[SOLVED] Infected with Sirefef :(

[niemiro]

Hello all you security folks :)

I am currently in need of assistance myself. I would greatly appreciate any and all help. I am currently on holiday, and this is my laptop rather than my normal computer. Can you please note that I do not have access to Windows disks or any blank media for the next two weeks (but I do have a memory stick). Sorry about that.

I was browsing on three highly reputable forums, two of which display advertisments, and suddenly out of the blue a fake AV was screaming at me. Anyway, it was pretty standard fare, and I have managed to remove it using standard tools, but I would appreciate any help confirming that I am actually clean. My computer is operating perfectly fine at the moment. I will outline the steps I have taken below, and then post the DDS and security check logs in a separate post.

First, I tried to see what was and wasn't blocked. All .exe files were broken, and there was a blacklist of bad file names. This was easily defeated by renaming to whatever.scr. My installed MBAM and MSE were crippled.

The internet also had a blacklist, but a very poor one (e.g. geekstogo.com was blocked, but itxassociates.com wasn't, etc. etc.).

The Desktop icon created showed that the malware originated from a ProgramData directory, and the %Temp% directory. Manually emptied all that I could from both of these.

The malware was still killing based on window titles and the key component I won't mention publicly (I don't understand why anti-malware tool authors do that. It is utterly rediculous. I hope that they realise that this allows me (and I am extremely unskilled) to bypass the Malwarebytes Chameleon and almost any other tool in 4 lines of code. And it is so easily preventable.)

Anyway, the main process was still running, so I opened up a special programming/debugging tool, and started manipulating memory until the process crashed. At last it had gone! I seized my opportunity to delete the rest of the %Temp% and ProgramData malware.

I still couldn't download MBAM from the official website, but I got it from the bleepingcomputer.com mirror (what a shoddy blacklist!). Gave it a whirl (quick scan), and it removed some remnants:

Malwarebytes Anti-Malware 1.62.0.1300
[URL="http://www.malwarebytes.org"]www.malwarebytes.org[/URL]Database version: v2012.07.29.02
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Richard :: RICHARD-LAPTOP [administrator]
29/07/2012 07:52:43
mbam-log-2012-07-29 (07-52-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211741
Time elapsed: 3 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Viiwylka (Trojan.Agent) -> Data: C:\Users\Richard\AppData\Roaming\Qyeqt\seiq.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 4
HKCU\SOFTWARE\Policies\Microsoft\Windows\System|DisableCMD (PUM.Hijack.CMDPrompt) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 1
C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
Files Detected: 6
C:\Users\Richard\AppData\Roaming\Qyeqt\seiq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2788916113-3204535740-887933417-1000\$R6UZIV0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2788916113-3204535740-887933417-1000\$R7XXO06.tmp (Trojan.Midhos) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-2788916113-3204535740-887933417-1000\$RNKTWOM.exe (Spyware.Zeus) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{63c3d2d2-1d22-1ae6-14dc-9744f38ab1dc}\n (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
(end)

A second quick scan came up clean. Suddenly, the internet and everything else started working again. Excellent! Repaired a bunch of deleted services (MSE, Windows Update, BITS, Windows Modules Installer), and that fixed most other problems. Gave it a reboot just to make sure...not so.

Now I started getting "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now." messages. MBAM quick scan still came up clean, so I gave my newly repaired MSE a go. It deleted some more remnants:

C:\WINDOWS\Installer\{63c3d2d2-1d22-1ae6-14dc-9744f38ab1dc}\U\800000cb.@
C:\WINDOWS\Installer\{63c3d2d2-1d22-1ae6-14dc-9744f38ab1dc}\U\80000000.@

More worryingly, it detected an infected services.exe which it couldn't disinfect. So...I whipped out my Windows Update and SFC knowledge, and performed a manual replacement out of WinSxS. Pended all the replacement and hard link repairs over a reboot, restarted, and voila, a hole in one!

Finally, MSE came back clean.

Now, my computer is working perfectly. I have managed to delete and disinfect all that I have found (even if I did use some slightly unorthodox methods at times!), and have managed to repair all collateral damage. However, I wonder whether you think there might be more fragments I have yet to find? I would greatly appreciate all opinions on that. I will post my DDS and Security Check logs in a second post below.

In conclusion, I used MBAM, MSE, some Windows Update tools, and a debugging tool, I tried but failed to use OTL, RKill, and Rogue Killer, and I didn't use anything but those.

Thank you very much,

Richard

 

