Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE pop-up "detected threats are being cleaned"


  • This topic is locked This topic is locked
7 replies to this topic

#1 cleome

cleome

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 28 March 2014 - 08:48 AM

Vista 64-bit system.  Ran MBAM, SuperAntispyware, and trial version of Hitman Pro, but "no threats detected."  MSE History window shows the following detected items that continue to appear after supposed removal: 

 

TrojanDownloader:Java/Classloader

Exploit:Java/CVE-2013-1493

 

I uninstalled two old versions of Java that were in the list of applications.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,039 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:59 PM

Posted 28 March 2014 - 09:52 PM

Hello cleome
 
Please run these next....
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
     
    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner
    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).

    .
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cleome

cleome
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 31 March 2014 - 11:29 AM

Thanks for your reply.  I keep losing the B.C. website in between scans and attempts to post.  About to try one more time.  Hope it's o.k. to post some logs out of order.   For some reason the TKKKKiller log wouldn't "paste," but it announced 0 detected items. 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by FL (administrator) on 31-03-2014 at 11:40:12
Running from "C:\Users\FL\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Belkin N+ Wireless USB Adapter = Wireless Network Connection 2 (Connected)
Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : FL-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection 2:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Belkin N+ Wireless USB Adapter #2
   Physical Address. . . . . . . . . : 00-1C-DF-D1-C1-13
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8ccd:a516:cf94:29a0%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, March 31, 2014 11:25:23 AM
   Lease Expires . . . . . . . . . . : Tuesday, April 01, 2014 11:25:23 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 402660575
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-92-CA-13-00-23-54-4A-2A-9F
   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       71.243.0.12
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.nh.comcast.net.
   Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-23-54-4A-2A-9F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : isatap.home
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:2835:a6b:3f57:fefc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2835:a6b:3f57:fefc%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.hsd1.nh.comcast.net.
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4006:800::100e
   74.125.226.206
   74.125.226.194
   74.125.226.198
   74.125.226.200
   74.125.226.197
   74.125.226.199
   74.125.226.192
   74.125.226.196
   74.125.226.193
   74.125.226.195
   74.125.226.201

 

Pinging google.com [74.125.226.198] with 32 bytes of data:

Reply from 74.125.226.198: bytes=32 time=19ms TTL=250

Reply from 74.125.226.198: bytes=32 time=18ms TTL=250

 

Ping statistics for 74.125.226.198:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 18ms, Maximum = 19ms, Average = 18ms

Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=91ms TTL=241

Reply from 206.190.36.45: bytes=32 time=87ms TTL=241

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 87ms, Maximum = 91ms, Average = 89ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=10ms TTL=128

Reply from 127.0.0.1: bytes=32 time=4ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 4ms, Maximum = 10ms, Average = 7ms

===========================================================================
Interface List
 14 ...00 1c df d1 c1 13 ...... Belkin N+ Wireless USB Adapter #2
 10 ...00 23 54 4a 2a 9f ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 15 ...00 00 00 00 00 00 00 e0  isatap.home
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 13 ...00 00 00 00 00 00 00 e0  isatap.hsd1.nh.comcast.net.
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     18 2001::/32                On-link
 12    266 2001:0:5ef5:79fb:2835:a6b:3f57:fefc/128
                                    On-link
 14    281 fe80::/64                On-link
 12    266 fe80::/64                On-link
 12    266 fe80::2835:a6b:3f57:fefc/128
                                    On-link
 14    281 fe80::8ccd:a516:cf94:29a0/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
 14    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/31/2014 11:35:26 AM) (Source: Windows Backup) (User: )
Description: File backup failed due to an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check your hardware configuration. (0x81000006).

Error: (03/31/2014 11:27:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2014 10:26:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 541760

Error: (03/31/2014 10:26:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 541760

Error: (03/31/2014 10:26:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/31/2014 10:26:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 540746

Error: (03/31/2014 10:26:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 540746

Error: (03/31/2014 10:26:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/31/2014 10:26:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 539732

Error: (03/31/2014 10:26:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 539732

System errors:
=============
Error: (03/31/2014 11:40:22 AM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanDownloader:Java/Classloader60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanDownloader:Java/Classloader603

 Name: TrojanDownloader:Java/Classloader

 ID: 2147685070

 Severity: %TrojanDownloader:Java/Classloader600

 Category: %TrojanDownloader:Java/Classloader602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %TrojanDownloader:Java/Classloader608

