Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef!cfg & Java/CVE - 2012-1723


  • This topic is locked This topic is locked
17 replies to this topic

#1 James Reed

James Reed

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 05 December 2012 - 10:07 AM

Booted up my computer this morning to find MSE has quarantined a bunch of files including Sirefef!cfg and a Java/CVE - 2012-1723.

I did upgrade Java to the lastest version to try to prevent any exploitations.

This is my second time around with malware/trojan removal here on bleepingcomp, so I got started and here is the Farbar scan results.

And whomever takes this on, a very big thank you from the get-go!

Scan result of Farbar Recovery Scan Tool Version: 21-06-2012 01
Ran by SYSTEM at 05-12-2012 09:52:04
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [VX1000] C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [648504 2008-05-16] (Pure Networks, Inc.)
HKLM-x32\...\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [451896 2008-05-21] (Pure Networks, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM-x32\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [374368 2012-04-15] (BillP Studios)
HKLM-x32\...\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\Genie-Soft\GBALite8LaCie\GBMAgent.exe [189056 2008-08-26] (Genie-soft)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
HKU\James\...\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\Genie-Soft\GBALite8LaCie\GBMAgent.exe [189056 2008-08-26] (Genie-soft)
HKU\James\...\Run: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-17] (Google Inc.)
HKU\James\...\Run: [Akamai NetSession Interface] "C:\Users\James\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [654848 2011-03-07] (Macrovision Europe Ltd.)
2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [451904 2009-10-28] ()
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
2 NitroDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe" [216072 2012-05-16] (Nitro PDF Software)
2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [69640 2012-05-16] (Nalpeiron Ltd.)
3 nmraapache; "C:\Program Files (x86)\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice [12800 2008-05-21] (Pure Networks, Inc.)
2 nmservice; "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [648504 2008-05-16] (Pure Networks, Inc.)

========================== Drivers (Whitelisted) =============

3 PcaSp60; C:\Windows\System32\Drivers\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
3 PcaSp60; C:\Windows\SysWow64\Drivers\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
3 tap0901; C:\Windows\System32\Drivers\tap0901.sys [31232 2011-12-15] (The OpenVPN Project)
3 VX1000; C:\Windows\System32\Drivers\VX1000.sys [2060144 2010-05-20] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-12-05 06:31 - 2012-12-05 06:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-12-05 06:31 - 2012-12-05 06:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-05 06:31 - 2012-12-05 06:31 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-05 06:31 - 2012-12-05 06:31 - 00000000 ____D C:\Program Files (x86)\Java
2012-12-05 06:26 - 2012-12-05 06:29 - 31160808 ____A (Oracle Corporation) C:\Users\James\Downloads\jre-7u9-windows-i586.exe
2012-11-30 12:22 - 2012-11-30 12:24 - 13382144 ____A (Reagency Systems Corp. ) C:\Users\James\Downloads\easyOFFER_2013_g41km5l34fdfr.exe
2012-11-28 07:39 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-28 07:39 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-28 07:39 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-28 07:39 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-28 07:38 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-11-28 07:38 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-11-28 07:38 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-11-28 07:38 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2012-11-28 07:38 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2012-11-28 07:38 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-28 07:38 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-28 07:38 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-11-28 07:38 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-11-28 07:38 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2012-11-28 07:38 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-11-28 07:38 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-11-28 07:38 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-11-28 07:38 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-11-28 07:38 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2012-11-28 07:38 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-11-28 07:38 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2012-11-28 07:38 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-11-28 07:38 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-11-28 07:38 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-11-28 07:38 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-11-28 07:38 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-11-28 07:38 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-11-28 07:38 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-11-28 07:32 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-28 07:32 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-28 07:32 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-28 07:32 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-28 07:32 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-28 07:32 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-28 07:32 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-28 07:32 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-28 07:32 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-28 07:32 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-28 07:32 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-28 07:32 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-28 07:32 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-28 07:32 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-28 07:32 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-28 07:32 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-28 07:32 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-28 07:32 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-28 07:32 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-28 07:32 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-28 07:32 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-28 07:32 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-28 07:32 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-28 07:32 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-28 07:32 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-28 07:31 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-28 07:31 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-28 07:31 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-28 07:31 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-28 07:31 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-28 07:31 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-28 07:31 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-28 07:29 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-28 07:29 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-28 07:29 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-28 07:29 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-28 07:29 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-28 07:29 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-28 07:29 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-28 07:29 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-28 07:24 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-28 07:24 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-28 07:24 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-28 07:24 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-28 07:24 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-28 07:24 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-28 07:24 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-28 07:24 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-28 07:24 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-28 07:24 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-28 07:24 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-28 07:24 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-28 07:24 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-28 07:24 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-28 07:24 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-28 07:24 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-28 07:24 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-11-28 07:24 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-11-28 07:24 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-28 07:24 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-28 07:24 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-11-28 07:24 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-11-28 07:24 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-11-28 07:24 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-11-28 07:24 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-11-28 07:24 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-28 07:23 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-28 07:23 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-27 08:34 - 2012-11-27 08:34 - 00000218 ____A C:\Users\James\AppData\Local\recently-used.xbel
2012-11-13 14:29 - 2012-11-13 14:29 - 00000000 ____D C:\Users\James\AppData\Roaming\dvdcss
2012-11-13 12:56 - 2012-11-13 12:56 - 00000000 ____D C:\Program Files (x86)\BolehVPN
2012-11-13 12:54 - 2012-11-13 12:55 - 05969511 ____A C:\Users\James\Downloads\BolehVPNV2012b.exe
2012-11-06 05:10 - 2012-11-06 05:10 - 00000000 ____D C:\Users\James\AppData\Roaming\Nitro PDF
2012-11-06 05:10 - 2012-11-06 05:10 - 00000000 ____D C:\Users\James\AppData\Roaming\FileOpen
2012-11-06 05:09 - 2012-11-06 05:09 - 00000000 ____D C:\Program Files\Common Files\Nitro PDF
2012-11-06 05:09 - 2012-11-06 05:09 - 00000000 ____D C:\Program Files (x86)\Nitro PDF
2012-11-06 05:09 - 2012-05-16 12:32 - 00029704 ____A (Nitro PDF Software) C:\Windows\System32\nitrolocalmon2.dll
2012-11-06 05:09 - 2012-05-16 12:32 - 00017928 ____A (Nitro PDF Software) C:\Windows\System32\nitrolocalui2.dll
2012-11-06 05:08 - 2012-11-06 05:08 - 00000000 ____D C:\Users\James\AppData\Roaming\Downloaded Installations
2012-11-06 05:02 - 2012-11-13 13:09 - 00000000 ____D C:\Users\James\AppData\Roaming\BitLord
2012-11-06 05:02 - 2012-11-06 05:02 - 00000000 ____D C:\Users\James\AppData\Roaming\Python-Eggs
2012-11-06 05:01 - 2012-11-28 04:43 - 00000000 ____D C:\Users\James\Documents\BitLord
2012-11-06 05:01 - 2012-11-06 05:01 - 00000000 ____D C:\Program Files (x86)\BitLord 2
2012-11-06 04:58 - 2012-11-06 04:59 - 28020308 ____A C:\Users\James\Downloads\BitLord 2.2 Installer.exe
2012-11-06 04:54 - 2012-11-06 04:54 - 00180992 ____A C:\Users\James\Downloads\pdfescape free pdf editor.exe