[niemiro]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Richard at 19:34:25 on 2012-07-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4060.2099 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\system32\mqsvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\mqtgsvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Richard\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Richard\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Akamai NetSession Interface] "C:\Users\Richard\AppData\Local\Akamai\netsession_win.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: microsoft.com
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.microsoft.com
Trusted Zone: windowsupdates.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{03D847D1-E253-4CC6-96F0-14E7351F2DB5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{62286AAD-A142-4926-922E-68F20E5D90EB} : DhcpNameServer = 88.82.13.12 88.82.13.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 DSFKSVCS;Kernel Services for DSF;C:\Windows\system32\DRIVERS\dsfksvcs.sys --> C:\Windows\system32\DRIVERS\dsfksvcs.sys [?]
R0 dsfroot;root enumerated bus driver;C:\Windows\system32\DRIVERS\dsfroot.sys --> C:\Windows\system32\DRIVERS\dsfroot.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys --> C:\Windows\system32\DRIVERS\VBoxDrv.sys [?]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys --> C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2008-1-21 21504]
R2 VmbService;Vodafone Mobile Broadband Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-12-31 9216]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA008Ufd.sys --> C:\Windows\system32\DRIVERS\OA008Ufd.sys [?]
R3 OA008Vid;Creative Camera OA008 Function Driver;C:\Windows\system32\DRIVERS\OA008Vid.sys --> C:\Windows\system32\DRIVERS\OA008Vid.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys --> C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [?]
R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys --> C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-7 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys --> C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-7 136176]
S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;C:\Windows\system32\DRIVERS\HRMCFGSPC.SYS --> C:\Windows\system32\DRIVERS\HRMCFGSPC.SYS [?]
S3 HRMINTS;DSF Interrupt Redirection Module;C:\Windows\system32\DRIVERS\HRMINTS.SYS --> C:\Windows\system32\DRIVERS\HRMINTS.SYS [?]
S3 HRMPORTS;DSF IO Port Redirection Module;C:\Windows\system32\DRIVERS\HRMPORTS.SYS --> C:\Windows\system32\DRIVERS\HRMPORTS.SYS [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys --> C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [?]
S3 WMSvc;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-4-5 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-29 17:13:09 384512 ----a-w- C:\Windows\System32\services.exe.F484E0945A62B69A
2012-07-29 12:17:20 384512 ----a-w- C:\Windows\System32\services.exe.7129A6EF3E84AA18
2012-07-29 11:53:05 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E5D36A6-15D4-40A2-9192-D39FA4FF2F04}\offreg.dll
2012-07-29 11:51:48 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E5D36A6-15D4-40A2-9192-D39FA4FF2F04}\mpengine.dll
2012-07-29 11:15:46 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50D74B56-A9A9-4DD6-891C-D6F38F2FFD1A}\gapaengine.dll
2012-07-29 10:33:20 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-29 10:22:12 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-29 10:22:06 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-29 06:49:44 -------- d-----w- C:\Users\Richard\AppData\Roaming\Malwarebytes
2012-07-29 06:49:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-29 06:49:32 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-29 06:49:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-28 19:56:01 -------- d-----w- C:\Users\Richard\AppData\Roaming\Xubepi
2012-07-28 19:56:01 -------- d-----w- C:\Users\Richard\AppData\Roaming\Qyeqt
2012-07-28 19:56:01 -------- d-----w- C:\Users\Richard\AppData\Roaming\Nuba
2012-07-20 14:35:58 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-07-20 14:35:57 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-07-20 14:35:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-07-20 14:35:57 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-07-20 14:35:12 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-07-20 14:20:33 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-20 14:20:31 708608 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-20 14:20:25 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-20 14:20:24 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-20 14:20:24 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-20 14:20:23 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-20 14:19:32 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-20 14:19:32 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-07-20 14:19:32 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-20 14:19:31 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-20 14:19:31 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-20 14:19:31 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-30 08:26:20 289656 ----a-w- C:\Users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\x86\axNative.dll
2012-06-30 08:26:19 359800 ----a-w- C:\Users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\x64\axNative.dll
2012-06-30 08:26:18 12616 ----a-w- C:\Users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\en\Microsoft.Web.Delegation.resources.dll
2012-06-30 08:26:17 91976 ----a-w- C:\Users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\Microsoft.Web.Delegation.dll
2012-06-30 08:26:15 116552 ----a-w- C:\Users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\en\Microsoft.Web.Deployment.resources.dll
2012-06-30 08:26:13 1218376 ----a-w- C:\Users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\Microsoft.Web.Deployment.dll
2012-06-30 08:25:17 143360 ----a-w- C:\Users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Web.Management.PHP.Client_1.0.3.0_8175de49a9aec91d\Web.Management.PHP.Client.dll
2012-06-30 08:25:16 603976 ----a-w- C:\Users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\Microsoft.Web.Deployment.UI.Client.dll
2012-06-30 08:25:15 300880 ----a-w- C:\Users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.DatabaseManager.Client_1.0.1.0_31bf3856ad364e35\Microsoft.Web.Management.DatabaseManager.Client.dll
2012-06-30 08:25:13 547608 ----a-w- C:\Users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.Rewrite.Client_7.2.2.1_31bf3856ad364e35\Microsoft.Web.Management.Rewrite.Client.dll
2012-06-30 08:25:12 512000 ----a-w- C:\Users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.AspnetClient_7.5.0.0_31bf3856ad364e35\Microsoft.Web.Management.AspnetClient.dll
2012-06-30 08:25:10 1716224 ----a-w- C:\Users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.IisClient_7.5.0.0_31bf3856ad364e35\Microsoft.Web.Management.IisClient.dll
2012-06-30 08:14:11 -------- d-----w- C:\Program Files\Microsoft
2012-06-30 07:49:34 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-30 07:49:10 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-30 07:49:10 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-30 07:48:56 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-30 07:48:56 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-30 07:48:56 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-30 07:48:56 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-28 18:16:43 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-28 18:16:43 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-14 12:50:21 310728 ----a-w- C:\Windows\System32\drivers\atksgt.sys
2012-06-14 12:50:20 42696 ----a-w- C:\Windows\System32\drivers\lirsgt.sys
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-31 11:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-22 13:26:10 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-05-22 13:26:10 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-05-22 13:26:10 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-05-22 13:25:40 320856 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-05-22 13:25:40 166232 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
============= FINISH: 19:35:58.64 ===============

 

[niemiro]

lol. You can see from this log how many programs I require just to perform the extremely simple programming for jcgriff2's BSOD app!