 User: {3F532D40-10D2-4E21-B8E2-5E9338A6DDE6}9

 Process Name: %TrojanDownloader:Java/Classloader609

 Action: {3F532D40-10D2-4E21-B8E2-5E9338A6DDE6}1

 Action Status:  {3F532D40-10D2-4E21-B8E2-5E9338A6DDE6}8

 Error Code: {3F532D40-10D2-4E21-B8E2-5E9338A6DDE6}3

 Error description: {3F532D40-10D2-4E21-B8E2-5E9338A6DDE6}4

 Signature Version: 2014-03-31T15:40:11.622Z1

 Engine Version: 2014-03-31T15:40:11.622Z2

Error: (03/31/2014 11:40:22 AM) (Source: Microsoft Antimalware) (User: )
Description: %Exploit:Java/CVE-2013-149360 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Exploit:Java/CVE-2013-1493603

 Name: Exploit:Java/CVE-2013-1493

 ID: 2147679678

 Severity: %Exploit:Java/CVE-2013-1493600

 Category: %Exploit:Java/CVE-2013-1493602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %Exploit:Java/CVE-2013-1493608

 User: {B435DD3A-E09A-42B6-B83D-F6A982038835}9

 Process Name: %Exploit:Java/CVE-2013-1493609

 Action: {B435DD3A-E09A-42B6-B83D-F6A982038835}1

 Action Status:  {B435DD3A-E09A-42B6-B83D-F6A982038835}8

 Error Code: {B435DD3A-E09A-42B6-B83D-F6A982038835}3

 Error description: {B435DD3A-E09A-42B6-B83D-F6A982038835}4

 Signature Version: 2014-03-31T15:40:06.598Z1

 Engine Version: 2014-03-31T15:40:06.598Z2

Error: (03/31/2014 11:40:04 AM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanDownloader:Java/Classloader60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanDownloader:Java/Classloader603

 Name: TrojanDownloader:Java/Classloader

 ID: 2147685070

 Severity: %TrojanDownloader:Java/Classloader600

 Category: %TrojanDownloader:Java/Classloader602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %TrojanDownloader:Java/Classloader608

 User: {728AF844-DABF-461F-8007-11A2DC85565E}9

 Process Name: %TrojanDownloader:Java/Classloader609

 Action: {728AF844-DABF-461F-8007-11A2DC85565E}1

 Action Status:  {728AF844-DABF-461F-8007-11A2DC85565E}8

 Error Code: {728AF844-DABF-461F-8007-11A2DC85565E}3

 Error description: {728AF844-DABF-461F-8007-11A2DC85565E}4

 Signature Version: 2014-03-31T15:39:56.105Z1

 Engine Version: 2014-03-31T15:39:56.105Z2

Error: (03/31/2014 11:40:04 AM) (Source: Microsoft Antimalware) (User: )
Description: %Exploit:Java/CVE-2013-149360 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Exploit:Java/CVE-2013-1493603

 Name: Exploit:Java/CVE-2013-1493

 ID: 2147679678

 Severity: %Exploit:Java/CVE-2013-1493600

 Category: %Exploit:Java/CVE-2013-1493602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %Exploit:Java/CVE-2013-1493608

 User: {0C2A7717-8DF8-4343-A0B8-1936F16EFDC2}9

 Process Name: %Exploit:Java/CVE-2013-1493609

 Action: {0C2A7717-8DF8-4343-A0B8-1936F16EFDC2}1

 Action Status:  {0C2A7717-8DF8-4343-A0B8-1936F16EFDC2}8

 Error Code: {0C2A7717-8DF8-4343-A0B8-1936F16EFDC2}3

 Error description: {0C2A7717-8DF8-4343-A0B8-1936F16EFDC2}4

 Signature Version: 2014-03-31T15:39:51.068Z1

 Engine Version: 2014-03-31T15:39:51.068Z2

Error: (03/31/2014 11:39:50 AM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanDownloader:Java/Classloader60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanDownloader:Java/Classloader603

 Name: TrojanDownloader:Java/Classloader

 ID: 2147685070

 Severity: %TrojanDownloader:Java/Classloader600

 Category: %TrojanDownloader:Java/Classloader602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %TrojanDownloader:Java/Classloader608

