Results 1 to 4 of 4

Thread: Malware attack. Some progress made.

  1. #1
    Junior Member
    Join Date
    Dec 2012
    Posts
    15

    Default Malware attack. Some progress made.

    Hi,
    This is an updated request for assistance in identifying remaining malware after perfoming some registry edits and removing several malware infections. No one has responded to my initial post from Sunday. My main concern is if there are any back doors open in the system presently or anything remaining that I'm not seeing.

    I'm cleaning up the system for an SSD install. (2nd drive on HP dv7t-6000 / Win7) Any further suggestions before doing an SSD (w/HDD) install will be greatly appreciated.

    Avast scan, Malwarebytes, and Kaspersky Virus Removal Tool 2011 (updated) found nothing even before I succeded in removing the threats.

    Kaspersky Security Scan 2.0 says no malware on system, however lists 8 vulnerabilities, and 10 other issues. I will post them below after the requested logs.

    I have sent the spybot scan results as an attached jpeg just in case, I hope that is not a waste of forum resources.

    Should I go ahead with the SSD install at this point, or are there vulnerabilities remaining?

    Thank You!

    Malware removed:
    process named: is-UEUMC.tmp 2128k (nothing on Google about that one)
    MAsetupCleaner.exe 24kb in Windows\SysWOW84 (I deleted it, before it ever ran I believe)
    Snap.do seems to be gone, terrible.
    Easybits
    WildTangent
    magicdesktop
    yontoo
    "Wild search results",

    and finally,
    Anti-phishing Domain Advisor\visicom_antiphishing.exe by Panda was bundled with something and installed. I was continually getting warnings
    that it was blocking 4 trojans >>
    1) URL: xhttp://urlfilter.vmn.net/vmnsbf/data/121118112548-m.zip|121118112548-m.list (x added to disable the link)
    PROCESS: C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    INFECTION: JS:ScriptSH-inf [Trj]
    also, 2 more same as above with, 121114080835, 121205002101
    and one same as above with 121125002847 / INFECTION: HTML:Redirector-AE [Trj]

    So I uninstalled visicom_antiphishing.exe by Panda and warnings stopped, as was suggested somewhere. But does this mean they are gone/ were never an actual threat?

    LOGS:
    -----------------------------------------------------------------------------------
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455
    Run by wave at 17:31:28 on 2012-12-06
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3008 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\solr\solr.exe
    C:\ColdFusion9DotNetService\CFDotNetsvc.exe
    C:\JRun4\jre\bin\java.exe
    C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe
    C:\ColdFusion9DotNetService\JNBDotNetSide.exe
    C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe
    C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swsoc.exe
    C:\JRun4\verity\k2\_nti40\bin\k2admin.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
    C:\Users\wave\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\JRun4\bin\jrunsvc.exe
    C:\JRun4\bin\jrunsvc.exe
    C:\JRun4\bin\jrun.exe
    C:\JRun4\bin\jrun.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\JRun4\verity\k2\_nti40\bin\k2server.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\JRun4\verity\k2\_nti40\bin\k2index.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\wave\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/search?tbs=qdr:y&q=%s/
    mWinlogon: Userinit = C:\Windows\System32\userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

    \AcroIEHelperShim.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX

    \ewpexbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy

    2\SDHelper.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
    BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft

    Shared\Windows Live\WindowsLiveLogin.dll
    BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [Google Update] "C:\Users\wave\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
    uRun: [googletalk] C:\Users\wave\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    StartupFolder: C:\Users\wave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files

    (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft

    \TotalMedia Backup\uBBMonitor.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live

    \Writer\WriterBrowserExtension.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search &

    Destroy 2\SDHelper.dll
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{1F750F3B-7B35-4A24-AFF4-484A5896A2C1} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C} : DHCPNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\2456C6B696E6F574F505C65737F5D494D4F4F5738353030303 :

    DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\77962756C6563737 : DHCPNameServer = 68.87.76.178 68.87.78.130
    TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\A41636B6965602B456277796E672370296D41636 : DHCPNameServer =

