoft Office Professional Edition 2003Office 2003 Service Pack 3 (SP3): MAINSP31603(NULL)

Error: (08/23/2012 06:08:03 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY
Description: Product: Microsoft Office Professional Edition 2003 -- Error 1311. Source file not found(cabinet): C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)

Error: (08/22/2012 01:24:37 PM) (Source: MsiInstaller)(User: OWNER-X89PXNMMN)OWNER-X89PXNMMN
Description: Microsoft Office Professional Edition 2003Office 2003 Service Pack 3 (SP3): MAINSP31603C:\DOCUME~1\Owner\LOCALS~1\Temp\OHotfix\OHotfix(00001)_Msi.log


=========================== Installed Programs ============================

7-Zip 9.22beta
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
ArcSoft PhotoImpression 6 (Version: 6)
CameraHelperMsi (Version: 13.31.1038.0)
Canon Easy-WebPrint EX
Canon iP3500 series
Canon My Printer
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant D850 56K V.9x DFVc Modem
ConvertHelper 2.2
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.3.0.0)
EPSON Event Manager (Version: 1.80.00)
EPSON Perfection V200 Photo Scanner Driver Update
EPSON Perfection V200P User's Guide
EPSON Scan
EPSON Scan Assistant (Version: 1.11.00)
erLT (Version: 1.20.138.34)
ESET Online Scanner v3
FormatFactory 2.60 (Version: 2.60)
Foxit Reader (Version: 5.4.2.901)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
Kaspersky Internet Security 2012 (Version: 12.0.0.374)
Kaspersky Password Manager 5.0.0.169 (Version: 5.0)
Logitech SetPoint 6.32 (Version: 6.32.20)
Logitech Webcam Software (Version: 2.31)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
Nero Suite
NVIDIA Windows 2000/XP Display Drivers
Open PLS in Windows Media Player 2.3.0 (Version: 2.3)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PowerDVD
Secunia PSI (2.0.0.3001)
Skype™ 5.10 (Version: 5.10.115)
Spybot - Search & Destroy (Version: 1.6.2)
SumatraPDF 2.1.1 (Version: 2.1.1)
SUPERAntiSpyware (Version: 5.5.1022)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================

Name: Intel® PRO/100 VE Network Connection
Description: Intel® PRO/100 VE Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: E100B
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 1535 MB
Available physical RAM: 828.51 MB
Total Pagefile: 3429.46 MB
Available Pagefile: 2550.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.96 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149.04 GB) (Free:81.75 GB) NTFS
5 Drive f: (Clickfree_System) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS
6 Drive g: (CF_STORAGE) (Removable) (Total:111.59 GB) (Free:49.5 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-X89PXNMMN

Administrator Guest HelpAssistant
Owner SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

17-09-2012 21:01:43 System Checkpoint
18-09-2012 22:14:41 System Checkpoint
19-09-2012 22:27:49 System Checkpoint
20-09-2012 22:50:46 System Checkpoint
21-09-2012 23:58:06 System Checkpoint
22-09-2012 12:48:06 Software Distribution Service 3.0
23-09-2012 14:24:23 System Checkpoint
24-09-2012 15:14:39 System Checkpoint
25-09-2012 21:47:39 System Checkpoint
26-09-2012 22:39:54 System Checkpoint
27-09-2012 22:43:20 System Checkpoint
28-09-2012 23:06:47 System Checkpoint
30-09-2012 01:17:06 System Checkpoint
01-10-2012 12:00:36 System Checkpoint
02-10-2012 13:42:13 System Checkpoint

**** End of log ****

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,070 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:40 AM

Posted 02 October 2012 - 07:28 PM

This looks good, did you decide to keep SpyBot?
If no then we have another step to do.

Edited by boopme, 02 October 2012 - 07:31 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 101AB

101AB
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 02 October 2012 - 07:45 PM

I decided to get rid of Spybot for no reason other than why not :busy:

It is GONE!

Thanks

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,070 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:40 AM

Posted 02 October 2012 - 08:00 PM

Then we need to Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the prompts in the Fix it wizard.




If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users