 User: {5EC37BAE-E278-4391-B850-8287065ED295}9

 Process Name: %TrojanDownloader:Java/Classloader609

 Action: {5EC37BAE-E278-4391-B850-8287065ED295}1

 Action Status:  {5EC37BAE-E278-4391-B850-8287065ED295}8

 Error Code: {5EC37BAE-E278-4391-B850-8287065ED295}3

 Error description: {5EC37BAE-E278-4391-B850-8287065ED295}4

 Signature Version: 2014-03-31T15:39:41.640Z1

 Engine Version: 2014-03-31T15:39:41.640Z2

Error: (03/31/2014 11:39:50 AM) (Source: Microsoft Antimalware) (User: )
Description: %Exploit:Java/CVE-2013-149360 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Exploit:Java/CVE-2013-1493603

 Name: Exploit:Java/CVE-2013-1493

 ID: 2147679678

 Severity: %Exploit:Java/CVE-2013-1493600

 Category: %Exploit:Java/CVE-2013-1493602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %Exploit:Java/CVE-2013-1493608

 User: {4C48001E-FB58-4090-B147-27E42B5C2EE3}9

 Process Name: %Exploit:Java/CVE-2013-1493609

 Action: {4C48001E-FB58-4090-B147-27E42B5C2EE3}1

 Action Status:  {4C48001E-FB58-4090-B147-27E42B5C2EE3}8

 Error Code: {4C48001E-FB58-4090-B147-27E42B5C2EE3}3

 Error description: {4C48001E-FB58-4090-B147-27E42B5C2EE3}4

 Signature Version: 2014-03-31T15:39:36.601Z1

 Engine Version: 2014-03-31T15:39:36.601Z2

Error: (03/31/2014 11:39:33 AM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanDownloader:Java/Classloader60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanDownloader:Java/Classloader603

 Name: TrojanDownloader:Java/Classloader

 ID: 2147685070

 Severity: %TrojanDownloader:Java/Classloader600

 Category: %TrojanDownloader:Java/Classloader602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %TrojanDownloader:Java/Classloader608

 User: {5BE5BBB8-7DAD-4993-84EA-2814481C84C1}9

 Process Name: %TrojanDownloader:Java/Classloader609

 Action: {5BE5BBB8-7DAD-4993-84EA-2814481C84C1}1

 Action Status:  {5BE5BBB8-7DAD-4993-84EA-2814481C84C1}8

 Error Code: {5BE5BBB8-7DAD-4993-84EA-2814481C84C1}3

 Error description: {5BE5BBB8-7DAD-4993-84EA-2814481C84C1}4

 Signature Version: 2014-03-31T15:39:24.576Z1

 Engine Version: 2014-03-31T15:39:24.576Z2

Error: (03/31/2014 11:39:33 AM) (Source: Microsoft Antimalware) (User: )
Description: %Exploit:Java/CVE-2013-149360 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Exploit:Java/CVE-2013-1493603

 Name: Exploit:Java/CVE-2013-1493

 ID: 2147679678

 Severity: %Exploit:Java/CVE-2013-1493600

 Category: %Exploit:Java/CVE-2013-1493602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %Exploit:Java/CVE-2013-1493608

 User: {4ADF68A5-173D-433D-A9A3-0836D49C62C1}9

 Process Name: %Exploit:Java/CVE-2013-1493609

 Action: {4ADF68A5-173D-433D-A9A3-0836D49C62C1}1

 Action Status:  {4ADF68A5-173D-433D-A9A3-0836D49C62C1}8

 Error Code: {4ADF68A5-173D-433D-A9A3-0836D49C62C1}3

 Error description: {4ADF68A5-173D-433D-A9A3-0836D49C62C1}4

 Signature Version: 2014-03-31T15:39:19.548Z1

 Engine Version: 2014-03-31T15:39:19.548Z2

Error: (03/31/2014 11:39:18 AM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanDownloader:Java/Classloader60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanDownloader:Java/Classloader603

 Name: TrojanDownloader:Java/Classloader

 ID: 2147685070

 Severity: %TrojanDownloader:Java/Classloader600

 Category: %TrojanDownloader:Java/Classloader602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %TrojanDownloader:Java/Classloader608