    10.0.2.1
    TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\A41667162456163686F4E6C696E656 : DHCPNameServer = 68.94.156.1

    68.94.157.1
    TCP: Interfaces\{99B36FF0-3766-4AA9-8F52-5F58661B7D4C}\E4544574541425 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{9A9CF931-2FA3-409F-9217-08A4E0D2FDD4} : DHCPNameServer = 10.128.128.128
    TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\16474777966696 : DHCPNameServer = 192.168.5.1
    TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\3416665602D41646279646023223 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\35D464 : DHCPNameServer = 206.13.28.12 206.13.31.12
    TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\742716E64694D60756279616C684F64756C6 : DHCPNameServer =

    192.168.0.1 205.171.3.25
    TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\A41667162456163686F4E6C696E656 : DHCPNameServer = 68.94.156.1

    68.94.157.1
    TCP: Interfaces\{C9530C0B-B110-491C-8194-92982F728FF5}\B496E64644F6C6078696E6 : DHCPNameServer = 192.168.0.1 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

    \AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://www.google.com
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass

    2011\x64\IEBHO.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared

    \Windows Live\WindowsLiveLogin.dll
    x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass

    \LPBar64.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-9-19 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-9-19 370288]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-7-27 89600]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-9-19 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-9-19 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-6 44808]
    R2 CF9Solr;ColdFusion 9 Solr Service;C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\solr\solr.exe -zglaxservice CF9Solr

    --> C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\solr\solr.exe -zglaxservice CF9Solr [?]
    R2 ColdFusion 9 .NET Service;ColdFusion 9 .NET Service;C:\ColdFusion9DotNetService\CFDotNetsvc.exe [2012-3-9 77824]
    R2 ColdFusion 9 ODBC Agent;ColdFusion 9 ODBC Agent;C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db

    \slserver54\bin\swagent.exe "ColdFusion 9 ODBC Agent" --> C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db

    \slserver54\bin\swagent.exe ColdFusion 9 ODBC Agent [?]
    R2 ColdFusion 9 ODBC Server;ColdFusion 9 ODBC Server;C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db

    \slserver54\bin\swstrtr.exe "ColdFusion 9 ODBC Server" --> C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db

    \slserver54\bin\swstrtr.exe ColdFusion 9 ODBC Server [?]
    R2 ColdFusion 9 Search Server;ColdFusion 9 Search Server;C:\JRun4\verity\k2\_nti40\bin\k2admin.exe [2012-3-9 3677616]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4

    822624]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework

    \HPSA_Service.exe [2011-6-21 85560]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-1-26 30520]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    [2011-9-29 13592]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-7-27 2413056]
    R2 Macromedia JRun Admin Server;Macromedia JRun Admin Server;C:\JRun4\bin\jrunsvc.exe [2012-3-9 68096]
    R2 Macromedia JRun CFusion Server;Macromedia JRun CFusion Server;C:\JRun4\bin\jrunsvc.exe [2012-3-9 68096]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-1 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-1 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-1

    168384]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine

    Components\UNS\UNS.exe [2011-9-29 2656280]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15

    1071160]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-29 317440]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-7-27 91648]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-7-27 208896]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-29 338536]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-29 428136]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1

    219496]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-2-16 42392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

    \v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

    \Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 KSS;Kaspersky Security Scan Service;"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" -r --> C:\Program Files

    (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8

    299008]
    S3 arusb_win7x;Service For TP-LINK Wireless N Adapter;C:\Windows\System32\drivers\arusb_win7x.sys [2011-10-5 769024]
    S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
    S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-6-6 24176]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-8 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2012-12-06 22:09:34 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C085EF62-D234-4B48-

    B06C-0C1260A230E2}\mpengine.dll
    2012-12-06 22:03:59 -------- d-----w- C:\Device
    2012-12-06 17:26:47 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
    2012-12-06 04:44:09 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2012-12-06 04:42:35 460888 ----a-w- C:\Windows\System32\drivers\32267774.sys
    2012-12-05 05:14:07 110080 ----a-r- C:\Users\wave\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-

    33C85B24E478}\IconF7A21AF7.exe
    2012-12-05 05:14:07 110080 ----a-r- C:\Users\wave\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-