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 27/07/2009 12:05:56
System Uptime: 29/07/2012 18:14:29 (1 hours ago)
.
Motherboard: Dell Inc. | | 0C234M
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 1200/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 98.918 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 5.467 GiB free.
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Advanced Audio FX Engine
Akamai NetSession Interface
Anno 1701
ATI Catalyst Control Center
audiosamples
AVR Jungo USB
AVR QTouch Studio
AVR Studio 5.0
avstreamsamples
avstreamtools_ia64fre
avstreamtools_x64fre
avstreamtools_x86fre
biometricsamples
biometrictools_x64fre
biometrictools_x86fre
bluetoothsamples
bluetoothtools_ia64fre
bluetoothtools_x64fre
bluetoothtools_x86fre
buildsamples
buildtools_ia64fre
buildtools_x64fre
buildtools_x86fre
bussamples
cancelsample
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
chkinftool_x86fre
Choice Guard
Command & Conquer The First Decade
Crystal Reports for Visual Studio
debugfiles_win7
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Video Chat
Dell Webcam Central
dfx_ia64fre
dfx_x64fre
dfx_x86fre
displaysamples
Dotfuscator Software Services - Community Edition
drvtools_ia64fre
drvtools_x64fre
drvtools_x86fre
DSF-KitSetup
dsfsamples
Emperor: Rise of the Middle Kingdom
eventsample
evntdrvsample
fireflysample
generalsamples
generaltools_ia64fre
generaltools_x64fre
generaltools_x86fre
Google Earth
Google Update Helper
headers
hid_inputsamples
hidsampleinput
hidsamples
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Document Explorer 2008 (KB953196)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2522890)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
IDA Pro Free v5.0
ifssamples
imagingtools_ia64fre
imagingtools_x64fre
imagingtools_x86fre
infsample_ia64fre
infsample_x64fre
infsample_x86fre
installhelp
ioctlsample
irsamples
Java(TM) 6 Update 26
Kodu Game Lab
libs_ia64fre
libs_x64fre
libs_x86fre
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft CCR and DSS Runtime 2008 R3
Microsoft DirectX SDK (June 2010)
Microsoft Document Explorer 2008
Microsoft FxCop 1.36
Microsoft FxCop 10.0
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Robotics Developer Studio 2008 R3
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Small Basic v0.9
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Shell (Isolated) - ENU
Microsoft Visual Studio Macro Tools
Microsoft Windows Driver Kit 7.1.0.7600
Microsoft Windows Driver Kit Documentation 7600.091201
Microsoft XNA Framework Redistributable 2.0
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio Platform Tools
modemtools
MsiVal2
networklibraries_ia64fre
networklibraries_x64fre
networklibraries_x86fre
networksamples
NVIDIA GAME System Software 2.8.1
oacr_x86fre
offreg_ia64fre
offreg_x64fre
offreg_x86fre
Orca
pcidrvsample
pfd_ia64fre
pfd_x64fre
pfd_x86fre
pnpportssample
pnptools_ia64fre
pnptools_x64fre
pnptools_x86fre
portiosample
powermanagement_ia64fre
powermanagement_x64fre
powermanagement_x86fre
printsamples
printtools_ia64fre
printtools_x64fre
printtools_x86fre
readme
sdv
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
sensorsamples
setupsamples
setuptools_ia64fre
setuptools_x64fre
setuptools_x86fre
sideshowsamples
Skins
Skype™ 5.10
smartcardsamples
Spelling Dictionaries Support For Adobe Reader 9
Spotify
storagesamples
streammediasamples
StyleCop 4.7.27.0
swtuner
toastermetadatapackagesample
toastersample
toolindex
tools_ia64fre
tools_x64fre
tools_x86fre
tracingtool_ia64fre
tracingtool_x64fre
tracingtool_x86fre
umdfsamples
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
usbsamples
VirtualCloneDrive
vistalibs_ia64fre
vistalibs_x64fre
vistalibs_x86fre
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.11
Vodafone Mobile Broadband
WCF RIA Services V1.0 SP1
wcoinstallers
wdftools_ia64fre
wdftools_x64fre
wdftools_x86fre
wdtfbinaries_ia64fre
wdtfbinaries_x64fre
wdtfbinaries_x86fre
Windows Live Sync
Windows Live Upload Tool
Windows SDK IntellisenseNFX
wmisamples
wnetlibs_ia64fre
wnetlibs_x64fre
wnetlibs_x86fre
wpdsamples
wpdtools_ia64fre
wpdtools_x64fre
wpdtools_x86fre
wsdtool_ia64fre
wsdtool_x64fre
wsdtool_x86fre
wxplibs_x86fre
.
==== Event Viewer Messages From Past Week ========
.
29/07/2012 18:16:37, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
29/07/2012 18:16:37, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
29/07/2012 18:16:37, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
29/07/2012 18:16:37, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
29/07/2012 18:14:58, Error: EventLog [6008] - The previous system shutdown at 18:12:15 on 29/07/2012 was unexpected.
29/07/2012 18:13:09, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:712 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8601.0, NIS: 0.0.0.0
29/07/2012 18:12:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: dsfroot ElbyCDIO MpFilter spldr VBoxDrv VBoxUSBMon Wanarpv6
29/07/2012 18:12:00, Error: Service Control Manager [7001] - The TCP/IP Print Server service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
29/07/2012 18:12:00, Error: Service Control Manager [7001] - The Net.Msmq Listener Adapter service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
29/07/2012 18:12:00, Error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
29/07/2012 18:12:00, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
29/07/2012 18:11:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
29/07/2012 18:11:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
29/07/2012 18:11:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
29/07/2012 18:11:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/07/2012 18:11:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
29/07/2012 18:10:41, Error: EventLog [6008] - The previous system shutdown at 18:07:56 on 29/07/2012 was unexpected.
29/07/2012 18:08:06, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:748 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 18:05:03, Error: EventLog [6008] - The previous system shutdown at 13:48:55 on 29/07/2012 was unexpected.
29/07/2012 13:49:53, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:748 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:49:53, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x8007051b'. Restart your computer, and then restart the WMPNetworkSvc service.
29/07/2012 13:46:05, Error: EventLog [6008] - The previous system shutdown at 13:43:39 on 29/07/2012 was unexpected.
29/07/2012 13:44:15, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:748 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:42:46, Error: EventLog [6008] - The previous system shutdown at 13:40:17 on 29/07/2012 was unexpected.
29/07/2012 13:40:58, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:748 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:39:24, Error: EventLog [6008] - The previous system shutdown at 13:36:52 on 29/07/2012 was unexpected.
29/07/2012 13:37:31, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:752 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:35:59, Error: EventLog [6008] - The previous system shutdown at 13:33:29 on 29/07/2012 was unexpected.
29/07/2012 13:34:08, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:748 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:32:36, Error: EventLog [6008] - The previous system shutdown at 13:30:11 on 29/07/2012 was unexpected.
29/07/2012 13:30:48, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:748 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:29:18, Error: EventLog [6008] - The previous system shutdown at 13:26:45 on 29/07/2012 was unexpected.
29/07/2012 13:27:30, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:728 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:25:52, Error: EventLog [6008] - The previous system shutdown at 13:23:25 on 29/07/2012 was unexpected.
29/07/2012 13:24:05, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:748 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:22:34, Error: EventLog [6008] - The previous system shutdown at 13:20:05 on 29/07/2012 was unexpected.
29/07/2012 13:20:43, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:756 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:19:12, Error: EventLog [6008] - The previous system shutdown at 13:16:40 on 29/07/2012 was unexpected.
29/07/2012 13:17:20, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:752 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:15:48, Error: EventLog [6008] - The previous system shutdown at 13:13:17 on 29/07/2012 was unexpected.
29/07/2012 13:14:00, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:752 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:12:24, Error: EventLog [6008] - The previous system shutdown at 13:10:28 on 29/07/2012 was unexpected.
29/07/2012 13:10:35, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:752 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:08:36, Error: EventLog [6008] - The previous system shutdown at 13:06:15 on 29/07/2012 was unexpected.
29/07/2012 13:06:46, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:712 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:04:05, Error: EventLog [6008] - The previous system shutdown at 13:01:57 on 29/07/2012 was unexpected.
29/07/2012 13:02:07, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:752 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 13:00:12, Error: EventLog [6008] - The previous system shutdown at 12:58:04 on 29/07/2012 was unexpected.
29/07/2012 12:58:13, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:756 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 12:56:13, Error: EventLog [6008] - The previous system shutdown at 12:53:50 on 29/07/2012 was unexpected.
29/07/2012 12:56:03, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
29/07/2012 12:54:19, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\WINDOWS\System32\services.exe;file:_C:\WINDOWS\System32\services.exe->731;process:_pid:748 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.925.0, AS: 1.131.925.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
29/07/2012 12:40:47, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
29/07/2012 12:14:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 12:14:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 12:14:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 12:14:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 12:14:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 11:33:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Richard-Laptop\Richard Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
29/07/2012 11:33:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Richard-Laptop\Richard Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