 User: {0A468715-96D4-4DB2-9296-07E37B090B5B}9

 Process Name: %TrojanDownloader:Java/Classloader609

 Action: {0A468715-96D4-4DB2-9296-07E37B090B5B}1

 Action Status:  {0A468715-96D4-4DB2-9296-07E37B090B5B}8

 Error Code: {0A468715-96D4-4DB2-9296-07E37B090B5B}3

 Error description: {0A468715-96D4-4DB2-9296-07E37B090B5B}4

 Signature Version: 2014-03-31T15:39:10.298Z1

 Engine Version: 2014-03-31T15:39:10.298Z2

Error: (03/31/2014 11:39:18 AM) (Source: Microsoft Antimalware) (User: )
Description: %Exploit:Java/CVE-2013-149360 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Exploit:Java/CVE-2013-1493603

 Name: Exploit:Java/CVE-2013-1493

 ID: 2147679678

 Severity: %Exploit:Java/CVE-2013-1493600

 Category: %Exploit:Java/CVE-2013-1493602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %Exploit:Java/CVE-2013-1493608

 User: {3022A566-96E5-4807-BE1E-D84CEF1D0DF0}9

 Process Name: %Exploit:Java/CVE-2013-1493609

 Action: {3022A566-96E5-4807-BE1E-D84CEF1D0DF0}1

 Action Status:  {3022A566-96E5-4807-BE1E-D84CEF1D0DF0}8

 Error Code: {3022A566-96E5-4807-BE1E-D84CEF1D0DF0}3

 Error description: {3022A566-96E5-4807-BE1E-D84CEF1D0DF0}4

 Signature Version: 2014-03-31T15:39:05.260Z1

 Engine Version: 2014-03-31T15:39:05.260Z2

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-03-22 10:02:38.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:38.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:37.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:37.372
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:37.016
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:36.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:36.212
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:35.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:35.255
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:34.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

Amazon Kindle
Apple Mobile Device Support (Version: 6.1.0.13)
Bonjour (Version: 3.0.0.10)
Canon iP4200
CanoScan 8800F
HP Photosmart Essential 3.0 (Version: 3.0)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 11.0.5.5)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.5.0216.0)
Microsoft Security Essentials (Version: 4.5.216.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Move Networks Media Player for Internet Explorer
PCIe Soft Data Fax Modem with SmartCP (Version: 7.71.00.50)
SUPERAntiSpyware (Version: 5.0.1142)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 4085.33 MB
Available physical RAM: 2209.28 MB
Total Pagefile: 8343.94 MB
Available Pagefile: 6213.71 MB
Total Virtual: 4095.88 MB
Available Virtual: 4002.01 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:452.98 GB) (Free:326.04 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.78 GB) (Free:1.24 GB) NTFS

========================= Users: ========================================

User accounts for \\FL-PC

Administrator            FL                       Guest                   

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini051813-01.dmp
C:\Windows\Minidump\Mini110611-01.dmp
========================= Restore Points ==================================

05-03-2014 11:51:54 Windows Update
06-03-2014 13:45:28 Scheduled Checkpoint
07-03-2014 14:53:46 Scheduled Checkpoint
08-03-2014 13:41:47 Scheduled Checkpoint
09-03-2014 17:49:21 Windows Update
11-03-2014 12:45:16 Scheduled Checkpoint
12-03-2014 18:04:07 Scheduled Checkpoint
12-03-2014 23:35:44 Windows Update
13-03-2014 13:48:32 Windows Update
14-03-2014 00:12:12 Windows Update
14-03-2014 12:30:05 Scheduled Checkpoint
15-03-2014 21:01:46 Scheduled Checkpoint
16-03-2014 13:11:02 Scheduled Checkpoint
17-03-2014 13:07:34 Scheduled Checkpoint
17-03-2014 14:41:42 Windows Update
18-03-2014 16:01:17 Scheduled Checkpoint
18-03-2014 20:47:18 Windows Update
19-03-2014 12:59:47 Scheduled Checkpoint
22-03-2014 12:14:10 Windows Update
23-03-2014 13:39:40 detected threats bug
23-03-2014 14:17:57 Restore Operation
23-03-2014 15:22:03 Windows Update
23-03-2014 20:25:36 Windows Update
24-03-2014 13:07:21 Removed Java™ 6 Update 37
24-03-2014 13:09:09 Removed Java™ SE Runtime Environment 6 Update 1
26-03-2014 21:19:49 Windows Update
27-03-2014 13:38:10 Windows Update
31-03-2014 12:12:06 Windows Update

**** End of log ****

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by FL on Mon 03/31/2014 at 12:03:29.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/31/2014 at 12:13:03.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Will now do the ADW scan again, and the ESET. 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,039 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:59 PM

