Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java Trojan infection may have installed additional malware


  • Please log in to reply
7 replies to this topic

#1 David Collins

David Collins

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 06 November 2011 - 07:39 PM

Hi everyone,

I'm looking for some help determining if my computer is infected with malware. Here's my situation. My computer is running Windows 7 Pro 64-bit. I use Microsoft Security Essentials for antivirus and the built-in Windows firewall as my firewall. I keep everything updated.

Two days ago I was copying my user profile directory to another drive when the MSE on-access scanner detected the following: Java/OpenConnection.OU. I was doing the copy under a different administrator account from my main account. The only things I did on that account were start the file copy and update my Logitech mouse software.

I told MSE to remove the file and stopped the file copy to do some research. What was detected is a Java vulnerability that exploits a privilege escalation bug in Java to install a Java Trojan which then downloads ax executable payload.

When I switched back to my main account Windows told me it needed to restart so the system changes could take effect. I hadn't made any system changes. I told it not to restart and checked the status of UAC since lowering the UAC setting was one of the symptoms of the Java Trojan. It had been set to disabled. I re-enabled it.

I downloaded the free AVG Linux LiveCD and ran a full system scan with that. It didn't find anything. I then rebooted and let MSE run a full system scan. It detected the following:

Java/CVE-2010-0840.DR
Java/OpenConnection.OU
Java/CVE-2010-0840.HH

These are just variants on the first detection. I should note that all of the files that triggered the detection were in %AppData%\LocalLow\Sun\Java\Deployment\<some directory>. This is where Java stores its temporary files. I again told it to remove everything it detected. Then I ran another MSE full system scan and it came up clean. After that I downloaded MalwareBytes and had it run a full scan. That also came back clean.

Then I used ESET's free system information tool to check out the processes running on my machine. It didn't find anything either and none of the running processes looked out the ordinary. I don't have much experience with detecting malware, though, so one of those processes could easily have been malware disguising itself as something legitimate.

I'm confident that the Java Trojan has been eliminated but what I'm concerned about is what it might have downloaded as a payload. I'm worried it might have downloaded some kind of stealth rootkit or other type of malware onto my machine which could then evade detection by MSE and MalwareByes. I ran a scan with GMER but it didn't find anything unusual.

My options are basically to reformat or to continue using the machine as it is. Reformatting would be safer but that's a lot of time and effort wasted if I'm just being paranoid. What do you all think? Am I infected? Any advice and help would be greatly appreciated.

Thanks!
-Dave

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:01 AM

Posted 06 November 2011 - 09:56 PM

Hello and welcome.
When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:


Lets run these also.
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 David Collins

David Collins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 06 November 2011 - 10:10 PM

Thanks for your reply boopme! I should have mentioned in my original post that I cleaned out the Java cache as soon as I realized where the class file with the Trojan was stored.

Here is the Result.txt from MiniTool. I'll post the MalwareByes logs next.


MiniToolBox by Farbar
Ran by David_E_Collins (administrator) on 06-11-2011 at 22:02:55
Windows 7 Professional Service Pack 1 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=proxy.mountlaurel.k12.nj.us:8083;https=proxy.mountlaurel.k12.nj.us:8083

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="VMware Network Adapter VMnet1" address=192.168.164.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.10.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Nova-Win7
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : C8-BC-C8-DF-47-63
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : C8-BC-C8-DF-3D-E0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
Physical Address. . . . . . . . . : C8-BC-C8-DF-47-63
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::17b:aecc:648a:9ca%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 30, 1875 4:45:52 PM
Lease Expires . . . . . . . . . . : Monday, November 07, 2011 6:14:12 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 325071691
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-D9-43-ED-C4-2C-03-23-5C-CB
DNS Servers . . . . . . . . . . . : 68.87.64.150
68.87.75.198
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : C8-BC-C8-9C-C0-56
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::90ca:c5f9:8c71:9044%20(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.164.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 352342102
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-D9-43-ED-C4-2C-03-23-5C-CB
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7cc3:9e1:91a1:ac4%21(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.10.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 402673750
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-D9-43-ED-C4-2C-03-23-5C-CB
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FC88850F-4304-4230-BFA6-02755E4B01BE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{ABE6EBF9-A66E-4467-9E09-7617BEB80247}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A7A3009D-8433-4CAE-AD81-D1FA473E9249}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.nj.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.nj.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F634BCF0-EC35-444E-9AA1-2C70A286867C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cns.inflow.pa.bo.comcast.net
Address: 68.87.64.150

Name: google.com
Addresses: 72.14.204.105
72.14.204.147
72.14.204.104
72.14.204.103
72.14.204.99


Pinging google.com [72.14.204.147] with 32 bytes of data:
Reply from 72.14.204.147: bytes=32 time=26ms TTL=52
Reply from 72.14.204.147: bytes=32 time=25ms TTL=52

Ping statistics for 72.14.204.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 26ms, Average = 25ms
Server: cns.inflow.pa.bo.comcast.net
Address: 68.87.64.150

DNS request timed out.
timeout was 2 seconds.