============ 3 Months Modified Files and Folders =============

2012-12-05 09:52 - 2012-06-21 14:42 - 00000000 ____D C:\FRST
2012-12-05 06:47 - 2010-07-21 05:16 - 01246730 ____A C:\Windows\WindowsUpdate.log
2012-12-05 06:47 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-05 06:47 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-05 06:44 - 2011-03-09 08:34 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-12-05 06:43 - 2012-07-03 11:11 - 00009846 ____A C:\Windows\setupact.log
2012-12-05 06:43 - 2011-03-14 06:09 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForJames.job
2012-12-05 06:43 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-05 06:31 - 2012-12-05 06:31 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-12-05 06:31 - 2012-12-05 06:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-12-05 06:31 - 2012-12-05 06:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-05 06:31 - 2012-12-05 06:31 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-05 06:31 - 2012-12-05 06:31 - 00000000 ____D C:\Program Files (x86)\Java
2012-12-05 06:31 - 2012-06-23 04:46 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-12-05 06:31 - 2011-10-17 06:05 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153258332-1824824533-2043252731-1000UA.job
2012-12-05 06:31 - 2011-03-22 11:09 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-12-05 06:29 - 2012-12-05 06:26 - 31160808 ____A (Oracle Corporation) C:\Users\James\Downloads\jre-7u9-windows-i586.exe
2012-12-05 05:01 - 2011-03-09 12:50 - 00000000 ____D C:\Users\James\AppData\Local\CutePDF Writer
2012-12-04 13:31 - 2011-10-17 06:05 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153258332-1824824533-2043252731-1000Core.job
2012-12-04 12:36 - 2011-03-07 16:14 - 00000000 ____D C:\users\James
2012-12-04 12:35 - 2011-03-14 06:08 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-12-04 12:33 - 2011-03-14 06:07 - 00000000 ____D C:\Users\James\AppData\Roaming\HP Support Assistant
2012-12-04 12:33 - 2011-03-09 08:03 - 00000000 ____D C:\Users\James\AppData\Roaming\HpUpdate
2012-12-03 08:30 - 2011-03-09 09:19 - 00000000 ____D C:\Users\James\Documents\Reed Realty
2012-11-30 13:12 - 2011-03-09 12:13 - 00008899 ____A C:\Users\James\AppData\Roaming\Rim.Desktop.Exception.log
2012-11-30 12:29 - 2011-03-22 04:32 - 00001952 ____A C:\Users\Public\Desktop\easyOFFER.lnk
2012-11-30 12:24 - 2012-11-30 12:22 - 13382144 ____A (Reagency Systems Corp. ) C:\Users\James\Downloads\easyOFFER_2013_g41km5l34fdfr.exe
2012-11-30 12:22 - 2009-07-13 21:13 - 00782950 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-30 07:00 - 2011-03-07 16:15 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2012-11-28 09:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-28 07:58 - 2011-03-07 16:14 - 00116768 ____A C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-28 07:57 - 2009-07-13 20:45 - 02359992 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-28 07:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-28 07:29 - 2011-03-09 12:47 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-28 07:28 - 2009-07-13 18:34 - 00000589 ____A C:\Windows\win.ini
2012-11-28 04:43 - 2012-11-06 05:01 - 00000000 ____D C:\Users\James\Documents\BitLord
2012-11-27 08:35 - 2011-08-10 11:28 - 00000000 ____D C:\Users\James\AppData\Roaming\vlc
2012-11-27 08:34 - 2012-11-27 08:34 - 00000218 ____A C:\Users\James\AppData\Local\recently-used.xbel
2012-11-27 04:46 - 2011-03-09 09:18 - 00000000 ____D C:\Users\James\Documents\Northwest Brampton
2012-11-26 05:11 - 2011-03-09 09:35 - 00000000 ____D C:\Users\James\Documents\James
2012-11-26 04:45 - 2011-03-10 05:42 - 00000000 ____D C:\Users\James\AppData\Roaming\Skype
2012-11-15 05:10 - 2011-03-09 09:57 - 00000000 ____D C:\Users\James\Documents\Real Estate
2012-11-13 14:29 - 2012-11-13 14:29 - 00000000 ____D C:\Users\James\AppData\Roaming\dvdcss
2012-11-13 13:09 - 2012-11-06 05:02 - 00000000 ____D C:\Users\James\AppData\Roaming\BitLord
2012-11-13 12:56 - 2012-11-13 12:56 - 00000000 ____D C:\Program Files (x86)\BolehVPN
2012-11-13 12:55 - 2012-11-13 12:54 - 05969511 ____A C:\Users\James\Downloads\BolehVPNV2012b.exe
2012-11-13 07:54 - 2011-03-09 09:19 - 00000000 ____D C:\Users\James\Documents\12 Holdco
2012-11-06 05:10 - 2012-11-06 05:10 - 00000000 ____D C:\Users\James\AppData\Roaming\Nitro PDF
2012-11-06 05:10 - 2012-11-06 05:10 - 00000000 ____D C:\Users\James\AppData\Roaming\FileOpen
2012-11-06 05:09 - 2012-11-06 05:09 - 00000000 ____D C:\Program Files\Common Files\Nitro PDF
2012-11-06 05:09 - 2012-11-06 05:09 - 00000000 ____D C:\Program Files (x86)\Nitro PDF
2012-11-06 05:08 - 2012-11-06 05:08 - 00000000 ____D C:\Users\James\AppData\Roaming\Downloaded Installations
2012-11-06 05:02 - 2012-11-06 05:02 - 00000000 ____D C:\Users\James\AppData\Roaming\Python-Eggs
2012-11-06 05:01 - 2012-11-06 05:01 - 00000000 ____D C:\Program Files (x86)\BitLord 2
2012-11-06 04:59 - 2012-11-06 04:58 - 28020308 ____A C:\Users\James\Downloads\BitLord 2.2 Installer.exe
2012-11-06 04:54 - 2012-11-06 04:54 - 00180992 ____A C:\Users\James\Downloads\pdfescape free pdf editor.exe
2012-11-02 11:56 - 2012-11-02 11:55 - 07265793 ____A C:\Users\James\Downloads\121102-145143.wmv
2012-10-29 12:09 - 2012-10-29 12:09 - 00000000 ____D C:\Users\James\Downloads\dir601_FW_102NA
2012-10-29 12:08 - 2012-10-29 12:08 - 03444865 ____A C:\Users\James\Downloads\dir601_FW_102NA.zip
2012-10-29 10:00 - 2012-05-03 08:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-29 03:55 - 2011-03-07 16:15 - 00000000 ____D C:\Users\James\AppData\Roaming\Hewlett-Packard
2012-10-29 03:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2012-10-29 03:44 - 2012-10-29 03:42 - 00000000 ____D C:\Users\James\AppData\Roaming\hpqLog
2012-10-29 03:43 - 2010-07-21 05:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-10-29 03:43 - 2010-07-21 05:14 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-10-29 03:41 - 2012-10-29 03:41 - 00000000 ____D C:\Users\James\AppData\Roaming\WinBatch
2012-10-26 13:36 - 2012-10-26 13:36 - 00000000 ____D C:\Program Files\iTunes
2012-10-26 13:36 - 2012-10-26 13:36 - 00000000 ____D C:\Program Files\iPod
2012-10-26 13:36 - 2012-10-26 13:36 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-10-26 12:51 - 2012-10-26 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-26 11:26 - 2011-03-07 16:14 - 00000000 ____D C:\Users\James\AppData\Local\VirtualStore
2012-10-26 08:15 - 2012-10-26 08:15 - 00000000 ____D C:\Program Files (x86)\ASUS
2012-10-26 08:14 - 2012-10-26 08:12 - 00000000 ____D C:\Users\James\AppData\Local\Akamai
2012-10-23 08:42 - 2011-03-09 09:18 - 00000000 ____D C:\Users\James\Documents\Mortgages
2012-10-18 10:25 - 2012-11-28 07:24 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-10-17 10:06 - 2011-03-09 12:14 - 00043008 ____A C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-16 12:23 - 2011-03-09 08:11 - 00768418 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-10-16 12:19 - 2012-06-21 09:55 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-10-16 12:19 - 2012-06-21 09:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-10-16 12:19 - 2011-03-09 08:13 - 00001945 ____A C:\Windows\epplauncher.mif
