Firewall keeps turning Off

View previous topic View next topic Go down

Firewall keeps turning Off

Post by maldotcom on 7th February 2012, 1:19 am

Yesterday, I turned on my computer and all these pop-ups came up telling me that Adobe and NVIDIA had problems. So I tried going on my Microsoft Word, and it wouldn't open either. It kept saying "A problem caused the program to stop working correctly. Windows wills close the program and notify you if a solution is available." So I went on Google and tried finding all these solutions. So I downloaded SUPERAntiSpyware and my log shows this:
SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 02/06/2012 at 05:17 PM

Application Version : 5.0.1144

Core Rules Database Version : 8203
Trace Rules Database Version: 6015

Scan type : Complete Scan
Total Scan Time : 00:07:29

Operating System Information
Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 517
Memory threats detected : 0
Registry items scanned : 29408
Registry threats detected : 4
File items scanned : 6504
File threats detected : 0

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Disabled.TaskManager
HKU\S-1-5-21-1595074931-3511647410-710645076-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR

I removed the threats and rebooted, and did that twice, with the same viruses showing up. I saw several sites saying to download ComboFix and such, and when I chose to run the program it says NSIS Error, and something about the file not downloading correctly when I went on various sites with the actual link. Also, when I try to access regedit, it says I can't because of my administrator or something. I don't know what to do, please help ! I'm a student in need

maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by Superdave on 7th February 2012, 6:49 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*********************************************************
Download DDS from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control [You must be registered and logged in to see this link.].Then post your DDS logs. (DDS.txt and Attach.txt )

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 8th February 2012, 12:27 am

This is the DDS text

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29
Run by Hector at 16:14:11 on 2012-02-07
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\netsh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Tablet.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\Tablet.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\Hector\AppData\Local\Temp\winnkyva.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Hector\AppData\Local\Temp\wincllawf.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Hector\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Facebook Update] "c:\users\hector\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: []
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{31972A6A-3FED-4216-9ACB-B0157B220ED4} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hector\appdata\roaming\mozilla\firefox\profiles\z9fnat44.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\gretech\npgomtvx_nie.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\vizzed\vizzed retro game room\NpVizzedRgr.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\hector\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? EagleXNt;EagleXNt
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? nvUpdatusService;NVIDIA Update Service Daemon
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? AdobeARMservice;Adobe Acrobat Update Service
S? FontCache;Windows Font Cache Service
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SBSDWSCService;SBSD Security Center Service
S? VST_DPV;VST_DPV
S? VSTHWBS2;VSTHWBS2
.
=============== File Associations ===============
.
scrfile="%1" %*
.
=============== Created Last 30 ================
.
2012-02-07 23:20:39 103140 ----a-w- C:\qwikal.exe
2012-02-07 17:14:23 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b6d65f6a-1d7a-47fb-a027-d5b5ef807a36}\mpengine.dll
2012-02-06 03:10:30 -------- d-----w- c:\users\hector\appdata\roaming\SUPERAntiSpyware.com
2012-02-06 03:09:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-06 03:09:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-06 03:00:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-06 03:00:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-06 02:10:50 -------- d-----w- c:\program files\Smart Virus Remover
2012-02-05 15:16:41 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-05 05:05:32 -------- d-----w- c:\program files\Windows Portable Devices
2012-02-05 04:58:19 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-02-05 04:58:18 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-02-05 04:58:18 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-02-05 04:57:13 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-02-05 04:57:12 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-02-05 04:57:11 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-02-05 04:57:11 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-02-05 04:57:11 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-02-05 04:57:11 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-02-05 04:57:11 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-02-05 03:49:17 -------- d-----w- C:\a895073a609dddfbe9
2012-02-05 01:57:55 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-02-05 01:56:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-02-05 01:55:55 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-02-05 01:55:18 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-02-04 20:38:32 -------- d-----w- c:\windows\system32\vi-VN
2012-02-04 20:38:32 -------- d-----w- c:\windows\system32\eu-ES
2012-02-04 20:38:32 -------- d-----w- c:\windows\system32\ca-ES
2012-02-04 19:27:21 -------- d-----w- c:\windows\system32\EventProviders
2012-01-30 05:24:36 -------- d--h--w- c:\windows\system32\B43205
2012-01-30 05:24:36 -------- d--h--w- c:\windows\system32\769A93
2012-01-30 05:24:36 -------- d--h--w- c:\windows\system32\6FF81D
2012-01-30 05:24:36 -------- d--h--w- c:\windows\system32\01DFF4
2012-01-23 00:23:04 6754712 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2012-01-23 00:23:04 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2012-01-23 00:23:04 539160 ----a-w- c:\windows\system32\LVUI2.dll
2012-01-23 00:23:04 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2012-01-23 00:22:49 34068 ----a-w- c:\windows\system32\Repository.reg
2012-01-23 00:22:49 265496 ----a-w- c:\windows\system32\drivers\lvrs.sys
2012-01-23 00:22:49 199192 ----a-w- c:\windows\system32\lvci1201278.dll
2012-01-23 00:22:49 114712 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
.
==================== Find3M ====================
.
2012-02-08 00:10:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-27 08:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 05:30:18 20640 ------w- c:\windows\system32\drivers\PxHelp20.sys
2011-12-04 05:30:18 109568 ------w- c:\windows\system32\pxinsi64.exe
2011-12-04 05:30:18 108544 ------w- c:\windows\system32\pxcpyi64.exe
2011-11-27 17:12:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll
2011-11-17 06:48:37 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-16 16:23:44 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 16:23:08 72704 ----a-w- c:\windows\system32\secur32.dll
2011-11-16 16:23:05 278528 ----a-w- c:\windows\system32\schannel.dll
2011-11-16 16:21:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-16 14:12:25 9728 ----a-w- c:\windows\system32\lsass.exe
.
============= FINISH: 16:20:42.06 ===============

maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 8th February 2012, 12:28 am

This is the Attach text

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 6/11/2011 8:20:02 PM
System Uptime: 2/7/2012 3:19:22 PM (1 hours ago)
.
Motherboard: ECS-USA | | GeForce6100PM-M2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | Socket AM2 | 2500/201mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 93 GiB total, 41.94 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
2Wire Wireless Client
32 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709a
7-Zip 9.20
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader X (10.1.2)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Comcast Desktop Software (v1.2.0.9)
Destination Component
DeviceDiscovery
DocMgr
DocProc
Facebook Video Calling 1.1.1.1
Fax
GOM Player
GOMTV Plug-in
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPProductAssistant
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Jing
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.60.1.1000
MapleStory
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Nexon Game Manager
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA Control Panel 285.62
NVIDIA Graphics Driver 285.62
NVIDIA Install Application
NVIDIA Update 1.5.20
NVIDIA Update Components
OCR Software by I.R.I.S. 12.0
Pando Media Booster
ProductContext
QuickTime
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
SUPERAntiSpyware
System Requirements Lab
Tablet
The Free YouTube Downloader
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Vizzed Retro Game Room
WebReg
Windows Media Player Firefox Plugin
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2/7/2012 9:08:12 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} as /. The error: "1314" Happened while starting this command: C:\Windows\System32\mobsync.exe -Embedding
2/7/2012 9:07:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
2/7/2012 3:22:52 PM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 4:20:32 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {D0B7C734-2D1B-461D-93C6-8264DA4F038B}. The error: "1314" Happened while starting this command: C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe -Embedding
2/5/2012 9:13:04 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {66C99B38-BC12-4134-90A2-C5D6ABFC5FFE}. The error: "1314" Happened while starting this command: "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
2/5/2012 6:06:28 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "1314" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
2/4/2012 8:54:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows Vista.
2/4/2012 8:19:06 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
2/4/2012 7:58:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Windows Internet Explorer 9 for Windows Vista.
2/4/2012 7:58:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB2644615).
2/4/2012 7:58:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB2633171).
2/4/2012 7:58:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB2598479).
2/4/2012 7:58:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB2579686).
2/4/2012 7:58:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB2532531).
2/4/2012 7:58:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Platform Update Supplement for Windows Vista (KB2117917).
2/4/2012 7:58:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Platform Update for Windows Vista (KB971644).
2/4/2012 7:58:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Microsoft .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 Security Update x86 (KB979910).
2/4/2012 7:58:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows Vista (KB2545698).
2/4/2012 7:58:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows Vista (KB2505189).
2/4/2012 7:58:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB2646524).
2/4/2012 7:58:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB2619339).
2/4/2012 7:58:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB2584146).
2/4/2012 7:58:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2657424).
2/4/2012 7:58:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2656362).
2/4/2012 7:58:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 x86 (KB2518866).
2/4/2012 7:58:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB2618444).
2/4/2012 7:58:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows Vista (KB2641690).
2/4/2012 7:58:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows Mail Junk E-mail Filter [January 2012] (KB905866).
2/4/2012 7:58:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB2639417).
2/4/2012 7:58:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB2588516).
2/4/2012 7:58:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2572078).
2/4/2012 7:58:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Windows Server 2008 SP2 x86 (KB2572075).
2/4/2012 7:58:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Microsoft .NET Framework 3.5 SP1, Windows Vista SP2, and Windows Server 2008 SP2 Update x86 (KB982525).
2/4/2012 7:58:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871).
2/4/2012 7:58:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB2631813).
2/4/2012 7:58:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Vista (KB2620712).
2/4/2012 12:46:04 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63AA156-D534-4BAC-9BF1-55359CF5EC30} to the user Hector-PC\UpdatusUser SID (S-1-5-21-1595074931-3511647410-710645076-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 8th February 2012, 1:09 am

So I'm not done with the Malware log, but during the scan it said "Malwarebytes Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt."

C:\USERS\HECTOR\APPDATA\LOCAL\VIRTUALSTORE\WINDOWS\THUMBS . DB
BACKDOOR.SENNA

so I Quarantined it

maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by Superdave on 8th February 2012, 7:47 pm

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See [You must be registered and logged in to see this link.] for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
******************************************************
Please go to [You must be registered and logged in to see this link.]
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:
C:\qwikal.exe

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
***********************************************
Please paste the MBAM log when you receive it.

Download Combofix from any of the links below, and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 8th February 2012, 10:16 pm

This is the address from the qwikal scan

[You must be registered and logged in to see this link.]

maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by Superdave on 8th February 2012, 11:14 pm

Ok. Please proceed with the other two scans and we'll get rid of that nasty.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 9th February 2012, 12:47 am

Can I do them at the same time? Or just one at a time?

maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 9th February 2012, 3:43 am

MBAM LOG :


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
[You must be registered and logged in to see this link.]

Database version: v2012.02.07.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Hector :: HECTOR-PC [administrator]

Protection: Enabled

2/8/2012 2:03:27 PM
mbam-log-2012-02-08 (14-03-27).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 357106
Time elapsed: 5 hour(s), 33 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Users\Hector\AppData\Local\Temp\E_N4 (Worm.Autorun) -> Quarantined and deleted successfully.

Files Detected: 10
C:\qwikal.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Hector\AppData\Local\Temp\E_N4\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Windows\System32\6FF81D\cnvpe.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Windows\System32\6FF81D\dp1.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Windows\System32\6FF81D\eAPI.fne (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Windows\System32\6FF81D\HtmlView.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\Windows\System32\6FF81D\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.
C:\Windows\System32\6FF81D\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\6FF81D\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Users\Hector\AppData\Local\Temp\E_N4\spec.fne (Worm.Autorun) -> Quarantined and deleted successfully.

(end)


maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by Superdave on 9th February 2012, 7:42 pm

That should have repaired your Firewall. Now I need the ComboFix log.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 10th February 2012, 12:33 am