    33C85B24E478}\IconD7F16134.exe
    2012-12-05 05:14:07 110080 ----a-r- C:\Users\wave\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-

    33C85B24E478}\Icon1226A4C5.exe
    2012-12-05 05:14:06 -------- d-----w- C:\sh4ldr
    2012-12-05 05:14:06 -------- d-----w- C:\Program Files\Enigma Software Group
    2012-12-05 05:13:20 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
    2012-12-05 05:13:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-12-04 14:02:44 -------- d-----w- C:\Temp
    2012-12-04 13:56:04 -------- d-----w- C:\Users\wave\AppData\Local\Samsung
    2012-12-04 13:56:01 -------- d-----w- C:\Users\wave\AppData\Roaming\Samsung
    2012-12-04 13:53:42 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
    2012-12-04 13:52:44 -------- d-----w- C:\ProgramData\Samsung
    2012-12-04 13:52:44 -------- d-----w- C:\Program Files (x86)\Samsung
    2012-12-04 13:44:06 -------- d-----w- C:\Users\wave\AppData\Local\Downloaded Installations
    2012-12-02 05:53:34 388096 ----a-r- C:\Users\wave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-

    12FCBA4883D7}\HiJackThis.exe
    2012-12-02 05:53:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-12-02 05:05:14 -------- d-----w- C:\Users\wave\AppData\Roaming\GlarySoft
    2012-12-02 05:05:13 -------- d-----w- C:\Program Files (x86)\Glary Utilities
    2012-12-02 04:16:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-12-02 04:15:43 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2012-12-02 04:15:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2012-12-02 02:56:14 -------- d-----w- C:\Program Files (x86)\Wild Tangent Removal Tool
    2012-12-02 01:50:31 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-12-02 01:49:23 -------- d-----w- C:\Program Files\iPod
    2012-12-02 01:49:22 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-02 01:49:22 -------- d-----w- C:\Program Files\iTunes
    2012-12-02 01:49:22 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-11-20 16:15:56 -------- d-----w- C:\Program Files\CCleaner
    2012-11-20 06:15:44 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-20 06:15:43 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2012-11-20 06:15:43 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-20 06:15:43 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-20 06:08:24 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-11-20 06:07:55 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-20 06:07:55 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-20 06:07:53 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-20 06:07:53 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-20 06:07:49 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-20 06:07:49 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2012-11-20 06:07:48 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2012-11-20 06:07:11 385024 ----a-w- C:\Windows\System32\CNMLMAA.DLL
    2012-11-20 06:05:32 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-11-20 06:05:32 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-11-20 06:05:32 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 06:05:32 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-11-20 06:05:31 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-11-20 06:05:31 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-20 06:05:31 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-11-20 06:05:31 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-11-20 06:05:31 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
    2012-11-20 01:00:00 -------- d-s---w- C:\Users\wave\Google Drive
    2012-11-19 18:56:38 -------- d-----w- C:\Users\wave\AppData\Roaming\Malwarebytes
    2012-11-19 18:56:01 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-11-19 18:55:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-19 18:55:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-15 23:35:09 -------- d-----w- C:\Users\wave\AppData\Roaming\NoteTab Light
    2012-11-15 23:34:41 -------- d-----w- C:\Program Files (x86)\NoteTab Light
    .
    ==================== Find3M ====================
    .
    2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
    2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-08 22:02:34 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-08 22:02:34 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-08 22:02:22 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-28 17:32:56 5989776 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2012-09-28 17:32:56 53760 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
    2012-09-20 07:05:33 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-09-20 07:05:33 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    .
    ============= FINISH: 17:31:53.92 ===============