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=25ms TTL=52
Reply from 67.195.160.76: bytes=32 time=22ms TTL=52

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 25ms, Average = 23ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 3ms, Average = 2ms
===========================================================================
Interface List
19...c8 bc c8 df 47 63 ......Microsoft Virtual WiFi Miniport Adapter
13...c8 bc c8 df 3d e0 ......Bluetooth Device (Personal Area Network)
12...c8 bc c8 df 47 63 ......Broadcom 802.11n Network Adapter
10...c8 bc c8 9c c0 56 ......Broadcom NetXtreme Gigabit Ethernet
20...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
21...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 276
192.168.1.100 255.255.255.255 On-link 192.168.1.100 276
192.168.1.255 255.255.255.255 On-link 192.168.1.100 276
192.168.10.0 255.255.255.0 On-link 192.168.10.1 276
192.168.10.1 255.255.255.255 On-link 192.168.10.1 276
192.168.10.255 255.255.255.255 On-link 192.168.10.1 276
192.168.164.0 255.255.255.0 On-link 192.168.164.1 276
192.168.164.1 255.255.255.255 On-link 192.168.164.1 276
192.168.164.255 255.255.255.255 On-link 192.168.164.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.164.1 276
224.0.0.0 240.0.0.0 On-link 192.168.10.1 276
224.0.0.0 240.0.0.0 On-link 192.168.1.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.164.1 276
255.255.255.255 255.255.255.255 On-link 192.168.10.1 276
255.255.255.255 255.255.255.255 On-link 192.168.1.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
20 276 fe80::/64 On-link
21 276 fe80::/64 On-link
12 276 fe80::/64 On-link
12 276 fe80::17b:aecc:648a:9ca/128
On-link
21 276 fe80::7cc3:9e1:91a1:ac4/128
On-link
20 276 fe80::90ca:c5f9:8c71:9044/128
On-link
1 306 ff00::/8 On-link
20 276 ff00::/8 On-link
21 276 ff00::/8 On-link
12 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\vsocklib.dll [63088] (VMware, Inc.)
Catalog9 13 C:\Windows\SysWOW64\vsocklib.dll [63088] (VMware, Inc.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\vsocklib.dll [67184] (VMware, Inc.)
x64-Catalog9 13 C:\Windows\System32\vsocklib.dll [67184] (VMware, Inc.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/06/2011 10:02:51 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/06/2011 10:02:51 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/06/2011 09:48:00 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/06/2011 09:48:00 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/06/2011 09:32:36 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/06/2011 09:32:36 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/06/2011 09:17:32 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/06/2011 09:17:32 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/06/2011 09:02:17 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (11/06/2011 09:02:17 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (11/06/2011 08:39:49 PM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (11/05/2011 07:29:38 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (11/05/2011 03:43:01 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (11/04/2011 11:53:38 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (11/04/2011 09:39:45 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR7.

Error: (11/04/2011 09:15:25 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/04/2011 09:10:42 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR7.

Error: (11/03/2011 03:25:27 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/03/2011 11:14:29 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR6.