Posted 31 March 2014 - 01:26 PM

After ESET rerun Minitoolbox and post a new log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 cleome

cleome
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 01 April 2014 - 07:16 AM

Here it is:

MiniToolBox by Farbar  Version: 23-01-2014
Ran by FL (administrator) on 01-04-2014 at 08:08:28
Running from "C:\Users\FL\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Belkin N+ Wireless USB Adapter = Wireless Network Connection 2 (Connected)
Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : FL-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection 2:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Belkin N+ Wireless USB Adapter #2
   Physical Address. . . . . . . . . : 00-1C-DF-D1-C1-13
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8ccd:a516:cf94:29a0%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, April 01, 2014 7:06:45 AM
   Lease Expires . . . . . . . . . . : Wednesday, April 02, 2014 7:06:45 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 402660575
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-92-CA-13-00-23-54-4A-2A-9F
   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       71.243.0.12
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.nh.comcast.net.
   Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-23-54-4A-2A-9F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : isatap.home
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:2c66:16c:3f57:fefc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2c66:16c:3f57:fefc%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.hsd1.nh.comcast.net.
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4006:809::1009
   74.125.226.167
   74.125.226.161
   74.125.226.168
   74.125.226.160
   74.125.226.164
   74.125.226.166
   74.125.226.174
   74.125.226.169
   74.125.226.165
   74.125.226.163
   74.125.226.162

 

Pinging google.com [74.125.226.164] with 32 bytes of data:

Reply from 74.125.226.164: bytes=32 time=18ms TTL=250

Reply from 74.125.226.164: bytes=32 time=16ms TTL=250

 

Ping statistics for 74.125.226.164:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 16ms, Maximum = 18ms, Average = 17ms

Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=132ms TTL=241

Reply from 206.190.36.45: bytes=32 time=124ms TTL=241

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 124ms, Maximum = 132ms, Average = 128ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=11ms TTL=128

Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 3ms, Maximum = 11ms, Average = 7ms

===========================================================================
Interface List
 14 ...00 1c df d1 c1 13 ...... Belkin N+ Wireless USB Adapter #2
 10 ...00 23 54 4a 2a 9f ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 15 ...00 00 00 00 00 00 00 e0  isatap.home
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 13 ...00 00 00 00 00 00 00 e0  isatap.hsd1.nh.comcast.net.
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     18 2001::/32                On-link
 12    266 2001:0:9d38:90d7:2c66:16c:3f57:fefc/128
                                    On-link
 14    281 fe80::/64                On-link
 12    266 fe80::/64                On-link
 12    266 fe80::2c66:16c:3f57:fefc/128
                                    On-link
 14    281 fe80::8ccd:a516:cf94:29a0/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    266 ff00::/8                 On-link
 14    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/01/2014 07:08:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2014 00:37:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2014 00:37:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/31/2014 00:35:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/01/2014 08:08:36 AM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanDownloader:Java/Classloader60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanDownloader:Java/Classloader603

 Name: TrojanDownloader:Java/Classloader

 ID: 2147685070

 Severity: %TrojanDownloader:Java/Classloader600

 Category: %TrojanDownloader:Java/Classloader602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %TrojanDownloader:Java/Classloader608

 User: {F6331D64-EEF3-4205-B268-ADBD3B6A6C47}9

 Process Name: %TrojanDownloader:Java/Classloader609

 Action: {F6331D64-EEF3-4205-B268-ADBD3B6A6C47}1

 Action Status:  {F6331D64-EEF3-4205-B268-ADBD3B6A6C47}8

 Error Code: {F6331D64-EEF3-4205-B268-ADBD3B6A6C47}3

 Error description: {F6331D64-EEF3-4205-B268-ADBD3B6A6C47}4

 Signature Version: 2014-04-01T12:08:25.247Z1

 Engine Version: 2014-04-01T12:08:25.247Z2

Error: (04/01/2014 08:08:36 AM) (Source: Microsoft Antimalware) (User: )
Description: %Exploit:Java/CVE-2013-149360 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Exploit:Java/CVE-2013-1493603

 Name: Exploit:Java/CVE-2013-1493

 ID: 2147679678

 Severity: %Exploit:Java/CVE-2013-1493600

 Category: %Exploit:Java/CVE-2013-1493602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %Exploit:Java/CVE-2013-1493608