ComboFix 12-02-02.02 - Hector 02/09/2012 16:07:57.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1918.672 [GMT -8:00]
Running from: c:\users\Hector\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\program files\Shop to Win 11
c:\program files\Shop to Win 11\patch.bat
c:\program files\Shop to Win 11\settings.xml
c:\program files\Shop to Win 11\ShoppingBHO.dll
c:\program files\Shop to Win 11\ShopToWin.ico
c:\program files\Shop to Win 11\Uninst.exe
c:\program files\Shop to Win 11\version.txt
c:\users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 11
c:\users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 11\Check out Previous Winners.lnk
c:\users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 11\Frequently Asked Questions.lnk
c:\users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 11\How can I win $100,000.lnk
c:\users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 11\How can I win $500 Today.lnk
c:\users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 11\Shop To Win Privacy Policy.lnk
c:\users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 11\Shop to Win Terms and Conditions.lnk
c:\users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 11\Sweepstakes Official Rules.lnk
c:\users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 11\Uninstall.lnk
c:\users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 11\View My Shop to Win Account.lnk
c:\users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop to Win 11\Visit the Shop to Win Mall.lnk
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-10 00:10 . 2012-02-10 00:16 -------- d-----w- c:\users\Hector\AppData\Local\temp
2012-02-10 00:10 . 2012-02-10 00:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-10 00:10 . 2012-02-10 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 16:52 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9266BF39-13A8-4B36-8A4B-DB105DD5D51C}\mpengine.dll
2012-02-06 03:10 . 2012-02-06 03:10 -------- d-----w- c:\users\Hector\AppData\Roaming\SUPERAntiSpyware.com
2012-02-06 03:09 . 2012-02-06 03:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-06 03:09 . 2012-02-06 03:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-06 03:00 . 2012-02-06 04:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-06 03:00 . 2012-02-06 03:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-06 02:10 . 2012-02-06 02:34 -------- d-----w- c:\program files\Smart Virus Remover
2012-02-05 20:12 . 2012-02-05 20:12 -------- d-----w- c:\windows\Sun
2012-02-05 05:05 . 2012-02-05 05:05 -------- d-----w- c:\program files\Windows Portable Devices
2012-02-05 04:57 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-02-05 04:57 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-02-05 04:57 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-02-05 04:56 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-02-05 04:56 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2012-02-05 04:56 . 2009-10-01 01:01 839168 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2012-02-05 04:56 . 2009-10-01 01:01 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll
2012-02-05 04:23 . 2012-02-05 04:23 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-02-05 03:49 . 2012-02-05 03:49 -------- d-----w- C:\a895073a609dddfbe9
2012-02-05 01:58 . 2011-01-20 16:08 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-02-05 01:58 . 2011-01-20 16:37 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-05 01:58 . 2011-01-20 16:07 37376 ----a-w- c:\windows\system32\cdd.dll
2012-02-05 01:57 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-02-05 01:57 . 2011-08-16 16:14 129024 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-05 01:57 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-05 01:57 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-05 01:57 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-05 01:57 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-05 01:57 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-02-05 01:57 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-05 01:57 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-02-05 01:57 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-02-05 01:56 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-05 01:56 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-05 01:56 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-05 01:56 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-05 01:55 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-02-04 20:38 . 2012-02-04 20:39 -------- d-----w- c:\windows\system32\ca-ES
2012-02-04 20:38 . 2012-02-04 20:39 -------- d-----w- c:\windows\system32\eu-ES
2012-02-04 19:27 . 2012-02-04 19:27 -------- d-----w- c:\windows\system32\EventProviders
2012-01-30 05:24 . 2012-02-09 03:37 -------- d--h--w- c:\windows\system32\6FF81D
2012-01-30 05:24 . 2012-02-06 05:49 -------- d--h--w- c:\windows\system32\01DFF4
2012-01-30 05:24 . 2012-01-30 05:39 -------- d--h--w- c:\windows\system32\769A93
2012-01-30 05:24 . 2012-01-30 05:24 -------- d--h--w- c:\windows\system32\B43205
2012-01-26 01:39 . 2012-01-26 01:54 -------- d-----w- c:\users\Hector\AppData\Roaming\Skype
2012-01-26 01:36 . 2012-01-26 01:54 -------- d-----w- c:\programdata\Skype
2012-01-23 00:24 . 2012-01-23 00:24 -------- d-----w- c:\users\Hector\AppData\Roaming\Leadertech
2012-01-23 00:23 . 2009-04-30 23:03 6754712 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2012-01-23 00:22 . 2009-04-30 23:01 265496 ----a-w- c:\windows\system32\drivers\lvrs.sys
2012-01-23 00:22 . 2009-04-30 23:00 114712 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2012-01-23 00:20 . 2012-02-04 20:35 -------- d-----w- c:\program files\Common Files\LogiShrd
2012-01-23 00:20 . 2012-01-24 06:17 -------- d-----w- c:\programdata\LogiShrd