Error: (11/02/2011 09:19:34 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (11/06/2011 10:02:51 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/06/2011 10:02:51 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/06/2011 09:48:00 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/06/2011 09:48:00 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/06/2011 09:32:36 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/06/2011 09:32:36 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/06/2011 09:17:32 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/06/2011 09:17:32 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/06/2011 09:02:17 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/06/2011 09:02:17 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 8.2.1)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Amazon Unbox Video (Version: 2.1.0.126)
Angry Birds (Version: 1.5.1)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.3.12 (Unicode)
BioShock
BioWare Premium Module: Neverwinter Nights™ Kingmaker
Bonjour (Version: 3.0.0.10)
Boot Camp Services (Version: 4.0.4033)
CCleaner (Version: 3.09)
Champions Online: Free For All
Checksum Verify version 1.1.0 (Version: 1.1.0)
CPUID CPU-Z 1.56
CPUID HWMonitor 1.17
CrashPlan (Version: 3.0.3)
CutePDF Writer 2.8
D3DX10 (Version: 15.4.2368.0902)
Defense Grid: The Awakening (Version: 1.0.0)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.5.0.8)
Driver Sweeper version 3.2.0 (Version: 3.2.0)
eReg (Version: 1.20.138.34)
Evernote v. 4.5.1 (Version: 4.5.1.5432)
Female Voice Pack (Version: 3.3.1)
ffdshow v1.1.3800 [2011-03-28] (Version: 1.1.3800.0)
Foxit Reader (Version: 4.3.1.323)
Fraps (remove only)
Freedom Force
Google Talk Plugin (Version: 2.4.6.4433)
Guardians of Graxia
Gyromancer
Half-Life 2
HOARD
Hyena v8.1 (Version: 8.10.0000)
ImgBurn (Version: 2.5.5.0)
Intel AppUp(SM) center (Version: 18988)
Internet TV for Windows Media Center (Version: 4.2.2.0)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Jing (Version: 2.4.10231)
King's Bounty: Armored Princess
King's Bounty: Crossworlds
LAME v3.98.3 for Audacity
League of Legends (Version: 1.3)
Logitech SetPoint 6.32 (Version: 6.32.20)
Madballs in...Babo: Invasion
Magicka
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Mass Effect
Mass Effect 2
Media Go (Version: 1.8.121)
Media Go Video Playback Engine 1.64.106.02280 (Version: 1.64.106.02280)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728)
Microsoft Windows Media Video 9 VCM
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Might and Magic: Clash of Heroes
MorphVOX Pro (Version: 4.3.13)
MotoHelper MergeModules (Version: 1.2.0)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
Mozilla Thunderbird (7.0.1) (Version: 7.0.1 (en-US))
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Netflix in Windows Media Center (Version: 3.3.101.0)
NOOK for PC (Version: 2.5.4.7070)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 280.19 (Version: 280.19)
NVIDIA 3D Vision Driver 280.26 (Version: 280.26)
NVIDIA Control Panel 280.26 (Version: 280.26)
NVIDIA Graphics Driver 280.26 (Version: 280.26)
NVIDIA HD Audio Driver 1.2.23.3 (Version: 1.2.23.3)
NVIDIA Install Application (Version: 2.1000.25.170)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8026)
NVIDIA Update 1.4.28 (Version: 1.4.28)
NVIDIA Update Components (Version: 1.4.28)
OpenAL
Parallels Management Console (Version: 4.0.10311)
Phoenix Viewer 1.5.2.1185
Picasa 3 (Version: 3.8)
Pidgin (Version: 2.10.0)
PlayStation®Network Downloader (Version: 2.06.00741)
PlayStation®Store (Version: 4.3.3.12540)
Portal
Portal 2
Post Apocalyptic Mayhem
PuTTY version 0.60 (Version: 0.60)
Puzzle Quest
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: 6.0.1.5936)
SecondLifeViewer2 (remove only)
Skype™ 5.5 (Version: 5.5.124)
Snagit 10 (Version: 10.0.0)
Spectromancer
Steam (Version: 1.0.0.0)
Terraria
TightVNC 2.0.2 (Version: 2.0.2)
tools-freebsd (Version: 8.8.0.471780)
tools-linux (Version: 8.8.0.471780)
tools-netware (Version: 8.8.0.471780)
tools-solaris (Version: 8.8.0.471780)
tools-windows (Version: 8.8.0.471780)
tools-winPre2k (Version: 8.8.0.471780)
Trine
TrueCrypt (Version: 7.1)
UltraCompare v6.40 (Version: 6.0.183)
UltraEdit 14.20 (Version: 14.2.50)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Outlook Social Connector (KB2583935)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VirtualCloneDrive
VLC media player 1.1.11 (Version: 1.1.11)
VmciSockets (Version: 9.1.54.1)
VMware vSphere CLI (Version: 4.1.0.1892)
VMware vSphere Client 4.1 (Version: 4.1.0.14766)
VMware Workstation (Version: 8.0.0.18997)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.10.3.9) (Version: 01/11/2008 3.10.3.9)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) (Version: 02/01/2008 3.10.3.10)
Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (Version: 03/01/2010 3.0.0.5)
Windows Driver Package - Apple Inc. Apple Bluetooth (11/23/2009 3.0.0.4) (Version: 11/23/2009 3.0.0.4)
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (Version: 06/27/2007 2.0.0.1)
Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1) (Version: 10/05/2010 3.2.0.1)
Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1) (Version: 11/23/2009 3.1.0.1)
Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (Version: 10/25/2007 2.0.1.0)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (Version: 01/23/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (Version: 02/21/2008 2.0.4.0)
Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) (Version: 05/05/2011 4.0.0.1)
Windows Driver Package - Apple Inc. Apple Keyboard (11/16/2009 3.1.0.0) (Version: 11/16/2009 3.1.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) (Version: 05/05/2011 4.0.0.1)
Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0) (Version: 09/10/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1) (Version: 10/05/2010 3.2.0.1)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) (Version: 05/05/2011 4.0.0.1)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0) (Version: 09/10/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1) (Version: 10/05/2010 3.2.0.1)
Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2) (Version: 01/17/2008 2.0.2.2)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (Version: 05/17/2010 3.1.0.0)
Windows Driver Package - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) (Version: 04/05/2011 3.2.0.8)
Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (Version: 07/13/2009 3.0.0.1)
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (Version: 07/13/2009 3.0.0.1)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (Version: 06/01/2011 4.0.0.1)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6) (Version: 11/30/2009 3.0.0.6)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0) (Version: 01/17/2011 3.2.0.0)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7) (Version: 08/24/2010 3.1.0.7)
Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1) (Version: 08/22/2008 2.1.1.1)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (Version: 11/13/2010 9.2.0.113)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258) (Version: 11/18/2009 8.0.0.258)
Windows Driver Package - Broadcom (b57nd60a) Net (05/28/2009 12.2.0.3) (Version: 05/28/2009 12.2.0.3)
Windows Driver Package - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2) (Version: 12/02/2010 14.4.2.2)
Windows Driver Package - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22) (Version: 04/06/2011 5.100.198.22)
Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8) (Version: 08/21/2009 5.60.18.8)
Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220) (Version: 01/18/2011 1.0.0.220)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21) (Version: 01/02/2010 6.6001.1.21)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26) (Version: 08/16/2010 6.6001.1.26)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30) (Version: 12/03/2010 6.6001.1.30)
Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0) (Version: 02/06/2008 9.12.17.0)
Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0) (Version: 03/26/2010 9.13.41.0)
Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0) (Version: 01/08/2008 8.3.9.0)
Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) (Version: 04/12/2010 11.6.92.0)
Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0) (Version: 07/22/2008 10.3.45.0)
Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0) (Version: 08/05/2008 10.3.49.0)
Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) (Version: 12/04/2009 11.4.7.0)
Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) (Version: 01/07/2010 11.4.16.0)
Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) (Version: 04/07/2010 10.1.9.0)
Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0) (Version: 07/16/2008 9.52.10.0)
Windows Driver Package - Intel Net (02/06/2008 9.12.18.0) (Version: 02/06/2008 9.12.18.0)
Windows Driver Package - Intel Net (06/13/2008 9.52.9.0) (Version: 06/13/2008 9.52.9.0)
Windows Driver Package - Intel Net (07/22/2008 10.3.45.0) (Version: 07/22/2008 10.3.45.0)
Windows Driver Package - Intel Net (08/05/2008 10.3.49.0) (Version: 08/05/2008 10.3.49.0)
Windows Driver Package - Intel Net (11/07/2007 8.10.1.0) (Version: 11/07/2007 8.10.1.0)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0) (Version: 07/20/2007 1.2.76.0)
Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) (Version: 12/06/2007 10.51.1.3)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinPcap 4.1.2 (Version: 4.1.0.2001)
Wireshark 1.4.3 (Version: 1.4.3)
World of Goo
Zen Bound® 2
Zombie Bowl-O-Rama