2012-10-15 10:43 - 2012-10-15 10:42 - 00894952 ____A (Oracle Corporation) C:\Users\James\Downloads\jxpiinstall.exe
2012-10-15 10:35 - 2012-10-15 10:35 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-10-15 10:35 - 2012-10-15 10:35 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-10-15 10:35 - 2012-10-15 10:35 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-10-15 10:35 - 2012-10-15 10:35 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-10-15 10:35 - 2012-10-15 10:35 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-10-15 10:35 - 2012-10-15 10:35 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-10-15 10:35 - 2012-10-15 10:35 - 00000000 ____D C:\Program Files\Java
2012-10-15 10:32 - 2012-10-15 10:31 - 32692200 ____A (Oracle Corporation) C:\Users\James\Downloads\jre-7u7-windows-x64.exe
2012-10-15 10:31 - 2012-06-21 07:58 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-15 10:31 - 2011-06-28 07:06 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-15 07:35 - 2012-10-15 07:35 - 00000000 ____D C:\Bentley
2012-10-12 04:04 - 2012-10-12 04:04 - 00019456 ___SH C:\Users\James\Documents\Thumbs.db
2012-10-11 12:54 - 2012-10-11 12:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-10-11 12:48 - 2012-10-11 12:48 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-10-11 12:48 - 2011-03-09 12:11 - 00000000 ____D C:\Program Files (x86)\Research In Motion
2012-10-09 10:17 - 2012-11-28 07:24 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-10-09 10:17 - 2012-11-28 07:24 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 09:40 - 2012-11-28 07:24 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-10-09 09:40 - 2012-11-28 07:24 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-10-08 04:19 - 2012-11-28 07:31 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-10-08 03:42 - 2012-11-28 07:31 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-10-08 03:31 - 2012-11-28 07:32 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-10-08 03:24 - 2012-11-28 07:32 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-10-08 03:23 - 2012-11-28 07:32 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-10-08 03:22 - 2012-11-28 07:32 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-10-08 03:22 - 2012-11-28 07:32 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-10-08 03:20 - 2012-11-28 07:32 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-10-08 03:18 - 2012-11-28 07:32 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-10-08 03:17 - 2012-11-28 07:32 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-10-08 03:17 - 2012-11-28 07:32 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-10-08 03:15 - 2012-11-28 07:32 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-10-08 03:15 - 2012-11-28 07:31 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-10-08 03:13 - 2012-11-28 07:32 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-10-08 03:13 - 2012-11-28 07:32 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-10-08 03:09 - 2012-11-28 07:32 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-10-08 00:28 - 2012-11-28 07:31 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-10-08 00:02 - 2012-11-28 07:31 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-10-07 23:56 - 2012-11-28 07:32 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-10-07 23:48 - 2012-11-28 07:32 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-10-07 23:48 - 2012-11-28 07:32 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-10-07 23:47 - 2012-11-28 07:32 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-10-07 23:46 - 2012-11-28 07:32 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-10-07 23:45 - 2012-11-28 07:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-10-07 23:44 - 2012-11-28 07:32 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-10-07 23:43 - 2012-11-28 07:32 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-10-07 23:43 - 2012-11-28 07:32 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-10-07 23:42 - 2012-11-28 07:32 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-10-07 23:41 - 2012-11-28 07:32 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-10-07 23:41 - 2012-11-28 07:31 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-10-07 23:40 - 2012-11-28 07:32 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-10-07 23:37 - 2012-11-28 07:32 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-10-03 09:56 - 2012-11-28 07:24 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-10-03 09:44 - 2012-11-28 07:24 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-10-03 09:44 - 2012-11-28 07:24 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-10-03 09:44 - 2012-11-28 07:24 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-10-03 09:44 - 2012-11-28 07:24 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-10-03 09:44 - 2012-11-28 07:24 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-10-03 09:42 - 2012-11-28 07:24 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-10-03 08:42 - 2012-11-28 07:24 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-10-03 08:42 - 2012-11-28 07:24 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-10-03 08:42 - 2012-11-28 07:24 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-10-03 08:07 - 2012-11-28 07:24 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-10-01 11:18 - 2012-10-01 11:18 - 00000000 ____D C:\Users\James\Tracing
2012-10-01 11:18 - 2012-10-01 10:50 - 00000000 ____D C:\Users\James\AppData\Local\Windows Live
2012-10-01 11:17 - 2010-07-21 05:44 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-10-01 11:16 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-10-01 10:50 - 2012-10-01 10:50 - 01239976 ____A (Microsoft Corporation) C:\Users\James\Downloads\wlsetup-web.exe
2012-10-01 09:13 - 2012-10-01 09:12 - 29546352 ____A (Microsoft Corporation) C:\Users\James\Downloads\LifeCam3.22.exe
2012-09-27 10:31 - 2012-09-27 10:31 - 00018944 ____A C:\Users\James\Downloads\BB letter.wps
2012-09-25 14:47 - 2012-11-28 07:23 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-09-25 14:46 - 2012-11-28 07:23 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-09-24 05:46 - 2012-09-24 05:46 - 13201760 ____A (Reagency Systems Corp. ) C:\Users\James\Downloads\easyOFFER_2012_ServicePack3.exe
2012-09-20 10:35 - 2011-03-09 09:19 - 00000000 ____D C:\Users\James\Documents\Shirley
2012-09-18 12:00 - 2011-03-09 09:19 - 00000000 ____D C:\Users\James\Documents\Palleschi
2012-09-17 10:41 - 2012-09-10 11:58 - 00000000 ____D C:\Users\James\Documents\SP 47
2012-09-17 07:36 - 2012-09-17 07:36 - 00098304 ____A C:\Users\James\Downloads\blackberry_reader.exe
2012-09-14 11:19 - 2012-10-16 11:48 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-16 11:48 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-13 04:32 - 2012-09-10 11:35 - 00000000 ____D C:\Users\James\Documents\Caledon West Landowners Group
2012-09-11 13:22 - 2011-03-07 16:57 - 00000000 ____D C:\Users\James\AppData\Local\Microsoft Help