 User: {B59EEA60-C521-4FAF-BBCB-EC6FE32D04D8}9

 Process Name: %Exploit:Java/CVE-2013-1493609

 Action: {B59EEA60-C521-4FAF-BBCB-EC6FE32D04D8}1

 Action Status:  {B59EEA60-C521-4FAF-BBCB-EC6FE32D04D8}8

 Error Code: {B59EEA60-C521-4FAF-BBCB-EC6FE32D04D8}3

 Error description: {B59EEA60-C521-4FAF-BBCB-EC6FE32D04D8}4

 Signature Version: 2014-04-01T12:08:20.208Z1

 Engine Version: 2014-04-01T12:08:20.208Z2

Error: (04/01/2014 08:08:23 AM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanDownloader:Java/Classloader60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanDownloader:Java/Classloader603

 Name: TrojanDownloader:Java/Classloader

 ID: 2147685070

 Severity: %TrojanDownloader:Java/Classloader600

 Category: %TrojanDownloader:Java/Classloader602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %TrojanDownloader:Java/Classloader608

 User: {F0C69C40-DD74-4ED2-8BC2-08EA9A92CC07}9

 Process Name: %TrojanDownloader:Java/Classloader609

 Action: {F0C69C40-DD74-4ED2-8BC2-08EA9A92CC07}1

 Action Status:  {F0C69C40-DD74-4ED2-8BC2-08EA9A92CC07}8

 Error Code: {F0C69C40-DD74-4ED2-8BC2-08EA9A92CC07}3

 Error description: {F0C69C40-DD74-4ED2-8BC2-08EA9A92CC07}4

 Signature Version: 2014-04-01T12:08:15.247Z1

 Engine Version: 2014-04-01T12:08:15.247Z2

Error: (04/01/2014 08:08:23 AM) (Source: Microsoft Antimalware) (User: )
Description: %Exploit:Java/CVE-2013-149360 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Exploit:Java/CVE-2013-1493603

 Name: Exploit:Java/CVE-2013-1493

 ID: 2147679678

 Severity: %Exploit:Java/CVE-2013-1493600

 Category: %Exploit:Java/CVE-2013-1493602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %Exploit:Java/CVE-2013-1493608

 User: {FB8C79A9-D1C5-4E44-99A3-8D8657BAD72F}9

 Process Name: %Exploit:Java/CVE-2013-1493609

 Action: {FB8C79A9-D1C5-4E44-99A3-8D8657BAD72F}1

 Action Status:  {FB8C79A9-D1C5-4E44-99A3-8D8657BAD72F}8

 Error Code: {FB8C79A9-D1C5-4E44-99A3-8D8657BAD72F}3

 Error description: {FB8C79A9-D1C5-4E44-99A3-8D8657BAD72F}4

 Signature Version: 2014-04-01T12:08:10.204Z1

 Engine Version: 2014-04-01T12:08:10.204Z2

Error: (04/01/2014 08:08:13 AM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanDownloader:Java/Classloader60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanDownloader:Java/Classloader603

 Name: TrojanDownloader:Java/Classloader

 ID: 2147685070

 Severity: %TrojanDownloader:Java/Classloader600

 Category: %TrojanDownloader:Java/Classloader602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %TrojanDownloader:Java/Classloader608

 User: {96F40E8E-2397-49A1-97DC-9F8E559CC92F}9

 Process Name: %TrojanDownloader:Java/Classloader609

 Action: {96F40E8E-2397-49A1-97DC-9F8E559CC92F}1

 Action Status:  {96F40E8E-2397-49A1-97DC-9F8E559CC92F}8

 Error Code: {96F40E8E-2397-49A1-97DC-9F8E559CC92F}3

 Error description: {96F40E8E-2397-49A1-97DC-9F8E559CC92F}4

 Signature Version: 2014-04-01T12:08:05.252Z1

 Engine Version: 2014-04-01T12:08:05.252Z2

Error: (04/01/2014 08:08:13 AM) (Source: Microsoft Antimalware) (User: )
Description: %Exploit:Java/CVE-2013-149360 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Exploit:Java/CVE-2013-1493603

 Name: Exploit:Java/CVE-2013-1493

 ID: 2147679678

 Severity: %Exploit:Java/CVE-2013-1493600

 Category: %Exploit:Java/CVE-2013-1493602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %Exploit:Java/CVE-2013-1493608