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 8117.99 MB
Available physical RAM: 4567.04 MB
Total Pagefile: 16234.17 MB
Available Pagefile: 11818.04 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.35 MB

========================= Partitions: =====================================

1 Drive c: (Nova-Win) (Fixed) (Total:232.44 GB) (Free:50.28 GB) NTFS
5 Drive k: (TCDATA) (Fixed) (Total:0.05 GB) (Free:0.04 GB) FAT

========================= Users: ========================================

User accounts for \\NOVA-WIN7

Administrator David_E_Collins decadmin
Guest UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#4 David Collins

David Collins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 06 November 2011 - 10:13 PM

This is the MalwareBytes log from the full scan I ran right after the infection.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8095

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/6/2011 2:25:19 AM
mbam-log-2011-11-06 (02-25-19).txt

Scan type: Full scan (C:\|K:\|)
Objects scanned: 473870
Time elapsed: 1 hour(s), 8 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This is the MalwareByes log for the quick scan I just ran.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8104

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/6/2011 10:12:33 PM
mbam-log-2011-11-06 (22-12-33).txt

Scan type: Quick scan
Objects scanned: 208702
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 David Collins

David Collins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 06 November 2011 - 11:28 PM

This is the MalwareBytes log for the quick scan I ran after reading your post.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8104

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/6/2011 10:12:33 PM
mbam-log-2011-11-06 (22-12-33).txt

Scan type: Quick scan
Objects scanned: 208702
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:01 AM

Posted 07 November 2011 - 12:59 PM

Hello, appears nothing else got through,
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 David Collins

David Collins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 07 November 2011 - 08:11 PM

Thanks for your help!

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:01 AM

Posted 07 November 2011 - 09:33 PM

You're welcome!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users