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 5887.29 MB
Available physical RAM: 4998.2 MB
Total Pagefile: 5885.43 MB
Available Pagefile: 4981.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:687.07 GB) (Free:599.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (HP_RECOVERY) (Fixed) (Total:11.46 GB) (Free:1.4 GB) NTFS
3 Drive f: (Disc) (CDROM) (Total:0.07 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:0.98 GB) (Free:0.96 GB) FAT
10 Drive m: (LaCie) (Fixed) (Total:931.51 GB) (Free:870.56 GB) NTFS
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
12 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 2048 KB
Disk 1 Online 999 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 Online 931 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 106 MB 1024 KB
Partition 2 Primary 687 GB 109 MB
Partition 3 Primary 11 GB 687 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 106 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 687 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 11 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 999 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

Partitions of Disk 7:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

======================================================================================================

Disk: 7
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 M LaCie NTFS Partition 931 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-11-25 00:44

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:11 PM

Posted 05 December 2012 - 08:24 PM

Hello James Reed,

I see no sign of malware on the log. But we double check everything.

You have an old version of FRST. Please download latest Farbar Recovery Scan Tool and save it to a flash drive.
Run the tool in recovery mode and post the log it makes.

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:11 PM

Posted 05 December 2012 - 08:25 PM

post deleted

Edited by CatByte, 05 December 2012 - 09:02 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:11 PM

Posted 05 December 2012 - 08:39 PM

I see my good colleague CatByte and me simultaneously have replied to the topic, please disregard my post and follow the the post by my colleague. She will be assisting you.:)

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:11 PM

Posted 05 December 2012 - 09:01 PM

Hi again James Reed,

Looks I will be assisting as my colleague wanted it that way. Apologies for any confusion. Please follow my first post and post the log.

In addition please post the following logs, you may post them in consecutive posts if they couldn't fit one post.

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List Winsock Entries
    • List installed programs.
    • List Devices (only check the box and let the default radio button as it is).
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
  • Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


#6 James Reed

James Reed
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 06 December 2012 - 08:04 AM

Here's the updated Farbar scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2012
Ran by SYSTEM at 06-12-2012 07:59:39
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [VX1000] C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [648504 2008-05-16] (Pure Networks, Inc.)
HKLM-x32\...\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [451896 2008-05-21] (Pure Networks, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM-x32\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [374368 2012-04-15] (BillP Studios)
HKLM-x32\...\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\Genie-Soft\GBALite8LaCie\GBMAgent.exe [189056 2008-08-26] (Genie-soft)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
HKU\James\...\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\Genie-Soft\GBALite8LaCie\GBMAgent.exe [189056 2008-08-26] (Genie-soft)
HKU\James\...\Run: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-17] (Google Inc.)
HKU\James\...\Run: [Akamai NetSession Interface] "C:\Users\James\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [451904 2009-10-28] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 NitroDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe" [216072 2012-05-16] (Nitro PDF Software)

==================== Drivers (Whitelisted) =====================

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 PcaSp60; C:\Windows\SysWow64\Drivers\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-05 17:59 - 2012-12-05 17:59 - 00000000 ____D C:\Users\James\Downloads\mbar-1.01.0.1009
2012-12-05 17:57 - 2012-12-05 17:58 - 12961620 ____A C:\Users\James\Downloads\mbar-1.01.0.1009.zip
2012-12-05 12:21 - 2012-12-05 12:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-05 06:31 - 2012-12-05 06:31 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-12-05 06:31 - 2012-12-05 06:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-12-05 06:31 - 2012-12-05 06:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-05 06:31 - 2012-12-05 06:31 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-05 06:31 - 2012-12-05 06:31 - 00000000 ____D C:\Program Files (x86)\Java
2012-12-05 06:26 - 2012-12-05 06:29 - 31160808 ____A (Oracle Corporation) C:\Users\James\Downloads\jre-7u9-windows-i586.exe
2012-11-30 12:22 - 2012-11-30 12:24 - 13382144 ____A (Reagency Systems Corp. ) C:\Users\James\Downloads\easyOFFER_2013_g41km5l34fdfr.exe
2012-11-28 07:39 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-28 07:39 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-28 07:39 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-28 07:39 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-28 07:38 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-11-28 07:38 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-11-28 07:38 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-11-28 07:38 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2012-11-28 07:38 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2012-11-28 07:38 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-28 07:38 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-28 07:38 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-11-28 07:38 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-11-28 07:38 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2012-11-28 07:38 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-11-28 07:38 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-11-28 07:38 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-11-28 07:38 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-11-28 07:38 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2012-11-28 07:38 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-11-28 07:38 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2012-11-28 07:38 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-11-28 07:38 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-11-28 07:38 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-11-28 07:38 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-11-28 07:38 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-11-28 07:38 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-11-28 07:38 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-11-28 07:32 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-28 07:32 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-28 07:32 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-28 07:32 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-28 07:32 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-28 07:32 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-28 07:32 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-28 07:32 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-28 07:32 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-28 07:32 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-28 07:32 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-28 07:32 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-28 07:32 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-28 07:32 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-28 07:32 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-28 07:32 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-28 07:32 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-28 07:32 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-28 07:32 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-28 07:32 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-28 07:32 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-28 07:32 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-28 07:32 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-28 07:32 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-28 07:32 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-28 07:31 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-28 07:31 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-28 07:31 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-28 07:31 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-28 07:31 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-28 07:31 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-28 07:31 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-28 07:29 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-28 07:29 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-28 07:29 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-28 07:29 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-28 07:29 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-28 07:29 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-28 07:29 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-28 07:29 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-28 07:24 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-28 07:24 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-28 07:24 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-28 07:24 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-28 07:24 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-28 07:24 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-28 07:24 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-28 07:24 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-28 07:24 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-28 07:24 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-28 07:24 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-28 07:24 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-28 07:24 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-28 07:24 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-28 07:24 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-28 07:24 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-28 07:24 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-11-28 07:24 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-11-28 07:24 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-28 07:24 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-28 07:24 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-11-28 07:24 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-11-28 07:24 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-11-28 07:24 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-11-28 07:24 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-11-28 07:24 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-28 07:23 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-28 07:23 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-27 08:34 - 2012-11-27 08:34 - 00000218 ____A C:\Users\James\AppData\Local\recently-used.xbel
2012-11-13 14:29 - 2012-11-13 14:29 - 00000000 ____D C:\Users\James\AppData\Roaming\dvdcss
2012-11-13 12:56 - 2012-11-13 12:56 - 00000000 ____D C:\Program Files (x86)\BolehVPN
2012-11-13 12:54 - 2012-11-13 12:55 - 05969511 ____A C:\Users\James\Downloads\BolehVPNV2012b.exe
2012-11-06 05:10 - 2012-11-06 05:10 - 00000000 ____D C:\Users\James\AppData\Roaming\Nitro PDF
2012-11-06 05:10 - 2012-11-06 05:10 - 00000000 ____D C:\Users\James\AppData\Roaming\FileOpen
2012-11-06 05:09 - 2012-11-06 05:09 - 00000000 ____D C:\Program Files\Common Files\Nitro PDF
2012-11-06 05:09 - 2012-11-06 05:09 - 00000000 ____D C:\Program Files (x86)\Nitro PDF
2012-11-06 05:09 - 2012-05-16 12:32 - 00029704 ____A (Nitro PDF Software) C:\Windows\System32\nitrolocalmon2.dll
2012-11-06 05:09 - 2012-05-16 12:32 - 00017928 ____A (Nitro PDF Software) C:\Windows\System32\nitrolocalui2.dll
2012-11-06 05:08 - 2012-11-06 05:08 - 00000000 ____D C:\Users\James\AppData\Roaming\Downloaded Installations
2012-11-06 05:02 - 2012-11-13 13:09 - 00000000 ____D C:\Users\James\AppData\Roaming\BitLord
2012-11-06 05:02 - 2012-11-06 05:02 - 00000000 ____D C:\Users\James\AppData\Roaming\Python-Eggs
2012-11-06 05:01 - 2012-11-28 04:43 - 00000000 ____D C:\Users\James\Documents\BitLord
2012-11-06 05:01 - 2012-11-06 05:01 - 00000000 ____D C:\Program Files (x86)\BitLord 2
2012-11-06 04:58 - 2012-11-06 04:59 - 28020308 ____A C:\Users\James\Downloads\BitLord 2.2 Installer.exe
2012-11-06 04:54 - 2012-11-06 04:54 - 00180992 ____A C:\Users\James\Downloads\pdfescape free pdf editor.exe