29/07/2012 11:33:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Richard-Laptop\Richard Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
29/07/2012 11:33:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Richard-Laptop\Richard Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070714 Error description: The specified image file did not contain a resource section.
29/07/2012 11:32:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
29/07/2012 11:32:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Richard-Laptop\Richard Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 11:32:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Richard-Laptop\Richard Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 11:32:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Richard-Laptop\Richard Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 11:32:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Richard-Laptop\Richard Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 11:25:26, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 11:25:26, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 11:25:26, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 11:25:26, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 11:25:26, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Download Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
29/07/2012 11:23:23, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
29/07/2012 11:22:56, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
29/07/2012 11:07:53, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
29/07/2012 11:07:01, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
29/07/2012 11:07:01, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
29/07/2012 11:07:01, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
29/07/2012 07:37:34, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
29/07/2012 07:37:34, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/07/2012 07:37:27, Error: Service Control Manager [7034] - The SNMP Service service terminated unexpectedly. It has done this 3 time(s).
29/07/2012 07:37:27, Error: Service Control Manager [7034] - The Message Queuing service terminated unexpectedly. It has done this 3 time(s).
29/07/2012 07:37:27, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Vodafone Mobile Broadband Service service to connect.
29/07/2012 07:37:27, Error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The operation completed successfully.
29/07/2012 07:37:26, Error: Service Control Manager [7034] - The Message Queuing service terminated unexpectedly. It has done this 2 time(s).
29/07/2012 07:37:26, Error: Service Control Manager [7001] - The Net.Msmq Listener Adapter service depends on the Message Queuing service which failed to start because of the following error: The operation completed successfully.
29/07/2012 07:37:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
29/07/2012 07:37:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe Listener Adapter service to connect.
29/07/2012 07:37:25, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
29/07/2012 07:37:25, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/07/2012 07:37:25, Error: Service Control Manager [7000] - The Net.Pipe Listener Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/07/2012 07:37:24, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
29/07/2012 07:37:24, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/07/2012 07:37:21, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
29/07/2012 07:37:21, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
29/07/2012 07:36:25, Error: Service Control Manager [7031] - The Vodafone Mobile Broadband Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/07/2012 07:36:25, Error: Service Control Manager [7031] - The SNMP Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/07/2012 07:35:39, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
29/07/2012 07:35:39, Error: Service Control Manager [7034] - The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has done this 1 time(s).
29/07/2012 07:35:39, Error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).
29/07/2012 07:35:39, Error: Service Control Manager [7034] - The Simple TCP/IP Services service terminated unexpectedly. It has done this 1 time(s).
29/07/2012 07:35:39, Error: Service Control Manager [7034] - The Indexing Service service terminated unexpectedly. It has done this 1 time(s).
29/07/2012 07:35:39, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
29/07/2012 07:35:39, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
29/07/2012 07:35:39, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
29/07/2012 07:35:39, Error: Service Control Manager [7034] - The Andrea ST Filters Service service terminated unexpectedly. It has done this 1 time(s).
29/07/2012 07:35:39, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
29/07/2012 07:35:39, Error: Service Control Manager [7031] - The Vodafone Mobile Broadband Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/07/2012 07:35:39, Error: Service Control Manager [7031] - The SNMP Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/07/2012 07:35:39, Error: Service Control Manager [7031] - The Net.Tcp Port Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/07/2012 07:35:39, Error: Service Control Manager [7031] - The Net.Tcp Listener Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/07/2012 07:35:39, Error: Service Control Manager [7031] - The Net.Pipe Listener Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/07/2012 07:35:39, Error: Service Control Manager [7031] - The Net.Msmq Listener Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/07/2012 07:35:39, Error: Service Control Manager [7031] - The Message Queuing Triggers service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/07/2012 07:35:39, Error: Service Control Manager [7031] - The Message Queuing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/07/2012 07:35:39, Error: Service Control Manager [7031] - The IIS Admin Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Run the configured recovery program.
29/07/2012 07:35:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
29/07/2012 07:35:39, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/07/2012 07:35:24, Error: Microsoft-Windows-WAS [5175] - The listener adapter serving the 'net.tcp' protocol disconnected unexpectedly.
29/07/2012 07:35:24, Error: Microsoft-Windows-WAS [5175] - The listener adapter serving the 'net.pipe' protocol disconnected unexpectedly.
29/07/2012 07:35:24, Error: Microsoft-Windows-WAS [5175] - The listener adapter serving the 'net.msmq' protocol disconnected unexpectedly.
29/07/2012 07:35:24, Error: Microsoft-Windows-WAS [5175] - The listener adapter serving the 'msmq.formatname' protocol disconnected unexpectedly.
29/07/2012 07:34:05, Error: EventLog [6008] - The previous system shutdown at 07:26:09 on 29/07/2012 was unexpected.
29/07/2012 07:26:08, Error: Service Control Manager [7034] - The Net.Pipe Listener Adapter service terminated unexpectedly. It has done this 3 time(s).
29/07/2012 07:21:08, Error: Service Control Manager [7031] - The Net.Tcp Port Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/07/2012 07:21:08, Error: Service Control Manager [7031] - The Net.Pipe Listener Adapter service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/07/2012 07:21:07, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Message Queuing service to connect.
29/07/2012 07:21:07, Error: Service Control Manager [7001] - The Net.Msmq Listener Adapter service depends on the Message Queuing service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
29/07/2012 07:21:07, Error: Service Control Manager [7000] - The Message Queuing service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/07/2012 07:20:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SNMP Service service to connect.
29/07/2012 07:20:04, Error: Service Control Manager [7000] - The SNMP Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
29/07/2012 07:18:17, Error: EventLog [6008] - The previous system shutdown at 07:15:25 on 29/07/2012 was unexpected.
28/07/2012 21:00:20, Error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
28/07/2012 20:58:19, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 4.0.0.0 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
28/07/2012 20:58:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 4.0.0.0 service to connect.
28/07/2012 20:58:19, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 4.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28/07/2012 20:58:18, Error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).
28/07/2012 20:58:18, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 4.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
28/07/2012 20:58:18, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
28/07/2012 20:58:18, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
28/07/2012 20:58:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
28/07/2012 20:58:18, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28/07/2012 20:56:18, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
28/07/2012 11:33:56, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.163.60.114 for the Network Card with network address 001E101F50A4 has been denied by the DHCP server 10.141.215.170 (The DHCP Server sent a DHCPNACK message).
28/07/2012 11:28:47, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.337.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
28/07/2012 11:28:47, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.337.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
28/07/2012 11:28:47, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.337.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
28/07/2012 11:28:47, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.337.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
28/07/2012 11:28:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.337.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
28/07/2012 11:28:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.337.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
28/07/2012 11:28:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.337.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
28/07/2012 11:28:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.337.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
28/07/2012 11:28:46, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.337.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...7.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
28/07/2012 11:25:57, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.180.37.238 for the Network Card with network address 001E101F50A4 has been denied by the DHCP server 10.163.60.113 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