    =====================================================================================
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-06 17:34:33
    -----------------------------
    17:34:33.621 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:34:33.621 Number of processors: 4 586 0x2A07
    17:34:33.622 ComputerName: WAVE-HP UserName: wave
    17:34:35.108 Initialize success
    17:34:35.250 AVAST engine defs: 12120602
    17:34:44.071 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    17:34:44.074 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
    17:34:44.096 Disk 0 MBR read successfully
    17:34:44.099 Disk 0 MBR scan
    17:34:44.104 Disk 0 Windows 7 default MBR code
    17:34:44.112 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    17:34:44.124 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462036 MB offset 409600
    17:34:44.156 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14600 MB offset 946659328
    17:34:44.174 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
    17:34:44.180 Disk 0 scanning C:\Windows\system32\drivers
    17:34:53.458 Service scanning
    17:35:13.318 Modules scanning
    17:35:13.331 Disk 0 trace - called modules:
    17:35:13.359 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
    17:35:13.365 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006836060]
    17:35:13.373 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa80066fab10]
    17:35:13.381 5 hpdskflt.sys[fffff88001d97189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80065f4050]
    17:35:14.256 AVAST engine scan C:\Windows
    17:35:15.715 AVAST engine scan C:\Windows\system32
    17:37:00.974 AVAST engine scan C:\Windows\system32\drivers
    17:37:09.316 AVAST engine scan C:\Users\wave
    17:50:05.405 AVAST engine scan C:\ProgramData
    17:51:41.512 Disk 0 MBR has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\MBR.dat"
    17:51:41.522 The log file has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\aswMBR.txt"
    17:52:56.327 Scan finished successfully
    18:08:24.534 Disk 0 MBR has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\MBR.dat"
    18:08:24.542 The log file has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\aswMBR.txt"
    18:08:36.554 Disk 0 MBR has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\MBR.dat"
    18:08:36.562 The log file has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\aswMBR.txt"
    18:08:43.264 Disk 0 MBR has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\MBR.dat"
    18:08:43.274 The log file has been saved successfully to "C:\Users\wave\Downloads\SSD\spybot forum\aswMBR1.txt"

    -----------------------------------------------------------------------------------
    "Kapersky Security Scan 2.0" Results below

    Vulnerabilities (8)
    Information about applications and operating system components in which vulnerabilities have been detected.
    C:\Program Files (x86)\Java\jre6\bin\java.exe
    C:\Program Files (x86)\Java\jre7\bin\java.exe
    C:\Program Files (x86)\VideoLAN\VLC\vlc-cache-gen.exe
    C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll
    C:\Windows\SysWOW64\msxml4.dll
    C:\Windows\SysWOW64\Adobe\Shockwave 11\SwInit.exe
    C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

    Other issues (10)
    Information about vulnerabilities associated with the settings of installed applications and the operating system.
    "Autorun from hard drives is allowed"
    "Autorun from network drives is enabled"
    "CD/DVD autorun is enabled"
    "Removable media autorun is enabled"
    "Microsoft Internet Explorer - disable caching data received via protected channel"
    "Microsoft Internet Explorer: disable sending error reports"
    "Microsoft Internet Explorer: clear the list of trusted domains"
    "Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
    "Microsoft Internet Explorer: enable cache autocleanup on browser closing"
    "Microsoft Internet Explorer: start page reset"

    Kapersky Security Scan Results above
    -----------------------------------------------------------------------------------

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi nextari,

    DDS, aswMBR logs look ok. Spybot log looks like a bunch of logs and tracks that Windows creates and stores. Iam sure it can delete them also. Kapersky found possible exploits, looks like some things need updating. Autorun allows things to start automatically, like a malicious .exe off of a flash drive. I would disable it.


    "Anti-phishing Domain Advisor\visicom_antiphishing.exe by Panda I was continually getting warnings
    that it was blocking 4 trojans >>"

    Possible false positives
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Dec 2012
    Posts
    15

    Default Thanks!

    Thank You very much, Shelf Life!

    I have disabled "Autoplay" in "hardware and sound". I just read somewhere that for security, windows 7 has disabled autorun for flash drives.

    Windows and my computer (HP dv7t) were already fully updated before scans.
    Would this mean I should seek out specific driver (or other?) updates that were not automatic?

    Happy Sunday to you!

    Thank You!

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    A good source for checking third party software is here. Outdated software like Java, Flash, Adobe etc are ripe for exploits. In fact, third party software has surpassed MS Windows at the top of the heap.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •