PDA

View Full Version : Malware attack. Some progress made.



nextari
2012-12-07, 03:41
Hi,
This is an updated request for assistance in identifying remaining malware after perfoming some registry edits and removing several malware infections. No one has responded to my initial post from Sunday. My main concern is if there are any back doors open in the system presently or anything remaining that I'm not seeing.

I'm cleaning up the system for an SSD install. (2nd drive on HP dv7t-6000 / Win7) Any further suggestions before doing an SSD (w/HDD) install will be greatly appreciated.

Avast scan, Malwarebytes, and Kaspersky Virus Removal Tool 2011 (updated) found nothing even before I succeded in removing the threats.

Kaspersky Security Scan 2.0 says no malware on system, however lists 8 vulnerabilities, and 10 other issues. I will post them below after the requested logs.

I have sent the spybot scan results as an attached jpeg just in case, I hope that is not a waste of forum resources.

Should I go ahead with the SSD install at this point, or are there vulnerabilities remaining?

Thank You!

Malware removed:
process named: is-UEUMC.tmp 2128k (nothing on Google about that one)
MAsetupCleaner.exe 24kb in Windows\SysWOW84 (I deleted it, before it ever ran I believe)
Snap.do seems to be gone, terrible.
Easybits
WildTangent
magicdesktop
yontoo
"Wild search results",

and finally,
Anti-phishing Domain Advisor\visicom_antiphishing.exe by Panda was bundled with something and installed. I was continually getting warnings
that it was blocking 4 trojans >>
1) URL: xhttp://urlfilter.vmn.net/vmnsbf/data/121118112548-m.zip|121118112548-m.list (x added to disable the link)
PROCESS: C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
INFECTION: JS:ScriptSH-inf [Trj]
also, 2 more same as above with, 121114080835, 121205002101
and one same as above with 121125002847 / INFECTION: HTML:Redirector-AE [Trj]

So I uninstalled visicom_antiphishing.exe by Panda and warnings stopped, as was suggested somewhere. But does this mean they are gone/ were never an actual threat?

LOGS:
-----------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by wave at 17:31:28 on 2012-12-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3008 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\solr\solr.exe
C:\ColdFusion9DotNetService\CFDotNetsvc.exe
C:\JRun4\jre\bin\java.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe
C:\ColdFusion9DotNetService\JNBDotNetSide.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swsoc.exe
C:\JRun4\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
C:\Users\wave\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\JRun4\bin\jrunsvc.exe
C:\JRun4\bin\jrunsvc.exe
C:\JRun4\bin\jrun.exe
C:\JRun4\bin\jrun.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\JRun4\verity\k2\_nti40\bin\k2server.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\JRun4\verity\k2\_nti40\bin\k2index.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/search?tbs=qdr:y&q=%s/
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy

2\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Google Update] "C:\Users\wave\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
uRun: [googletalk] C:\Users\wave\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\wave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files

(x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft

\TotalMedia Backup\uBBMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live

\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search &

Destroy 2\SDHelper.dll
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1F750F3B-7B35-4A24-AFF4-484A5896A2C1} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\2456C6B696E6F574F505C65737F5D494D4F4F5738353030303 :

DHCPNameServer = 192.168.2.1
TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\77962756C6563737 : DHCPNameServer = 68.87.76.178 68.87.78.130
TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\A41636B6965602B456277796E672370296D41636 : DHCPNameServer =

10.0.2.1
TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\A41667162456163686F4E6C696E656 : DHCPNameServer = 68.94.156.1

68.94.157.1
TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\E4544574541425 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9A9CF931-2FA3-409F-9217-08A4E0D2FDD4} : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\3416665602D41646279646023223 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\35D464 : DHCPNameServer = 206.13.28.12 206.13.31.12
TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\742716E64694D60756279616C684F64756C6 : DHCPNameServer =

192.168.0.1 205.171.3.25
TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\A41667162456163686F4E6C696E656 : DHCPNameServer = 68.94.156.1

68.94.157.1
TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\B496E64644F6C6078696E6 : DHCPNameServer = 192.168.0.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.google.com
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass

2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass

\LPBar64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-9-19 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-9-19 370288]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-7-27 89600]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-9-19 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-9-19 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-6 44808]
R2 CF9Solr;ColdFusion 9 Solr Service;C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\solr\solr.exe -zglaxservice CF9Solr

--> C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\solr\solr.exe -zglaxservice CF9Solr [?]
R2 ColdFusion 9 .NET Service;ColdFusion 9 .NET Service;C:\ColdFusion9DotNetService\CFDotNetsvc.exe [2012-3-9 77824]
R2 ColdFusion 9 ODBC Agent;ColdFusion 9 ODBC Agent;C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db

\slserver54\bin\swagent.exe "ColdFusion 9 ODBC Agent" --> C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db