 

[niemiro]

I will try to get these sorted out. The problem arises because I only use this laptop occasionally, when I am away from home. I last turned it on with an internet connection to update from ~4 months ago. This is probably the cause of my infection

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 26
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

 

[Corrine]

Hi, niemiro.

Other than it was a System32 trojan dropper, I'm not sure where "Sirefef" came from. That said, Live Security Platinum is indeed a nasty rogue. I helped someone clean their system from that rogue this past week -- the steps were much easier than what you followed.

I would like to see the attach.txt. In addition, particularly since you are away from home, let's go the full route to ensure everything has been removed.

(Edit Note: I see you were busy posting the logs while I was reviewing your comments and the first log. :) )


Please follow these instructions carefully.

Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
  
  Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
  
• If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
• Double-click ComboFix.exe on your desktop and follow the prompts.
• As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Click "Yes" to continue scanning for malware.
• When finished, a log will be produced. Please include the C:\ComboFix.txt in your next.

 

[niemiro]

Thank you very much for your help, Corrine.

MSE reported these two fragments:

C:\WINDOWS\Installer\{63c3d2d2-1d22-1ae6-14dc-9744f38ab1dc}\U\800000cb.@
C:\WINDOWS\Installer\{63c3d2d2-1d22-1ae6-14dc-9744f38ab1dc}\U\80000000.@

as Sirefef.W and Sirefef.AB.

We posted at the same time. Please find attach.txt and SecurityCheck logs above.

ComboFix 12-07-29.02 - Richard 29/07/2012 20:32:18.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4060.1852 [GMT 1:00]
Running from: c:\users\Richard\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\users\Public\Anno1701_Patch104_UK.exe
c:\users\Richard\AppData\Roaming\Nuba
c:\users\Richard\AppData\Roaming\Nuba\entoc.boe
c:\users\Richard\AppData\Roaming\Xubepi
c:\users\Richard\AppData\Roaming\Xubepi\obix.obt
c:\windows\Installer\{63c3d2d2-1d22-1ae6-14dc-9744f38ab1dc}\@
c:\windows\Installer\{63c3d2d2-1d22-1ae6-14dc-9744f38ab1dc}\U\00000001.@
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 19:42 . 2012-07-29 19:45 -------- d-----w- c:\users\Richard\AppData\Local\temp
2012-07-29 19:42 . 2012-07-29 19:42 -------- d-----w- c:\users\Hugo\AppData\Local\temp
2012-07-29 19:42 . 2012-07-29 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 17:13 . 2012-07-29 17:13 384512 ----a-w- c:\windows\system32\services.exe.F484E0945A62B69A
2012-07-29 12:17 . 2012-07-29 12:17 384512 ----a-w- c:\windows\system32\services.exe.7129A6EF3E84AA18
2012-07-29 11:51 . 2012-07-16 01:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E5D36A6-15D4-40A2-9192-D39FA4FF2F04}\mpengine.dll
2012-07-29 11:15 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50D74B56-A9A9-4DD6-891C-D6F38F2FFD1A}\gapaengine.dll
2012-07-29 10:33 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-29 10:22 . 2012-07-29 10:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-29 10:22 . 2012-07-29 10:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-29 06:49 . 2012-07-29 06:49 -------- d-----w- c:\users\Richard\AppData\Roaming\Malwarebytes
2012-07-29 06:49 . 2012-07-29 06:49 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 06:49 . 2012-07-29 06:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 06:49 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 19:56 . 2012-07-29 06:58 -------- d-----w- c:\users\Richard\AppData\Roaming\Qyeqt
2012-07-20 14:35 . 2012-06-02 12:00 818688 ----a-w- c:\windows\system32\jscript.dll
2012-07-20 14:35 . 2012-06-02 08:26 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-07-20 14:35 . 2012-06-02 12:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-20 14:35 . 2012-06-02 12:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-20 14:35 . 2012-06-02 08:27 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-07-20 14:35 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-20 14:35 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-20 14:35 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-07-20 14:20 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-20 14:20 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-20 14:20 . 2012-06-05 16:22 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-07-20 14:20 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-20 14:20 . 2012-06-05 16:22 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-07-20 14:20 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-20 14:19 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-20 14:19 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll
2012-07-20 14:19 . 2012-06-02 00:22 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-20 14:19 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-20 14:19 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-20 14:19 . 2012-06-02 00:03 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-20 14:19 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-30 08:26 . 2012-06-30 08:26 289656 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\x86\axNative.dll
2012-06-30 08:26 . 2012-06-30 08:26 359800 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\x64\axNative.dll
2012-06-30 08:26 . 2012-06-30 08:25 12616 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\en\Microsoft.Web.Delegation.resources.dll
2012-06-30 08:26 . 2012-06-30 08:25 91976 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\Microsoft.Web.Delegation.dll
2012-06-30 08:26 . 2012-06-30 08:25 116552 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\en\Microsoft.Web.Deployment.resources.dll
2012-06-30 08:26 . 2012-06-30 08:25 1218376 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\Microsoft.Web.Deployment.dll
2012-06-30 08:25 . 2012-06-30 08:24 143360 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Web.Management.PHP.Client_1.0.3.0_8175de49a9aec91d\Web.Management.PHP.Client.dll
2012-06-30 08:25 . 2012-06-30 08:24 603976 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\Microsoft.Web.Deployment.UI.Client.dll
2012-06-30 08:25 . 2012-06-30 08:24 300880 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.DatabaseManager.Client_1.0.1.0_31bf3856ad364e35\Microsoft.Web.Management.DatabaseManager.Client.dll
2012-06-30 08:25 . 2012-06-30 08:24 547608 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.Rewrite.Client_7.2.2.1_31bf3856ad364e35\Microsoft.Web.Management.Rewrite.Client.dll
2012-06-30 08:25 . 2012-06-30 08:24 512000 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.AspnetClient_7.5.0.0_31bf3856ad364e35\Microsoft.Web.Management.AspnetClient.dll
2012-06-30 08:25 . 2012-06-30 08:24 1716224 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.IisClient_7.5.0.0_31bf3856ad364e35\Microsoft.Web.Management.IisClient.dll
2012-06-30 08:14 . 2012-06-30 08:14 -------- d-----w- c:\program files\Microsoft
2012-06-30 07:49 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-30 07:49 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-30 07:49 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-30 07:49 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-30 07:49 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-30 07:49 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-30 07:49 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-30 07:48 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-30 07:48 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 18:16 . 2012-04-17 17:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-28 18:16 . 2011-10-16 10:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-20 14:40 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-06-14 12:50 . 2012-06-11 12:22 310728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-06-14 12:50 . 2012-06-11 12:21 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-06-02 22:19 . 2012-06-30 07:49 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-30 07:49 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:12 . 2012-06-30 07:49 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 14:19 . 2012-06-30 07:48 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 14:12 . 2012-06-30 07:48 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 07:23 . 2011-04-05 12:55 2382080 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-01 09:04 . 2011-04-05 12:55 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2012-05-31 11:25 . 2011-04-05 07:19 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-22 13:26 . 2012-06-03 14:51 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-22 13:26 . 2012-06-03 14:50 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-22 13:26 . 2012-05-22 13:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-22 13:25 . 2012-05-22 13:25 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-05-22 13:25 . 2012-05-22 13:25 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-05-01 14:29 . 2012-06-14 08:35 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Richard\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 250056]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-03-19 89600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 18:16]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 06:41]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 06:41]
.
2012-07-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
2012-07-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: microsoft.com
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.microsoft.com
Trusted Zone: windowsupdates.com
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DSFKSVCS\MofImagePath]
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
.
**************************************************************************
.
Completion time: 2012-07-29 20:54:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 19:54
.
Pre-Run: 121,896,206,336 bytes free
Post-Run: 122,573,959,168 bytes free
.
- - End Of File - - C955502C3127492FDE8FF3E192619CE9

 

[Corrine]

Hi, niermiro.