 User: {835A08A5-9C55-45FA-9F46-334B4A4022B8}9

 Process Name: %Exploit:Java/CVE-2013-1493609

 Action: {835A08A5-9C55-45FA-9F46-334B4A4022B8}1

 Action Status:  {835A08A5-9C55-45FA-9F46-334B4A4022B8}8

 Error Code: {835A08A5-9C55-45FA-9F46-334B4A4022B8}3

 Error description: {835A08A5-9C55-45FA-9F46-334B4A4022B8}4

 Signature Version: 2014-04-01T12:08:00.218Z1

 Engine Version: 2014-04-01T12:08:00.218Z2

Error: (04/01/2014 08:08:03 AM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanDownloader:Java/Classloader60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanDownloader:Java/Classloader603

 Name: TrojanDownloader:Java/Classloader

 ID: 2147685070

 Severity: %TrojanDownloader:Java/Classloader600

 Category: %TrojanDownloader:Java/Classloader602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %TrojanDownloader:Java/Classloader608

 User: {3C84CC89-1446-43A1-9642-325CA5ECC7CF}9

 Process Name: %TrojanDownloader:Java/Classloader609

 Action: {3C84CC89-1446-43A1-9642-325CA5ECC7CF}1

 Action Status:  {3C84CC89-1446-43A1-9642-325CA5ECC7CF}8

 Error Code: {3C84CC89-1446-43A1-9642-325CA5ECC7CF}3

 Error description: {3C84CC89-1446-43A1-9642-325CA5ECC7CF}4

 Signature Version: 2014-04-01T12:07:55.819Z1

 Engine Version: 2014-04-01T12:07:55.819Z2

Error: (04/01/2014 08:08:03 AM) (Source: Microsoft Antimalware) (User: )
Description: %Exploit:Java/CVE-2013-149360 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Exploit:Java/CVE-2013-1493603

 Name: Exploit:Java/CVE-2013-1493

 ID: 2147679678

 Severity: %Exploit:Java/CVE-2013-1493600

 Category: %Exploit:Java/CVE-2013-1493602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %Exploit:Java/CVE-2013-1493608

 User: {51FDFB51-B649-491E-82B8-B816FBA41536}9

 Process Name: %Exploit:Java/CVE-2013-1493609

 Action: {51FDFB51-B649-491E-82B8-B816FBA41536}1

 Action Status:  {51FDFB51-B649-491E-82B8-B816FBA41536}8

 Error Code: {51FDFB51-B649-491E-82B8-B816FBA41536}3

 Error description: {51FDFB51-B649-491E-82B8-B816FBA41536}4

 Signature Version: 2014-04-01T12:07:50.794Z1

 Engine Version: 2014-04-01T12:07:50.794Z2

Error: (04/01/2014 08:07:53 AM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanDownloader:Java/Classloader60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanDownloader:Java/Classloader603

 Name: TrojanDownloader:Java/Classloader

 ID: 2147685070

 Severity: %TrojanDownloader:Java/Classloader600

 Category: %TrojanDownloader:Java/Classloader602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %TrojanDownloader:Java/Classloader608

 User: {FC95EBBF-73E0-488F-A04F-D49F8C55AE8B}9

 Process Name: %TrojanDownloader:Java/Classloader609

 Action: {FC95EBBF-73E0-488F-A04F-D49F8C55AE8B}1

 Action Status:  {FC95EBBF-73E0-488F-A04F-D49F8C55AE8B}8

 Error Code: {FC95EBBF-73E0-488F-A04F-D49F8C55AE8B}3

 Error description: {FC95EBBF-73E0-488F-A04F-D49F8C55AE8B}4

 Signature Version: 2014-04-01T12:07:45.249Z1

 Engine Version: 2014-04-01T12:07:45.249Z2

Error: (04/01/2014 08:07:53 AM) (Source: Microsoft Antimalware) (User: )
Description: %Exploit:Java/CVE-2013-149360 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Exploit:Java/CVE-2013-1493603