\slserver54\bin\swagent.exe ColdFusion 9 ODBC Agent [?]
R2 ColdFusion 9 ODBC Server;ColdFusion 9 ODBC Server;C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db

\slserver54\bin\swstrtr.exe "ColdFusion 9 ODBC Server" --> C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db

\slserver54\bin\swstrtr.exe ColdFusion 9 ODBC Server [?]
R2 ColdFusion 9 Search Server;ColdFusion 9 Search Server;C:\JRun4\verity\k2\_nti40\bin\k2admin.exe [2012-3-9 3677616]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4

822624]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework

\HPSA_Service.exe [2011-6-21 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-1-26 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

[2011-9-29 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-7-27 2413056]
R2 Macromedia JRun Admin Server;Macromedia JRun Admin Server;C:\JRun4\bin\jrunsvc.exe [2012-3-9 68096]
R2 Macromedia JRun CFusion Server;Macromedia JRun CFusion Server;C:\JRun4\bin\jrunsvc.exe [2012-3-9 68096]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-1 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-1 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-1

168384]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine

Components\UNS\UNS.exe [2011-9-29 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15

1071160]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-29 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-7-27 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-7-27 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-29 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-29 428136]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1

219496]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KSS;Kaspersky Security Scan Service;"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" -r --> C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8

299008]
S3 arusb_win7x;Service For TP-LINK Wireless N Adapter;C:\Windows\System32\drivers\arusb_win7x.sys [2011-10-5 769024]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-6-6 24176]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-12-06 22:09:34 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C085EF62-D234-4B48-

B06C-0C1260A230E2}\mpengine.dll
2012-12-06 22:03:59 -------- d-----w- C:\Device
2012-12-06 17:26:47 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-12-06 04:44:09 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-12-06 04:42:35 460888 ----a-w- C:\Windows\System32\drivers\32267774.sys
2012-12-05 05:14:07 110080 ----a-r- C:\Users\wave\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-

33C85B24E478}\IconF7A21AF7.exe
2012-12-05 05:14:07 110080 ----a-r- C:\Users\wave\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-

33C85B24E478}\IconD7F16134.exe
2012-12-05 05:14:07 110080 ----a-r- C:\Users\wave\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-

33C85B24E478}\Icon1226A4C5.exe
2012-12-05 05:14:06 -------- d-----w- C:\sh4ldr
2012-12-05 05:14:06 -------- d-----w- C:\Program Files\Enigma Software Group
2012-12-05 05:13:20 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-12-05 05:13:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-12-04 14:02:44 -------- d-----w- C:\Temp
2012-12-04 13:56:04 -------- d-----w- C:\Users\wave\AppData\Local\Samsung
2012-12-04 13:56:01 -------- d-----w- C:\Users\wave\AppData\Roaming\Samsung
2012-12-04 13:53:42 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-12-04 13:52:44 -------- d-----w- C:\ProgramData\Samsung
2012-12-04 13:52:44 -------- d-----w- C:\Program Files (x86)\Samsung
2012-12-04 13:44:06 -------- d-----w- C:\Users\wave\AppData\Local\Downloaded Installations
2012-12-02 05:53:34 388096 ----a-r- C:\Users\wave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-

12FCBA4883D7}\HiJackThis.exe
2012-12-02 05:53:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-12-02 05:05:14 -------- d-----w- C:\Users\wave\AppData\Roaming\GlarySoft
2012-12-02 05:05:13 -------- d-----w- C:\Program Files (x86)\Glary Utilities
2012-12-02 04:16:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-12-02 04:15:43 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-12-02 04:15:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-12-02 02:56:14 -------- d-----w- C:\Program Files (x86)\Wild Tangent Removal Tool
2012-12-02 01:50:31 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-12-02 01:49:23 -------- d-----w- C:\Program Files\iPod
2012-12-02 01:49:22 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-02 01:49:22 -------- d-----w- C:\Program Files\iTunes
2012-12-02 01:49:22 -------- d-----w- C:\Program Files (x86)\iTunes
2012-11-20 16:15:56 -------- d-----w- C:\Program Files\CCleaner
2012-11-20 06:15:44 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-20 06:15:43 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-20 06:15:43 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-20 06:15:43 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-20 06:08:24 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-11-20 06:07:55 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-20 06:07:55 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-20 06:07:53 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-20 06:07:53 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-20 06:07:49 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-20 06:07:49 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-20 06:07:48 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-20 06:07:11 385024 ----a-w- C:\Windows\System32\CNMLMAA.DLL
2012-11-20 06:05:32 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-11-20 06:05:32 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-11-20 06:05:32 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 06:05:32 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-20 06:05:31 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-20 06:05:31 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-20 06:05:31 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-11-20 06:05:31 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-11-20 06:05:31 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-11-20 01:00:00 -------- d-s---w- C:\Users\wave\Google Drive
2012-11-19 18:56:38 -------- d-----w- C:\Users\wave\AppData\Roaming\Malwarebytes
2012-11-19 18:56:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-19 18:55:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-19 18:55:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-15 23:35:09 -------- d-----w- C:\Users\wave\AppData\Roaming\NoteTab Light
2012-11-15 23:34:41 -------- d-----w- C:\Program Files (x86)\NoteTab Light
.
==================== Find3M ====================
.
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 22:02:34 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 22:02:34 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-08 22:02:22 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-28 17:32:56 5989776 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-09-28 17:32:56 53760 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-20 07:05:33 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-20 07:05:33 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 17:31:53.92 ===============