Yup. I saw the other logs and edited my reply.

Personally, I would not allow any programs in the Trusted Zone. When you add a Web site to the Trusted Sites zone, the security level is set to Low. After all, even well known sites, including Microsoft, can be the victim of an SQL injection, hidden scripts, and more.

If you elect to remove the entries from the Trusted Zone, please do the following:

• Launch Internet Explorer, click Internet Options on the Tools menu, and then click the Security tab.
• Click Trusted Sites, and then click Sites.
• Click the site you want to delete, and then click Remove.

Trusted Zone: microsoft.com
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.microsoft.com
Trusted Zone: windowsupdates.com


Next, let's get Java and Adobe products updated. Then, any remnants can be cleaned up with ComboFix.

Java:

Please uninstall Java(TM) 6 Update 26. Also, delete the jinstall-1_6_0_26-windows-i586.cab files from your download folder. Then go to Java SE Downloads and install Java JRE 7u5. Be mindful of pre-checked options as they are not needed for Java to work.

Adobe:
The current version of Adobe Reader is 10.1.3. I recommend the FTP download site: ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.3/ since there are no unnecessary add-ons included.

After that has been completed, please do the following:

Custom CFScript

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  File::
  c:\windows\system32\services.exe.F484E0945A62B69A
  c:\windows\system32\services.exe.7129A6EF3E84AA18
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

• Save this as CFScript.txt and place it on your desktop.
• Close any open browsers
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

[niemiro]

Hello Corrine :)

Thank you very much for your continued assistance here.

I have removed all from the Trusted Zone, although two were automatically re-added as soon as I attempted to run Windows Update.

I have removed all old versions of Java, and have re-installed the latest. I have also updated Adobe Reader. I could, however, not find jinstall-1_6_0_26-windows-i586.cab anywhere. Is this step important?

I also re-ran ComboFix as instructed. Thanks again for your help here.