 Name: Exploit:Java/CVE-2013-1493

 ID: 2147679678

 Severity: %Exploit:Java/CVE-2013-1493600

 Category: %Exploit:Java/CVE-2013-1493602

 Path: 4.5.0216.02

 Detection Origin: 4.5.0216.04

 Detection Type: 4.5.0216.08

 Detection Source: %Exploit:Java/CVE-2013-1493608

 User: {717B80B3-6B1D-4567-8128-7E032B8A4804}9

 Process Name: %Exploit:Java/CVE-2013-1493609

 Action: {717B80B3-6B1D-4567-8128-7E032B8A4804}1

 Action Status:  {717B80B3-6B1D-4567-8128-7E032B8A4804}8

 Error Code: {717B80B3-6B1D-4567-8128-7E032B8A4804}3

 Error description: {717B80B3-6B1D-4567-8128-7E032B8A4804}4

 Signature Version: 2014-04-01T12:07:40.204Z1

 Engine Version: 2014-04-01T12:07:40.204Z2

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-03-22 10:02:38.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:38.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:37.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:37.372
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:37.016
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:36.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:36.212
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:35.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:35.255
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-22 10:02:34.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

Amazon Kindle
Apple Mobile Device Support (Version: 6.1.0.13)
Bonjour (Version: 3.0.0.10)
Canon iP4200
CanoScan 8800F
HP Photosmart Essential 3.0 (Version: 3.0)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 11.0.5.5)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.5.0216.0)
Microsoft Security Essentials (Version: 4.5.216.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Move Networks Media Player for Internet Explorer
PCIe Soft Data Fax Modem with SmartCP (Version: 7.71.00.50)
SUPERAntiSpyware (Version: 5.0.1142)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 4085.33 MB
Available physical RAM: 2234.65 MB
Total Pagefile: 8371.94 MB
Available Pagefile: 6357.35 MB
Total Virtual: 4095.88 MB
Available Virtual: 4001.99 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:452.98 GB) (Free:325.63 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.78 GB) (Free:1.24 GB) NTFS

========================= Users: ========================================

User accounts for \\FL-PC

Administrator            FL                       Guest                   

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini051813-01.dmp
C:\Windows\Minidump\Mini110611-01.dmp
========================= Restore Points ==================================

05-03-2014 11:51:54 Windows Update
06-03-2014 13:45:28 Scheduled Checkpoint
07-03-2014 14:53:46 Scheduled Checkpoint
08-03-2014 13:41:47 Scheduled Checkpoint
09-03-2014 17:49:21 Windows Update
11-03-2014 12:45:16 Scheduled Checkpoint
12-03-2014 18:04:07 Scheduled Checkpoint
12-03-2014 23:35:44 Windows Update
13-03-2014 13:48:32 Windows Update
14-03-2014 00:12:12 Windows Update
14-03-2014 12:30:05 Scheduled Checkpoint
15-03-2014 21:01:46 Scheduled Checkpoint
16-03-2014 13:11:02 Scheduled Checkpoint
17-03-2014 13:07:34 Scheduled Checkpoint
17-03-2014 14:41:42 Windows Update
18-03-2014 16:01:17 Scheduled Checkpoint
18-03-2014 20:47:18 Windows Update
19-03-2014 12:59:47 Scheduled Checkpoint
22-03-2014 12:14:10 Windows Update
23-03-2014 13:39:40 detected threats bug
23-03-2014 14:17:57 Restore Operation
23-03-2014 15:22:03 Windows Update
23-03-2014 20:25:36 Windows Update
24-03-2014 13:07:21 Removed Java™ 6 Update 37
24-03-2014 13:09:09 Removed Java™ SE Runtime Environment 6 Update 1
26-03-2014 21:19:49 Windows Update
27-03-2014 13:38:10 Windows Update
31-03-2014 12:12:06 Windows Update

**** End of log ****



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,039 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:59 PM

Posted 01 April 2014 - 09:06 PM

Did ESET remove anything?

I cannot kill this TrojanDownloader:Java/Classloader60

We need a new topic so we can use stronger tools.

 

 

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.

 

Include this link back here...

 

http://www.bleepingcomputer.com/forums/t/529104/mse-pop-up-detected-threats-are-being-cleaned/#entry3330634

Let me know if all went well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 cleome

cleome
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 02 April 2014 - 10:16 AM

Hi (and thanks for your patience).  This was from ESET: 

 

C:\Users\FL\AppData\Local\Temp\oi_WynWKo9Dlr\OIAssistWTD.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined

 

The DDS scan took a very long time.  I'll post the logs now in the Virus, etc., forum.



#8 hamluis

hamluis

    Moderator


  • Moderator
  • 55,551 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:59 PM

Posted 02 April 2014 - 11:23 AM

MRL topic at http://www.bleepingcomputer.com/forums/t/529687/infected-with-trojandownloaderjavaclassloader60/ .

 

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users