==================== One Month Modified Files and Folders =======

2012-12-06 04:57 - 2010-07-21 05:16 - 01275169 ____A C:\Windows\WindowsUpdate.log
2012-12-06 04:54 - 2012-12-06 04:54 - 01461037 ____A (Farbar) C:\Users\James\Downloads\FRST64.exe
2012-12-06 04:54 - 2011-10-17 06:05 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153258332-1824824533-2043252731-1000UA.job
2012-12-06 04:54 - 2011-03-09 08:34 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-12-05 17:59 - 2012-12-05 17:59 - 00000000 ____D C:\Users\James\Downloads\mbar-1.01.0.1009
2012-12-05 17:58 - 2012-12-05 17:57 - 12961620 ____A C:\Users\James\Downloads\mbar-1.01.0.1009.zip
2012-12-05 13:31 - 2011-10-17 06:05 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153258332-1824824533-2043252731-1000Core.job
2012-12-05 13:17 - 2012-05-03 08:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-05 12:22 - 2012-12-05 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-05 09:52 - 2012-06-21 14:42 - 00000000 ____D C:\FRST
2012-12-05 07:03 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-05 07:03 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-05 07:01 - 2009-07-13 21:13 - 00782950 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-05 06:55 - 2012-07-03 11:11 - 00009902 ____A C:\Windows\setupact.log
2012-12-05 06:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-05 06:43 - 2011-03-14 06:09 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForJames.job
2012-12-05 06:31 - 2012-12-05 06:31 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-12-05 06:31 - 2012-12-05 06:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-12-05 06:31 - 2012-12-05 06:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-12-05 06:31 - 2012-12-05 06:31 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-12-05 06:31 - 2012-12-05 06:31 - 00000000 ____D C:\Program Files (x86)\Java
2012-12-05 06:31 - 2012-06-23 04:46 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-12-05 06:31 - 2011-03-22 11:09 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-12-05 06:29 - 2012-12-05 06:26 - 31160808 ____A (Oracle Corporation) C:\Users\James\Downloads\jre-7u9-windows-i586.exe
2012-12-05 05:01 - 2011-03-09 12:50 - 00000000 ____D C:\Users\James\AppData\Local\CutePDF Writer
2012-12-04 12:36 - 2011-03-07 16:14 - 00000000 ____D C:\users\James
2012-12-04 12:35 - 2011-03-14 06:08 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-12-04 12:33 - 2011-03-14 06:07 - 00000000 ____D C:\Users\James\AppData\Roaming\HP Support Assistant
2012-12-04 12:33 - 2011-03-09 08:03 - 00000000 ____D C:\Users\James\AppData\Roaming\HpUpdate
2012-12-03 08:30 - 2011-03-09 09:19 - 00000000 ____D C:\Users\James\Documents\Reed Realty
2012-11-30 13:12 - 2011-03-09 12:13 - 00008899 ____A C:\Users\James\AppData\Roaming\Rim.Desktop.Exception.log
2012-11-30 12:29 - 2011-03-22 04:32 - 00001952 ____A C:\Users\Public\Desktop\easyOFFER.lnk
2012-11-30 12:24 - 2012-11-30 12:22 - 13382144 ____A (Reagency Systems Corp. ) C:\Users\James\Downloads\easyOFFER_2013_g41km5l34fdfr.exe
2012-11-30 07:00 - 2011-03-07 16:15 - 00000544 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2012-11-28 09:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-28 07:58 - 2011-03-07 16:14 - 00116768 ____A C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-28 07:57 - 2009-07-13 20:45 - 02359992 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-28 07:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-28 07:29 - 2011-03-09 12:47 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-28 07:28 - 2009-07-13 18:34 - 00000589 ____A C:\Windows\win.ini
2012-11-28 04:43 - 2012-11-06 05:01 - 00000000 ____D C:\Users\James\Documents\BitLord
2012-11-27 08:35 - 2011-08-10 11:28 - 00000000 ____D C:\Users\James\AppData\Roaming\vlc
2012-11-27 08:34 - 2012-11-27 08:34 - 00000218 ____A C:\Users\James\AppData\Local\recently-used.xbel
2012-11-27 04:46 - 2011-03-09 09:18 - 00000000 ____D C:\Users\James\Documents\Northwest Brampton
2012-11-26 05:11 - 2011-03-09 09:35 - 00000000 ____D C:\Users\James\Documents\James
2012-11-26 04:45 - 2011-03-10 05:42 - 00000000 ____D C:\Users\James\AppData\Roaming\Skype
2012-11-15 05:10 - 2011-03-09 09:57 - 00000000 ____D C:\Users\James\Documents\Real Estate
2012-11-13 14:29 - 2012-11-13 14:29 - 00000000 ____D C:\Users\James\AppData\Roaming\dvdcss
2012-11-13 13:09 - 2012-11-06 05:02 - 00000000 ____D C:\Users\James\AppData\Roaming\BitLord
2012-11-13 12:56 - 2012-11-13 12:56 - 00000000 ____D C:\Program Files (x86)\BolehVPN
2012-11-13 12:55 - 2012-11-13 12:54 - 05969511 ____A C:\Users\James\Downloads\BolehVPNV2012b.exe
2012-11-13 07:54 - 2011-03-09 09:19 - 00000000 ____D C:\Users\James\Documents\12 Holdco
2012-11-06 05:10 - 2012-11-06 05:10 - 00000000 ____D C:\Users\James\AppData\Roaming\Nitro PDF
2012-11-06 05:10 - 2012-11-06 05:10 - 00000000 ____D C:\Users\James\AppData\Roaming\FileOpen
2012-11-06 05:09 - 2012-11-06 05:09 - 00000000 ____D C:\Program Files\Common Files\Nitro PDF
2012-11-06 05:09 - 2012-11-06 05:09 - 00000000 ____D C:\Program Files (x86)\Nitro PDF
2012-11-06 05:08 - 2012-11-06 05:08 - 00000000 ____D C:\Users\James\AppData\Roaming\Downloaded Installations
2012-11-06 05:02 - 2012-11-06 05:02 - 00000000 ____D C:\Users\James\AppData\Roaming\Python-Eggs
2012-11-06 05:01 - 2012-11-06 05:01 - 00000000 ____D C:\Program Files (x86)\BitLord 2
2012-11-06 04:59 - 2012-11-06 04:58 - 28020308 ____A C:\Users\James\Downloads\BitLord 2.2 Installer.exe
2012-11-06 04:54 - 2012-11-06 04:54 - 00180992 ____A C:\Users\James\Downloads\pdfescape free pdf editor.exe


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-15 05:03:46
Restore point made on: 2012-11-19 04:41:34
Restore point made on: 2012-11-22 04:50:57
Restore point made on: 2012-11-26 05:02:12
Restore point made on: 2012-11-28 07:27:56
Restore point made on: 2012-12-02 18:30:17
Restore point made on: 2012-12-05 06:30:47

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 5887.29 MB
Available physical RAM: 4995.61 MB
Total Pagefile: 5885.43 MB
Available Pagefile: 4980.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:687.07 GB) (Free:598.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (HP_RECOVERY) (Fixed) (Total:11.46 GB) (Free:1.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (Disc) (CDROM) (Total:0.07 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:0.98 GB) (Free:0.96 GB) FAT
10 Drive m: (LaCie) (Fixed) (Total:931.51 GB) (Free:870.56 GB) NTFS
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
12 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 2048 KB
Disk 1 Online 999 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 Online 931 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 106 MB 1024 KB
Partition 2 Primary 687 GB 109 MB
Partition 3 Primary 11 GB 687 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 106 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 687 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 11 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 999 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Partitions of Disk 7:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

==================================================================================

Disk: 7
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 M LaCie NTFS Partition 931 GB Healthy

=========================================================

Last Boot: 2012-12-05 10:31

==================== End Of Log =============================

#7 James Reed

James Reed
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 06 December 2012 - 08:09 AM

And the minitoolbox results:

MiniToolBox by Farbar Version: 25-11-2012
Ran by James (administrator) on 06-12-2012 at 08:09:04
Running from "C:\Users\James\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

=========================== Installed Programs ============================

3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Akamai NetSession Interface
AMD USB Filter Driver (Version: 1.0.14.91)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ASUS RT-N16 Wireless Router Utilities (Version: 4.1.3.5)
ATI Catalyst Install Manager (Version: 3.0.762.0)
BBSAK (Version: 1.9.11)
Bentley Geo Web Publisher Map Viewer V8i (SELECTseries 1) (Version: 08.11.07.51)
BitLord 2.2 (Version: 2.2.1-150)
BlackBerry Desktop Software 6.0.2 (Version: 6.0.2.42)
BlackBerry Device Manager 7.0 (Version: 7.0.0.40)
BlackBerry Device Software Updater (Version: 6.0.1.37)
BlackBerry Device Software v7.0.0 for the BlackBerry 9900 smartphone (Version: 7.0.0.261 (Platform 5.0.0.464))
BolehVPN (Version: 2.0.12)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-8460N (Version: 1.0.0.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0202.2335.42270)
Catalyst Control Center Graphics Full Existing (Version: 2010.0202.2335.42270)
Catalyst Control Center Graphics Full New (Version: 2010.0202.2335.42270)
Catalyst Control Center Graphics Light (Version: 2010.0202.2335.42270)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0202.2335.42270)
Catalyst Control Center InstallProxy (Version: 2010.0202.2335.42270)
Catalyst Control Center Localization All (Version: 2010.0202.2335.42270)
ccc-core-static (Version: 2010.0202.2335.42270)
ccc-utility64 (Version: 2010.0202.2335.42270)
CCC Help Chinese Standard (Version: 2010.0202.2334.42270)
CCC Help Chinese Traditional (Version: 2010.0202.2334.42270)
CCC Help Czech (Version: 2010.0202.2334.42270)
CCC Help Danish (Version: 2010.0202.2334.42270)
CCC Help Dutch (Version: 2010.0202.2334.42270)
CCC Help English (Version: 2010.0202.2334.42270)
CCC Help Finnish (Version: 2010.0202.2334.42270)
CCC Help French (Version: 2010.0202.2334.42270)
CCC Help German (Version: 2010.0202.2334.42270)
CCC Help Greek (Version: 2010.0202.2334.42270)
CCC Help Hungarian (Version: 2010.0202.2334.42270)
CCC Help Italian (Version: 2010.0202.2334.42270)
CCC Help Japanese (Version: 2010.0202.2334.42270)
CCC Help Korean (Version: 2010.0202.2334.42270)
CCC Help Norwegian (Version: 2010.0202.2334.42270)
CCC Help Polish (Version: 2010.0202.2334.42270)
CCC Help Portuguese (Version: 2010.0202.2334.42270)
CCC Help Russian (Version: 2010.0202.2334.42270)
CCC Help Spanish (Version: 2010.0202.2334.42270)
CCC Help Swedish (Version: 2010.0202.2334.42270)
CCC Help Thai (Version: 2010.0202.2334.42270)
CCC Help Turkish (Version: 2010.0202.2334.42270)
CCleaner (Version: 3.19)
CutePDF Writer 2.8
D3DX10 (Version: 15.4.2368.0902)
easyOFFER 2011 TREB (Version: 1.08.2011.1)
easyOFFER 2011 TREB SP-1 (Version: 1.08.2011.2)
easyOFFER 2011 TREB SP-2 (Version: 1.08.2011.3)
easyOFFER 2011 TREB SP-2a (Version: 1.08.2011.4)
easyOFFER 2012 (Version: 1.08.2012.0)
easyOFFER 2012 SP-1 (Version: 1.08.2012.3)
easyOFFER 2012 SP-2 (Version: 1.08.2012.4)
easyOFFER 2012 SP-3 (Version: 1.08.2012.6)
easyOFFER 2013 (Version: 1.08.2014.0)
ESET Online Scanner v3
FlipShare (Version: 4.1.4.50640)
Free DWG Viewer 7.0 (Version: 7.0.1)
Genie Backup Assistant
Google Calendar Sync
Google Chrome (Version: 23.0.1271.95)
Hardware Diagnostic Tools (Version: 6.0.5418.39)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Odometer (Version: 2.10.0000)
HP Setup (Version: 1.2.4048.3310)
HP Support Assistant (Version: 6.1.12.1)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.002.003.003)
IMAPSize 0.3.7
iTunes (Version: 10.7.0.21)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
LightScribe System Software (Version: 1.18.11.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network Magic (Version: 4.9.8225.0)
Nitro Pro 7 (Version: 7.4.1.1)
PDF Settings (Version: 1.0)
Photo Common (Version: 16.4.3503.0728)
PictureMover (Version: 3.3.1.19)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PowerISO (Version: 4.6)
Pure Networks Platform (Version: 10.2.8216.0)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
Recovery Manager (Version: 5.5.2719)
Remove on Reboot Shell Extension
Skype™ 5.10 (Version: 5.10.116)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.4 (Version: 2.0.4)
Windows Live Communications Platform (Version: 16.4.3503.0728)
Windows Live Essentials (Version: 16.4.3503.0728)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3503.0728)
Windows Live Messenger (Version: 16.4.3503.0728)
Windows Live Photo Common (Version: 16.4.3503.0728)
Windows Live PIMT Platform (Version: 16.4.3503.0728)
Windows Live SOXE (Version: 16.4.3503.0728)
Windows Live SOXE Definitions (Version: 16.4.3503.0728)
Windows Live UX Platform (Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (Version: 16.4.3503.0728)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinPatrol (Version: 24.6.2012)
WinRAR 4.00 beta 7 (64-bit) (Version: 4.00.7)

========================= Devices: ================================


**** End of log ****

#8 James Reed

James Reed
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 06 December 2012 - 08:12 AM

And finally, the FSS scan results:

Farbar Service Scanner Version: 04-12-2012
Ran by James (administrator) on 06-12-2012 at 08:11:23
Running from "C:\Users\James\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#9 James Reed

James Reed
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 06 December 2012 - 08:15 AM

I thought I'd add in a screen shot of MSE, showing the Java exploits and trojans that are "apparently" in quarantine in MSE.

Attached Files



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:11 PM

Posted 06 December 2012 - 12:49 PM

The logs seems all clean.

I see on the screen shot of MSE that all those files are detected on the same date and at the same time. I suspect those files where the moved/quarantined files from the previous infection in Julie that are now detected during a scan. To make sure we need the log with the full path to the files. If it is indeed the detection during a can you can find the logs here:

Go to Start => run (or Windows key+R), copy and paste the following in the run box and click OK:

"C:\ProgramData\Microsoft\Microsoft Antimalware\Support"

You will find MPLogxxxxxxxx.log, the log we need is from 6/12/2012 8:12 AM

#11 James Reed

James Reed
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 07 December 2012 - 08:05 AM

Here's the log, it is quite long! So it will be in a few replies.