2012-01-23 00:20 . 2012-01-23 00:20 -------- d-----w- c:\program files\Logitech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 08:21 . 2011-06-12 16:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 23:24 . 2011-06-12 03:49 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 05:30 . 2011-12-04 05:32 20640 ------w- c:\windows\system32\drivers\PxHelp20.sys
2011-12-04 05:30 . 2011-12-04 05:32 109568 ------w- c:\windows\system32\pxinsi64.exe
2011-12-04 05:30 . 2011-12-04 05:32 108544 ------w- c:\windows\system32\pxcpyi64.exe
2011-11-27 17:12 . 2011-06-12 15:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 15:59 . 2012-02-05 01:56 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2012-02-05 01:56 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-02-05 01:58 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-02-05 01:57 66560 ----a-w- c:\windows\system32\packager.dll
2011-11-16 16:23 . 2012-02-05 01:56 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 16:23 . 2012-02-05 01:56 72704 ----a-w- c:\windows\system32\secur32.dll
2011-11-16 16:23 . 2012-02-05 01:56 278528 ----a-w- c:\windows\system32\schannel.dll
2011-11-16 16:21 . 2012-02-05 01:56 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-16 14:12 . 2012-02-05 01:56 9728 ----a-w- c:\windows\system32\lsass.exe
2011-12-31 19:17 . 2011-06-12 16:18 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
[7] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\System32\drivers\beep.sys
[7] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
.
[7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\System32\drivers\kbdclass.sys
[7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys
[7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\kbdclass.sys
[7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\kbdclass.sys
[7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6002.18005_none_9939e6e4d61ab7ca\kbdclass.sys
[7] 2008-01-21 . B076B2AB806B3F696DAB21375389101C . 35384 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\kbdclass.sys
[7] 2008-01-21 . B076B2AB806B3F696DAB21375389101C . 35384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\kbdclass.sys
[7] 2008-01-21 . C9B0CF786D5F151A43C7BE8E243F2819 . 35384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\kbdclass.sys
[7] 2006-11-02 . 1A48765F92BA1A88445FC25C9C9D94FC . 32872 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\kbdclass.sys
.
[7] 2009-04-11 . 1357274D1883F68300AEADD15D7BBB42 . 527848 . . [6.0.6002.18005] . . c:\windows\System32\drivers\ndis.sys
[7] 2009-04-11 . 1357274D1883F68300AEADD15D7BBB42 . 527848 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[7] 2008-01-21 . 9BDC71790FA08F0A0B5F10462B1BD0B1 . 529464 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
.
[7] 2009-04-11 . 6A4A98CEE84CF9E99564510DDA4BAA47 . 1083880 . . [6.0.6000.16386] . . c:\windows\System32\drivers\ntfs.sys
[7] 2009-04-11 . 6A4A98CEE84CF9E99564510DDA4BAA47 . 1083880 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
[7] 2008-01-21 . B4EFFE29EB4F15538FD8A9681108492D . 1081912 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys
.
[7] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys
[7] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\null.sys
.
[7] 2011-09-20 . 814A1C66FBD4E1B310A517221F1456BF . 905088 . . [6.0.6002.18519] . . c:\windows\System32\drivers\tcpip.sys
[7] 2011-09-20 . 814A1C66FBD4E1B310A517221F1456BF . 905088 . . [6.0.6002.18519] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[7] 2011-09-20 . 16731B631F28F63CD9F4CB60940E7DDD . 913280 . . [6.0.6002.22719] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[7] 2010-06-16 . 6A10AFCE0B38371064BE41C1FBFD3C6B . 912776 . . [6.0.6002.22425] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[7] 2010-06-16 . A474879AFA4A596B3A531F3E69730DBF . 905088 . . [6.0.6002.18272] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[7] 2010-06-16 . 782568AB6A43160A159B6215B70BCCE9 . 898952 . . [6.0.6001.18493] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[7] 2010-06-16 . 6216A954ED7045B62880A92D6C9B9FC7 . 902032 . . [6.0.6001.22713] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[7] 2009-08-15 . 2512B4D1353370D6688B1AF1F5AFA1CF . 816640 . . [6.0.6000.21108] . . c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[7] 2009-08-14 . 8A7AD2A214233F684242F289ED83EBC3 . 897608 . . [6.0.6001.18311] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[7] 2009-08-14 . 2608E71AAD54564647D4BB984E1925AA . 900168 . . [6.0.6001.22497] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[7] 2009-08-14 . FF71856BD4CD6D4367F9FD84BE79A874 . 905784 . . [6.0.6002.22200] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
[7] 2009-08-14 . 65877AA1B6A7CB797488E831698973E9 . 904776 . . [6.0.6002.18091] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[7] 2009-08-14 . 300208927321066EA53761FDC98747C6 . 813568 . . [6.0.6000.16908] . . c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[7] 2009-04-11 . 0E6B0885C3D5E4643ED2D043DE3433D8 . 897000 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[7] 2008-04-26 . 82E266BEE5F0167E41C6ECFDD2A79C02 . 891448 . . [6.0.6001.18063] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[7] 2008-04-26 . 01EC1E92595F839BEE70D439C46796E3 . 891448 . . [6.0.6001.22167] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[7] 2008-01-21 . FC6E2835D667774D409C7C7021EAF9C4 . 891448 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
.
[7] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll
[7] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.0.6001.18000_none_78e926b99dfe756d\browser.dll
.
[7] 2011-11-16 . A3E186B4B935905B829219502557314E . 9728 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe
[7] 2011-11-16 . A3E186B4B935905B829219502557314E . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18541_none_a806cc745a10ffad\lsass.exe