=====================================================================================
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-06 17:34:33
-----------------------------
17:34:33.621 OS Version: Windows x64 6.1.7601 Service Pack 1
17:34:33.621 Number of processors: 4 586 0x2A07
17:34:33.622 ComputerName: WAVE-HP UserName: wave
17:34:35.108 Initialize success
17:34:35.250 AVAST engine defs: 12120602
17:34:44.071 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:34:44.074 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
17:34:44.096 Disk 0 MBR read successfully
17:34:44.099 Disk 0 MBR scan
17:34:44.104 Disk 0 Windows 7 default MBR code
17:34:44.112 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:34:44.124 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462036 MB offset 409600
17:34:44.156 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14600 MB offset 946659328
17:34:44.174 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
17:34:44.180 Disk 0 scanning C:\Windows\system32\drivers
17:34:53.458 Service scanning
17:35:13.318 Modules scanning
17:35:13.331 Disk 0 trace - called modules:
17:35:13.359 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
17:35:13.365 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006836060]
17:35:13.373 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa80066fab10]
17:35:13.381 5 hpdskflt.sys[fffff88001d97189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80065f4050]
17:35:14.256 AVAST engine scan C:\Windows
17:35:15.715 AVAST engine scan C:\Windows\system32
17:37:00.974 AVAST engine scan C:\Windows\system32\drivers
17:37:09.316 AVAST engine scan C:\Users\wave
17:50:05.405 AVAST engine scan C:\ProgramData
17:51:41.512 Disk 0 MBR has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\MBR.dat"
17:51:41.522 The log file has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\aswMBR.txt"
17:52:56.327 Scan finished successfully
18:08:24.534 Disk 0 MBR has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\MBR.dat"
18:08:24.542 The log file has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\aswMBR.txt"
18:08:36.554 Disk 0 MBR has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\MBR.dat"
18:08:36.562 The log file has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\aswMBR.txt"
18:08:43.264 Disk 0 MBR has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\MBR.dat"
18:08:43.274 The log file has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\aswMBR1.txt"

-----------------------------------------------------------------------------------
"Kapersky Security Scan 2.0" Results below

Vulnerabilities (8)
Information about applications and operating system components in which vulnerabilities have been detected.
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc-cache-gen.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll
C:\Windows\SysWOW64\msxml4.dll
C:\Windows\SysWOW64\Adobe\Shockwave 11\SwInit.exe
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

Other issues (10)
Information about vulnerabilities associated with the settings of installed applications and the operating system.
"Autorun from hard drives is allowed"
"Autorun from network drives is enabled"
"CD/DVD autorun is enabled"
"Removable media autorun is enabled"
"Microsoft Internet Explorer - disable caching data received via protected channel"
"Microsoft Internet Explorer: disable sending error reports"
"Microsoft Internet Explorer: clear the list of trusted domains"
"Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
"Microsoft Internet Explorer: enable cache autocleanup on browser closing"
"Microsoft Internet Explorer: start page reset"

Kapersky Security Scan Results above
-----------------------------------------------------------------------------------

shelf life
2012-12-09, 17:27
hi nextari,

DDS, aswMBR logs look ok. Spybot log looks like a bunch of logs and tracks that Windows creates and stores. Iam sure it can delete them also. Kapersky found possible exploits, looks like some things need updating. Autorun allows things to start automatically, like a malicious .exe off of a flash drive. I would disable it.


"Anti-phishing Domain Advisor\visicom_antiphishing.exe by Panda I was continually getting warnings
that it was blocking 4 trojans >>"

Possible false positives

nextari
2012-12-09, 20:51
Thank You very much, Shelf Life!

I have disabled "Autoplay" in "hardware and sound". I just read somewhere that for security, windows 7 has disabled autorun for flash drives.

Windows and my computer (HP dv7t) were already fully updated before scans.
Would this mean I should seek out specific driver (or other?) updates that were not automatic?

Happy Sunday to you!

Thank You!

shelf life
2012-12-09, 23:08
A good source for checking third party software is here. (http://secunia.com/) Outdated software like Java, Flash, Adobe etc are ripe for exploits. In fact, third party software has surpassed MS Windows at the top of the heap.