--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎06‎-‎21‎-‎2012 13:56:04
************************************************************
2012-06-21T17:56:04.224Z Trace session started - MpWppTracing-06212012-135604-00000003-ffffffff.bin**********Cache stats************

************************************************************

2012-06-21T18:01:56.537Z DETECTIONEVENT Trojan:Win64/Sirefef file:C:\Windows\Installer\{7b32fa07-9f12-0a26-5f0d-7bd31a7a3648}\U\00000001.@;


This one is from June. I removed the rest of the log.

Farbar

Edited by Farbar, 07 December 2012 - 08:34 AM.
Removed post


#12 James Reed

James Reed
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 07 December 2012 - 08:08 AM

Sorry, this was another day MSE log.

Edited by James Reed, 07 December 2012 - 08:11 AM.


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:11 PM

Posted 07 December 2012 - 01:51 PM

I edited you previous post too.

#14 James Reed

James Reed
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 07 December 2012 - 03:11 PM

My bad, I got the dates mixed up. Hopefully this is it!


Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎12‎-‎06‎-‎2012 08:01:51
************************************************************
2012-12-06T13:01:51.006Z Trace session started - MpWppTracing-12062012-080151-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96938
Each Bucket has max capacity of -> 1 entries
number of Entries is 79555
Number of invalid entries is 0
Number of Inserts issued is 470136
Number of replaces issued is 0
Number of Insert failures is 15514
Number of lookups is 5424431
Number of misses is 3366230
Number of false fast lookups is 510815
Number of invalidations is 7699
Number of maintenance invalidations is 26311
Current File Size is 2330624
Journal ID = 1cb2a2ec4bf0d36
Trusted image state = 1 USN = 0
Setup boot count = 0

2012-12-06T13:01:52.269Z Verifying RTP plugin...
2012-12-06T13:01:52.363Z verified!
2012-12-06T13:01:53.080Z Verifying Nis plugin...
2012-12-06T13:01:53.080Z verified!
2012-12-06T13:01:53.190Z Initializing Nis plugin state...
2012-12-06T13:01:53.190Z Nis initialized!
2012-12-06T13:01:53.190Z Loading engine...
2012-12-06T13:01:53.283Z Verifying engine and signature files (source: 1) ...
2012-12-06T13:01:53.424Z verified!
2012-12-06T13:02:02.284Z Initializing SQM in engine...
2012-12-06T13:02:02.284Z SQM initialized in the engine successfully
2012-12-06T13:02:02.924Z CSignatureStatus: back to good
2012-12-06T13:02:02.924Z Initializing RTP plugin state...
2012-12-06T13:02:02.924Z initialized!
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:860
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:7
TotalStreamCon:732
TotalBitmap:101120
NTFS Cache Statistics:
TotalMisses:1901
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0

**************************END RTP Perf Log*************************




2012-12-06T13:02:02.924Z loaded!
2012-12-06T13:02:03.236Z Verifying license file...
2012-12-06T13:02:03.236Z verified!
2012-12-06T13:02:03.236Z Product supports installmode: 1
2012-12-06T13:02:03.408Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-12-06T13:02:04.172Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.1.522.0
Service Version: 4.1.522.0
Engine Version: 1.1.9002.0
AS Signature Version: 1.141.1118.0
AV Signature Version: 1.141.1118.0
************************************************************
2012-12-06T13:02:07.464Z WAT report: machine genuine, state(1) error(0x0)
2012-12-06T13:03:09.922Z Process scan (poststartupscan) started.
2012-12-06T13:03:16.349Z Process scan (poststartupscan) completed.
2012-12-06T13:05:06.373Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-12-06T13:05:06.389Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Begin Resource Scan
Scan ID:{F4ED9467-EF69-4414-BE1B-0886A55669DD}
Scan Source:7
Start Time:‎12‎-‎06‎-‎2012 08:05:51
End Time:‎12‎-‎06‎-‎2012 08:06:01
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\James\Downloads\MiniToolBox.exe
Explicit resource to scan
Resource Schema:webfile
Resource Path:C:\Users\James\Downloads\MiniToolBox.exe|http://download.bleepingcomputer.com/dl/f1e1f06c927773377f7daf74b53966ed/50c0981e/windows/security/security-utilities/m/minitoolbox/MiniToolBox.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\James\Downloads\MiniToolBox.exe:Zone.Identifier
Extended Info:35874746033117
End Scan
************************************************************

Begin Resource Scan
Scan ID:{54EAF276-1496-44FB-A832-3226FA35A923}
Scan Source:7
Start Time:‎12‎-‎06‎-‎2012 08:10:12
End Time:‎12‎-‎06‎-‎2012 08:10:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\James\Downloads\FSS.exe
Explicit resource to scan
Resource Schema:webfile
Resource Path:C:\Users\James\Downloads\FSS.exe|http://download.bleepingcomputer.com/dl/1d6c1e0b9fe0645fcb32d91b48e61033/50c09925/windows/security/security-utilities/f/farbar-service-scanner/FSS.exe
Result Count:1
Unknown File
Identifier:6995154202817200126
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\James\Downloads\FSS.exe
Extended Info:0
Resource Schema:webfile
Resource Path:C:\Users\James\Downloads\FSS.exe|http://download.bleepingcomputer.com/dl/1d6c1e0b9fe0645fcb32d91b48e61033/50c09925/windows/security/security-utilities/f/farbar-service-scanner/FSS.exe
Extended Info:0
End Scan
************************************************************

2012-12-06T13:10:31.666Z Task(SpyNetService -RestrictPrivileges -AccessKey 9D98433F-56CD-4169-239D-CCA81DE6E6F6) launched
DSS Timeout:Received results after timeout
2012-12-06T13:12:04.176Z AutoPurgeWorker triggered with dwWork=0x3
2012-12-06T13:12:04.176Z Product supports installmode: 1
2012-12-06T13:12:04.176Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-12-06T13:12:04.269Z WAT report: machine genuine, state(1) error(0x0)
2012-12-06T13:12:04.566Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-12-06T13:12:04.566Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 64714026(ms)
2012-12-06T13:12:08.247Z Detection State: Finished(1) Failed(0) CriticalFailed(0) Additional Actions(0)

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:11 PM

Posted 07 December 2012 - 05:34 PM

The date is the right date but the time should be around 8:12 AM .

Anyway we will do a scan to make sure:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista and Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats and the option Scan archives are checked.
  • Now click on Advanced Settings and select the following:
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this may take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESET and save it to your desktop.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users