[7] 2011-11-16 . EBFAEB786C46B407930811F94F08877D . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22742_none_a8916b6f732db5f5\lsass.exe
[7] 2009-09-10 . D09A5DA84B7C9CA9B02EBCD7FAE41C8D . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[7] 2009-09-10 . 2D3AC5E7AC01E905F3ABD2D745FE3A9B . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[7] 2009-09-09 . CB7E838C140B4087B2DA323F2D4523C5 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[7] 2009-06-15 . C731B1FE449D4E9CEA358C9D55B69BE9 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[7] 2009-06-15 . 6F1F23D3599EAE17734451936B7F17C6 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[7] 2009-06-15 . BA9A67672E025078C77967731BCFC560 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[7] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[7] 2009-06-15 . 203D86EBD6D8E4C8501B222421E81506 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[7] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[7] 2009-02-13 . F4C62B07E5BF96F1FDCA9DB393ECED22 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
[7] 2009-02-13 . 59DE082968FDD257FFF0D209B9A5B460 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[7] 2009-02-13 . AFF8A58280863629CA4FFA9E0B259F1E . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[7] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[7] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[7] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
.
[7] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll
[7] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll
.
[7] 2008-01-21 . 4211249955AF9133E2E357CC92B54DFD . 1291264 . . [2001.12.6930.16386] . . c:\windows\System32\comres.dll
[7] 2008-01-21 . 4211249955AF9133E2E357CC92B54DFD . 1291264 . . [2001.12.6930.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll
.
[7] 2009-04-11 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll
[7] 2009-04-11 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
[7] 2008-01-21 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
.
[7] 2009-04-11 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll
[7] 2009-04-11 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[7] 2009-03-03 . 301AE00E12408650BADDC04DBC832830 . 551424 . . [6.0.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[7] 2009-03-03 . 4DFCBDEF3CCAA98F99038DED78945253 . 551424 . . [6.0.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[7] 2009-03-03 . 7B981222A257D076885BFFB66F19B7CE . 549888 . . [6.0.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[7] 2009-03-03 . B1BB45E24717A7F790B4411C4446EF5E . 550400 . . [6.0.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[7] 2008-01-21 . 33FB1F0193EE2051067441492D56113C . 547328 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
.
[7] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe
[7] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[7] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
.
[7] 2010-08-17 . AAE98B295E88D439A6E0F6E8929424FB . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
[7] 2010-08-17 . 8554097E5136C3BF9F69FE578A1B35F4 . 128000 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe
[7] 2010-08-17 . 8554097E5136C3BF9F69FE578A1B35F4 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
[7] 2010-08-17 . 3665F79026A3F91FBCA63F2C65A09B19 . 126464 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
[7] 2010-08-17 . E807FC542C295BA256CE3567829E02A6 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe
[7] 2009-04-11 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[7] 2008-01-21 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
.
[7] 2009-04-11 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe
[7] 2009-04-11 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[7] 2008-01-21 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
.
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\System32\wuauclt.exe
[7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuauclt.exe
[7] 2008-01-21 . 8E93CDF0EA8EDBA63F07E2898A9B2147 . 43008 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_a052d92e34802200\wuauclt.exe
[7] 2008-01-21 . 8E93CDF0EA8EDBA63F07E2898A9B2147 . 43008 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6002.18005_none_a23e523a31a1ed4c\wuauclt.exe
[7] 2006-11-02 . FF81090B6EF1A42A19DF226632711D25 . 41472 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_6.0.6000.16386_none_acab9aecacae685d\wuauclt.exe
.
[7] 2009-04-11 . 76B06EB8A01FC8624D699E7045303E54 . 72192 . . [6.0.6002.18005] . . c:\windows\System32\drivers\tdx.sys
[7] 2009-04-11 . 76B06EB8A01FC8624D699E7045303E54 . 72192 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[7] 2008-01-21 . D09276B1FAB033CE1D40DCBDF303D10F . 71680 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
.
[7] 2010-09-02 . 542A806C74798410ADA0623B9E745C38 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6002.22480_none_3bb5b9b7ee7c46da\comctl32.dll
[7] 2010-09-02 . 2429BBFFCE9EDB193232DE902F88C688 . 1686016 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.22480_none_45f1fca2222ab96c\comctl32.dll
[7] 2010-09-02 . 63A65EA959BD32B01F02E847CB16C63D . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.22480_none_8ada5c8366e90385\comctl32.dll
[7] 2010-09-01 . FFBE05ED8338B17940DEA55FA6BC6F03 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.22755_none_39f4b905f1391c96\comctl32.dll
[7] 2010-09-01 . 168B034C75B85AFD667AC8D0C9003312 . 1685504 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.22755_none_4612924c21dcda90\comctl32.dll
[7] 2010-09-01 . 640C4514157B3C6FE1E05B135FCB95B4 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.22755_none_8a5499024dc7b801\comctl32.dll
[7] 2010-08-31 . DC8891A9203810FC994E7FCCF76E94C8 . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll
[7] 2010-08-31 . DC8891A9203810FC994E7FCCF76E94C8 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6002.18305_none_3b879dbed519463b\comctl32.dll