ComboFix 12-08-10.02 - Richard 12/08/2012 8:52.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4060.2065 [GMT 1:00]
Running from: c:\users\Richard\Desktop\Combo_Fix.exe
Command switches used :: c:\users\Richard\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\services.exe.7129A6EF3E84AA18"
"c:\windows\system32\services.exe.F484E0945A62B69A"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 08:02 . 2012-08-12 08:02 -------- d-----w- c:\users\Richard\AppData\Local\temp
2012-08-12 08:02 . 2012-08-12 08:02 -------- d-----w- c:\users\Hugo\AppData\Local\temp
2012-08-12 08:02 . 2012-08-12 08:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 07:20 . 2012-08-12 07:20 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22DD5B47-A857-4CA8-A08A-045D71DE8EE4}\offreg.dll
2012-08-12 07:18 . 2012-08-12 07:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-12 07:11 . 2012-08-12 07:10 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-12 07:11 . 2012-08-12 07:11 268784 ----a-w- c:\windows\system32\javaws.exe
2012-08-12 07:11 . 2012-08-12 07:10 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-12 07:11 . 2012-08-12 07:11 189424 ----a-w- c:\windows\system32\javaw.exe
2012-08-12 07:11 . 2012-08-12 07:11 188912 ----a-w- c:\windows\system32\java.exe
2012-08-12 07:10 . 2012-08-12 07:10 -------- d-----w- c:\program files\Java
2012-08-12 07:06 . 2012-07-16 01:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22DD5B47-A857-4CA8-A08A-045D71DE8EE4}\mpengine.dll
2012-08-11 09:44 . 2012-07-16 01:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-09 18:40 . 2012-08-09 19:41 -------- d-----w- C:\symbols
2012-08-09 18:36 . 2012-08-09 18:36 -------- d-----w- c:\users\Richard\SysnativeBSODApps
2012-08-05 18:56 . 2012-08-05 18:56 -------- d-----w- c:\program files (x86)\XN Resource Editor
2012-07-31 06:56 . 2012-07-31 06:56 -------- d-----w- c:\program files (x86)\boost - Copy
2012-07-30 17:49 . 2012-07-30 17:49 -------- d-----w- c:\program files (x86)\boost
2012-07-30 06:45 . 2012-07-30 06:45 -------- d-----w- c:\users\Richard\_jcgriff2_
2012-07-29 17:13 . 2012-07-29 17:13 384512 ----a-w- c:\windows\system32\services.exe.F484E0945A62B69A
2012-07-29 12:17 . 2012-07-29 12:17 384512 ----a-w- c:\windows\system32\services.exe.7129A6EF3E84AA18
2012-07-29 11:15 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50D74B56-A9A9-4DD6-891C-D6F38F2FFD1A}\gapaengine.dll
2012-07-29 10:33 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-29 10:22 . 2012-07-29 10:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-29 10:22 . 2012-07-29 10:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-29 06:49 . 2012-07-29 06:49 -------- d-----w- c:\users\Richard\AppData\Roaming\Malwarebytes
2012-07-29 06:49 . 2012-07-29 06:49 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 06:49 . 2012-07-29 06:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 06:49 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 19:56 . 2012-07-29 06:58 -------- d-----w- c:\users\Richard\AppData\Roaming\Qyeqt
2012-07-20 14:35 . 2012-06-02 12:00 818688 ----a-w- c:\windows\system32\jscript.dll
2012-07-20 14:35 . 2012-06-02 08:26 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-07-20 14:35 . 2012-06-02 12:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-20 14:35 . 2012-06-02 12:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-20 14:35 . 2012-06-02 08:27 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-07-20 14:35 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-20 14:35 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-20 14:35 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-07-20 14:20 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-20 14:20 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-20 14:20 . 2012-06-05 16:22 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-07-20 14:20 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-20 14:20 . 2012-06-05 16:22 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-07-20 14:20 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-20 14:19 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-20 14:19 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll
2012-07-20 14:19 . 2012-06-02 00:22 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-20 14:19 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-20 14:19 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-20 14:19 . 2012-06-02 00:03 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-20 14:19 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 10:41 . 2009-08-18 10:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-05 07:22 . 2012-04-17 17:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-05 07:22 . 2011-10-16 10:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-20 14:40 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-06-30 08:26 . 2012-06-30 08:26 289656 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\x86\axNative.dll
2012-06-30 08:26 . 2012-06-30 08:26 359800 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\x64\axNative.dll
2012-06-30 08:25 . 2012-06-30 08:26 12616 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\en\Microsoft.Web.Delegation.resources.dll
2012-06-30 08:25 . 2012-06-30 08:26 91976 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\Microsoft.Web.Delegation.dll
2012-06-30 08:25 . 2012-06-30 08:26 116552 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\en\Microsoft.Web.Deployment.resources.dll
2012-06-30 08:25 . 2012-06-30 08:26 1218376 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\Microsoft.Web.Deployment.dll
2012-06-30 08:24 . 2012-06-30 08:25 143360 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Web.Management.PHP.Client_1.0.3.0_8175de49a9aec91d\Web.Management.PHP.Client.dll
2012-06-30 08:24 . 2012-06-30 08:25 603976 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Deployment.UI.Client_8.0.0.0_31bf3856ad364e35\Microsoft.Web.Deployment.UI.Client.dll
2012-06-30 08:24 . 2012-06-30 08:25 300880 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.DatabaseManager.Client_1.0.1.0_31bf3856ad364e35\Microsoft.Web.Management.DatabaseManager.Client.dll
2012-06-30 08:24 . 2012-06-30 08:25 547608 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.Rewrite.Client_7.2.2.1_31bf3856ad364e35\Microsoft.Web.Management.Rewrite.Client.dll
2012-06-30 08:24 . 2012-06-30 08:25 512000 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.AspnetClient_7.5.0.0_31bf3856ad364e35\Microsoft.Web.Management.AspnetClient.dll
2012-06-30 08:24 . 2012-06-30 08:25 1716224 ----a-w- c:\users\Richard\AppData\Roaming\Microsoft\WebManagement\7.0.0.0\Modules\Microsoft.Web.Management.IisClient_7.5.0.0_31bf3856ad364e35\Microsoft.Web.Management.IisClient.dll
2012-06-14 12:50 . 2012-06-11 12:22 310728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-06-14 12:50 . 2012-06-11 12:21 42696 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-06-02 22:19 . 2012-06-30 07:49 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-30 07:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-30 07:49 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-30 07:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-30 07:49 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-30 07:49 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-30 07:49 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-30 07:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-30 07:49 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-30 07:49 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 14:19 . 2012-06-30 07:48 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:19 . 2012-06-30 07:48 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 14:15 . 2012-06-30 07:48 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 14:12 . 2012-06-30 07:48 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 07:23 . 2011-04-05 12:55 2382080 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-01 09:04 . 2011-04-05 12:55 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2012-05-31 11:25 . 2011-04-05 07:19 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-22 13:26 . 2012-06-03 14:51 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-22 13:26 . 2012-06-03 14:50 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-22 13:26 . 2012-05-22 13:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-22 13:25 . 2012-05-22 13:25 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-05-22 13:25 . 2012-05-22 13:25 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-29_19.45.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2012-08-05 07:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-04-05 11:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-08-05 07:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-04-05 11:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-08-05 07:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2011-04-05 11:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-05 11:00 . 2009-10-01 00:51 75264 c:\windows\system32\WpdMtpUS.dll
+ 2011-04-05 11:00 . 2009-10-01 00:51 37376 c:\windows\system32\WpdConns.dll
+ 2008-01-21 02:23 . 2012-08-12 06:49 60642 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-08-12 06:49 84814 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-04 17:52 . 2012-08-12 06:49 14124 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2788916113-3204535740-887933417-1000_UserData.bin
+ 2011-04-05 11:00 . 2009-10-01 00:51 46592 c:\windows\system32\drivers\WpdUsb.sys
+ 2011-04-04 18:56 . 2006-11-02 11:19 49664 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
- 2011-04-04 18:56 . 2012-07-29 19:48 49664 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-04-05 11:23 . 2012-07-30 17:24 3306 c:\windows\system32\WDI\ERCQueuedResolutions.dat
- 2011-04-05 11:23 . 2012-06-30 13:56 3306 c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2012-07-30 12:16 . 2012-07-30 12:16 9560 c:\windows\system32\networklist\icons\{B0F92B7D-D433-425C-AFFA-9679A36AA39D}_48.bin
+ 2012-07-30 12:16 . 2012-07-30 12:16 4280 c:\windows\system32\networklist\icons\{B0F92B7D-D433-425C-AFFA-9679A36AA39D}_32.bin
+ 2012-07-30 12:16 . 2012-07-30 12:16 2456 c:\windows\system32\networklist\icons\{B0F92B7D-D433-425C-AFFA-9679A36AA39D}_24.bin
+ 2012-08-07 11:30 . 2012-08-07 11:30 9560 c:\windows\system32\networklist\icons\{11C79D01-43AE-4D08-B29A-703F9A23C6D0}_48.bin
+ 2012-08-07 11:30 . 2012-08-07 11:30 4280 c:\windows\system32\networklist\icons\{11C79D01-43AE-4D08-B29A-703F9A23C6D0}_32.bin
+ 2012-08-07 11:30 . 2012-08-07 11:30 2456 c:\windows\system32\networklist\icons\{11C79D01-43AE-4D08-B29A-703F9A23C6D0}_24.bin
- 2012-07-29 19:44 . 2012-07-29 19:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-12 06:42 . 2012-08-12 06:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-29 19:44 . 2012-07-29 19:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-12 06:42 . 2012-08-12 06:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-01 08:36 . 2012-05-01 08:36 140376 c:\windows\SysWOW64\MicrosoftUpdateCatalogWebControl.dll
+ 2012-08-05 07:22 . 2012-08-05 07:22 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
+ 2012-08-05 07:22 . 2012-08-05 07:22 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.dll
+ 2012-04-17 17:25 . 2012-08-05 07:22 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-17 17:25 . 2012-07-28 18:16 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-04-05 11:00 . 2009-10-01 00:51 295936 c:\windows\system32\WpdMtp.dll
+ 2011-04-17 15:03 . 2012-08-11 09:33 245350 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 12:46 . 2012-08-05 19:18 787104 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-05 19:18 175470 c:\windows\system32\perfc009.dat
+ 2012-08-05 07:21 . 2012-08-05 07:21 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.exe
+ 2012-08-05 07:21 . 2012-08-05 07:21 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.dll
- 2011-04-04 17:48 . 2012-07-29 18:59 131072 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-04 17:48 . 2012-08-12 06:44 131072 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-05 20:09 . 2012-05-31 13:33 411484 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
+ 2011-04-05 20:09 . 2012-08-09 20:15 411484 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
+ 2012-06-04 19:46 . 2012-08-10 08:15 435448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-06-04 19:46 . 2012-07-29 08:04 435448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-05 07:02 . 2012-08-11 20:46 397372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-05 07:02 . 2012-07-29 19:43 397372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-12 07:10 . 2012-08-12 07:10 888832 c:\windows\Installer\11d6cc.msi
+ 2011-06-06 11:55 . 2011-06-06 11:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-08-05 16:39 . 2012-08-05 16:39 163328 c:\windows\erdnt\05-08-2012\ERDNT.EXE
+ 2012-08-05 16:39 . 2012-08-05 16:39 217088 c:\windows\erdnt\05-08-2012-2\Users\00000002\NTUSER.DAT
+ 2012-08-05 16:39 . 2012-08-05 16:39 356352 c:\windows\erdnt\05-08-2012-2\Users\00000001\NTUSER.DAT
+ 2012-08-05 16:39 . 2012-08-05 16:39 163328 c:\windows\erdnt\05-08-2012-2\ERDNT.EXE
+ 2011-04-05 11:00 . 2009-10-01 00:51 1195008 c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
+ 2011-04-04 17:48 . 2012-08-12 06:44 2342912 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-04 17:48 . 2012-07-29 18:59 2342912 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-04 17:48 . 2012-07-29 18:59 1327104 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-04 17:48 . 2012-08-12 06:44 1327104 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-05 20:09 . 2012-08-09 20:15 3771584 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-2788916113-3204535740-887933417-1000-12288.dat
- 2011-04-05 20:09 . 2012-05-31 13:33 3771584 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-2788916113-3204535740-887933417-1000-12288.dat
+ 2012-08-12 07:19 . 2012-08-12 07:19 2295808 c:\windows\Installer\11d8b2.msi
+ 2011-06-06 11:55 . 2011-06-06 11:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 11:55 . 2011-06-06 11:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 11:55 . 2011-06-06 11:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 11:55 . 2011-06-06 11:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-08-05 16:39 . 2012-08-05 16:39 4608000 c:\windows\erdnt\05-08-2012\Users\00000002\UsrClass.dat
+ 2012-08-05 16:39 . 2012-08-05 16:39 8732672 c:\windows\erdnt\05-08-2012\Users\00000001\NTUSER.DAT
+ 2012-08-05 16:39 . 2012-08-05 16:39 4608000 c:\windows\erdnt\05-08-2012-2\Users\00000004\UsrClass.dat
+ 2012-08-05 16:39 . 2012-08-05 16:39 8732672 c:\windows\erdnt\05-08-2012-2\Users\00000003\NTUSER.DAT
+ 2011-04-05 11:05 . 2012-08-11 20:46 27728480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2788916113-3204535740-887933417-1000-12288.dat
+ 2012-04-04 11:17 . 2012-04-04 11:17 16613376 c:\windows\Installer\11d8b3.msp
+ 2011-06-06 11:55 . 2011-06-06 11:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Richard\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 250056]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-03-19 89600]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 07:22]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 06:41]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 06:41]
.
2012-07-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
2012-08-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.microsoft.com
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DSFKSVCS\MofImagePath]
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-12 09:07:55
ComboFix-quarantined-files.txt 2012-08-12 08:07
ComboFix2.txt 2012-07-29 19:54
.
Pre-Run: 101,803,151,360 bytes free
Post-Run: 102,079,614,976 bytes free
.
- - End Of File - - 9AE86D2BAC189933C2E3A0BC875FCFCA

 

[Corrine]

Hi, niermiro.

No, don't worry about the java .cab file. However, expect to update Adobe Reader again soon as Adobe will be releasing critical security updates for Adobe Reader and Acrobat on Patch Tuesday, August 14.

I'd like you to do an online scan but please wait until you have returned home and have a normal connection again. Then, please go here to run an ESET on-line scan.

➡Notes:

✱ It is easiest if you use Internet explorer for this scan.
✱ If you use an alternate browser, it will be necessary to download the ESET Smart Installer, esetsmartinstaller_enu.exe, when prompted, then double-click to install. Vista/Windows 7 users, select Run as Administrator.
✱ Temporarily disable your antivirus and anti-malware security applications during the scan. This can usually be accomplished by a right-click on the icon in the System Tray. If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: .

• Select the option YES, I accept the Terms of Use then click:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  ➞ Scan for potentially unwanted applications
  ➞ Scan for potentially unsafe applications
  ➞ Enable Anti-Stealth Technology
• Click the Start button:
• The virus signature database... will begin to download. Be patient. This make take some time depending on your Internet connection.
• When the signatures have completed downloading, the Online Scan will begin automatically.
• Do not touch either the mouse or keyboard during the scan. Otherwise it may stall.
• When the scan is completed, make sure you copy the log file and, if you wish, select Uninstall application on close.
• Click the Finish button,
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your antivirus and anti-malware software after the scan is complete!

 

[niemiro]

Thank you very much for your continued assistance.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2a806ae48b7de84cb6b65090ff53abbf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-13 07:12:58
# local_time=2012-08-13 08:12:58 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 45 143975682 182380969 0 0
# compatibility_mode=8192 67108863 100 0 385 385 0 0
# scanned=294725
# found=1
# cleaned=0
# scan_time=28115
C:\Users\Richard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\f604794-2362fe81 a variant of Win32/Kryptik.AJHU trojan (unable to clean) 00000000000000000000000000000000 I

 

[Corrine]

Java is such a pain. To clear the Java cache, please follow the instructions at How do I clear the Java cache?.

Other than the many months ongoing BSOD issues, is your computer back to normal?

 

[niemiro]

I have cleared my Java cache :)

Thank you so, so much for your help here, Corrine. My computer is back to normal now (this is my laptop, and it is in excellent condition - my desktop and its BSOD are another story!)

Thanks again for your help.

 

[Corrine]

Excellent!

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

[size=11pt]Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.
[/size]

Reminder: Today is "Patch Tuesday". Microsoft Security Updates have been sent to the release channel.

Adobe has also released the update to Adobe Reader. I recommend using the FTP site as it doesn't include any unneeded extras: ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.4/

There was also an Adobe Flash Player update, originally posted as merely addressing crash issues and subsequently updated to include Critical updates:

• Direct Download link for Firefox, Safari, Opera: http://download.macromedia.com/pub/flashplayer/current/support/install_flash_player.exe
• Direct Download for IE users: http://download.macromedia.com/pub/flashplayer/current/support/install_flash_player_ax.exe

 

[niemiro]

Combofix has been uninstalled, and I am currently ensuring everything is fully up to date.