[7] 2010-08-31 . BE3C082837866C4C291ADAF163C10EA6 . 1686016 . . [6.10] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
[7] 2010-08-31 . 35ACD5EA63D75E97DD0E9A1629E582B2 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
[7] 2010-08-31 . 457366B876CEAB9E92DDF976B8520CB6 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18523_none_39898984d804f924\comctl32.dll
[7] 2010-08-31 . D702B4E30B31BFCAB7BD4E5965C1A5DC . 1684480 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
[7] 2010-08-31 . E402A6E79D1E4DBFEBA8B364C67A3158 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\comctl32.dll
[7] 2009-04-11 . 0C2236FB7195A1CF2A632D530349E673 . 1686016 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
[7] 2008-01-21 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18000_none_399c1f00d7f7837a\comctl32.dll
[7] 2008-01-21 . 58D3C1519096F3D9E07EEC5F5FC64885 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll
[7] 2008-01-21 . A5BB4537004C8DCC096A952EF1E20FE9 . 1684480 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
[7] 2006-11-02 . B28A9B2300A250B703D44C1759AF2605 . 1648128 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
[7] 2006-11-02 . 4A05089F43041903A3C523A3C16E3350 . 537088 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll
.
[7] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll
[7] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll
[7] 2008-01-21 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
.
[7] 2009-04-11 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] . . c:\windows\System32\es.dll
[7] 2009-04-11 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6002.18005_none_0ed918294edf6b75\es.dll
[7] 2008-04-19 . 131B7E46A7ACD49CB56BB03917A76DE3 . 268800 . . [2001.12.6930.20818] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_0b8e318c6db592d2\es.dll
[7] 2008-04-19 . 7B4971C3D43525175A4EA0D143E0412E . 268800 . . [2001.12.6930.16677] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\es.dll
[7] 2008-04-18 . 3CB3343D720168B575133A0A20DC2465 . 269312 . . [2001.12.6931.18057] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\es.dll
[7] 2008-04-18 . 776D75AF432C598068CC933C7421171B . 269312 . . [2001.12.6931.22162] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_0d385cf46b0a1a47\es.dll
[7] 2008-01-21 . F4BF4FA769DB51B106D2B4B35256988B . 262144 . . [2001.12.6931.18000] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll
.
[7] 2009-04-11 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\System32\imm32.dll
[7] 2009-04-11 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_5e419722778cc84e\imm32.dll
[7] 2008-01-21 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll
.
[7] 2011-04-12 . 574B473FACAA0E91702B86578440B525 . 892416 . . [6.0.6001.18000] . . c:\windows\System32\kernel32.dll
[7] 2011-04-12 . 574B473FACAA0E91702B86578440B525 . 892416 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_9582275d538a1db6\kernel32.dll
[7] 2011-04-12 . 7062DEB220FA1CCB1B65FC40D6E7D807 . 893440 . . [6.0.6002.22625] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_961d64be6c9b1d69\kernel32.dll
[7] 2011-04-12 . 306835D4E74E49A5D10F0FCA0B422EB1 . 890368 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_939e812b5662e4c2\kernel32.dll
[7] 2011-04-12 . 497A2DA8181560B3E2F8FFE0092FD1E6 . 892928 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_93ee425a6faadaba\kernel32.dll
[7] 2009-04-11 . BB8509089E7DF514310814E1B2593FFC . 891392 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll
[7] 2009-02-13 . DB6E3731E6F5C8AE2843F80B5787F7C6 . 888832 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[7] 2009-02-13 . 1987D817D08F5EAF0B7F334026FDDB79 . 890880 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[7] 2009-02-13 . B82C7AC1D559F0FD088792171D64C7F3 . 875520 . . [6.0.6000.16820] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[7] 2009-02-13 . BB792054BD990EC05D9E260D50FEAD39 . 875520 . . [6.0.6000.21010] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[7] 2008-01-21 . DC2338093F91BA4E0512208E60206DDD . 888320 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
.
[7] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll
[7] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.0.6000.16386_none_362e7020a86900de\linkinfo.dll
.
[7] 2011-02-16 . 08F5BC2DC64C4D97931A28058F238D80 . 23552 . . [6.0.6002.22589] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22589_none_abf5b7af710301e2\lpk.dll
[7] 2011-02-16 . 0F1AF051D2B58411341B70360852AA36 . 23552 . . [6.0.6001.22854] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22854_none_aa2ab41973c8da38\lpk.dll
[7] 2009-10-19 . 7BE32E67440BB5B2205C5402A2FBDE25 . 24064 . . [6.0.6000.16939] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2\lpk.dll
[7] 2009-10-19 . 1C8BB8BB211F8ADB8E51FC2FF5C411D6 . 24064 . . [6.0.6000.21142] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21142_none_a84d1555769c394e\lpk.dll
[7] 2009-10-19 . 6223ACDEE46548B706EE8E8C51A985B0 . 23552 . . [6.0.6001.22544] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22544_none_aa357e5373c0c6d2\lpk.dll
[7] 2009-10-19 . 7ABEC59B0338BAA1261190B89B2B90E6 . 23552 . . [6.0.6002.22247] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22247_none_ac1ef11970e467fb\lpk.dll
[7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\System32\lpk.dll
[7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\lpk.dll
[7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18405_none_abbe991c57a81d34\lpk.dll
[7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\lpk.dll
[7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\lpk.dll
[7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18599_none_a97ad5445ac72e97\lpk.dll
[7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18005_none_abbe918457a82898\lpk.dll
.

maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 10th February 2012, 12:34 am

[7] 2011-11-06 . 23DCEA577E734E04B8740C96A7DF5C53 . 3618816 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22739_none_159bc53b387d8e4b\mshtml.dll
[7] 2011-11-04 . 4624C772E178A59464EFCD0A5DCBB241 . 3617792 . . [7.00.6000.16386] . . c:\windows\System32\mshtml.dll
[7] 2011-11-04 . 4624C772E178A59464EFCD0A5DCBB241 . 3617792 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18538_none_151126401f60d803\mshtml.dll
[7] 2011-04-21 . C062788870AF39AFBC3B5645E1381559 . 3610112 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18457_none_14fa84381f71f967\mshtml.dll
[7] 2011-04-21 . 78484C24A46297C628115F6D0E4D0A17 . 3611136 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22629_none_15a6934138757533\mshtml.dll
[7] 2011-04-21 . D6C2CEACB1EE184EA0C1D6BD594B398F . 3593728 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18639_none_132bb0d62239a1e8\mshtml.dll
[7] 2011-04-21 . 8E33539FB60AA8C146CFC9BB0565880D . 3595264 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22905_none_13d1c0093b4282d1\mshtml.dll
[7] 2011-02-18 . F7DE0C76A0DC549EC30973499FA49C2D . 3609600 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22592_none_1553dfe138b48a42\mshtml.dll
[7] 2011-02-18 . BD32D3A161BDA2E56481570FBFBAFFD8 . 3608576 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18407_none_153093d41f496db2\mshtml.dll
[7] 2011-02-18 . 6C14018723B764C576D5DD3ED94E0ED0 . 3592704 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18602_none_13451e9422279cb4\mshtml.dll
[7] 2011-02-18 . DD92939202A2C6ADFEBCFFD5F460B766 . 3593728 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22857_none_139daf1b3b69440d\mshtml.dll
[7] 2009-04-11 . A4D04D404AFC1D30EDA01EE50D27AA51 . 3596288 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18005_none_152e8ba81f4b4668\mshtml.dll
[7] 2008-01-21 . 48E05FD07045BB2E5CFC43C970CAF1E7 . 3578368 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18000_none_1343129c22297b1c\mshtml.dll
.
[7] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\System32\msvcrt.dll
[7] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll
[7] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll
.
[7] 2009-04-11 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll
[7] 2009-04-11 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[7] 2008-01-21 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
.
[7] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll
[7] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[7] 2008-01-21 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
.
[7] 2009-04-11 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll
[7] 2009-04-11 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6002.18005_none_a505176cf9fa2abd\powrprof.dll
[7] 2008-01-21 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6001.18000_none_a3199e60fcd85f71\powrprof.dll
.
[7] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll
[7] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[7] 2008-01-21 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
.
[7] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll
[7] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll
.
[7] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe
[7] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
.
[7] 2009-04-11 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6000.16386] . . c:\windows\System32\tapisrv.dll
[7] 2009-04-11 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6002.18005_none_e52851e7e21463cb\tapisrv.dll
[7] 2008-01-21 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6001.18000_none_e33cd8dbe4f2987f\tapisrv.dll
.
[7] 2009-04-11 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll
[7] 2009-04-11 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[7] 2008-01-21 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
.
[7] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe
[7] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
[7] 2011-10-21 . 758A5362019E7DDD7BC9CCE57FF99E7A . 842240 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22730_none_0438a382b82f4106\wininet.dll
[7] 2011-10-20 . 72A45F23D07C6B13D23B84D043A81059 . 834048 . . [7.00.6000.16386] . . c:\windows\System32\wininet.dll
[7] 2011-10-20 . 72A45F23D07C6B13D23B84D043A81059 . 834048 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18531_none_03b0051b9f10bd6c\wininet.dll
[7] 2011-04-21 . 17413EF7D95632D892B4C914CD7E66F9 . 834048 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18457_none_03a065199f1b9031\wininet.dll
[7] 2011-04-21 . 3790936B00FBA6EC2053C3E81B42AFCE . 842240 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22629_none_044c7422b81f0bfd\wininet.dll
[7] 2011-04-21 . DA5A72211661C7F162B332FEA4F09A69 . 833024 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18639_none_01d191b7a1e338b2\wininet.dll
[7] 2011-04-21 . D53D34CA16BE45211F7A13532D181A1A . 841728 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22905_none_0277a0eabaec199b\wininet.dll
[7] 2011-02-18 . E9839CDBD10ED7E7E2D3A3E51C23B168 . 842240 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22592_none_03f9c0c2b85e210c\wininet.dll
[7] 2011-02-18 . A7A07D223862A0C661DB225E27058248 . 834048 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18407_none_03d674b59ef3047c\wininet.dll
[7] 2011-02-18 . B1DB3E0B0E6CB66DC31629EC26FB0048 . 833024 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18602_none_01eaff75a1d1337e\wininet.dll
[7] 2011-02-18 . E5B46DD994C4AB72C8BD666B3026E812 . 841728 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22857_none_02438ffcbb12dad7\wininet.dll
[7] 2009-04-11 . 8777B44511D8BCCF47B5A7CBDC02DE11 . 828416 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18005_none_03d46c899ef4dd32\wininet.dll
[7] 2008-01-21 . 455D715A840579BDC1CF8E5C1DA76849 . 825856 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
.
[7] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll
[7] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
.
[7] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ws2help.dll
[7] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\ws2help.dll
.
[7] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\explorer.exe
[7] 2009-04-11 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[7] 2008-10-30 . 50BA5850147410CDE89C523AD3BC606E . 2927616 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[7] 2008-10-29 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[7] 2008-10-29 . 37440D09DEAE0B672A04DCCF7ABF06BE . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[7] 2008-10-28 . E7156B0B74762D9DE0E66BDCDE06E5FB . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[7] 2008-01-21 . FFA764631CB70A30065C12EF8E174F9F . 2927104 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
.
[7] 2008-01-21 . 467A3B03E924B7B7EDD16D34740574B0 . 134656 . . [6.0.6000.16386] . . c:\windows\regedit.exe
[7] 2008-01-21 . 467A3B03E924B7B7EDD16D34740574B0 . 134656 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
.
[7] 2010-06-28 . 7C6F74A11FCF5745B36CB8085B7DE3FB . 1316864 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.22433_none_ae70528d08aae434\ole32.dll
[7] 2010-06-28 . 9586E7CB2255A8B097A7E4538202585E . 1316864 . . [6.0.6000.16386] . . c:\windows\System32\ole32.dll
[7] 2010-06-28 . 9586E7CB2255A8B097A7E4538202585E . 1316864 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18277_none_adbf7553efaa1c63\ole32.dll
[7] 2010-06-28 . 64A319477AF21806B8A17E8A3A3FF8BC . 1315840 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.22720_none_ac91afb30b7f271a\ole32.dll
[7] 2010-06-28 . AA406846DD60E3A4536DBAAB4037B685 . 1315840 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18498_none_abc461f7f2931b51\ole32.dll
[7] 2009-04-11 . C50A0AB19094BC362FBA69E105EBCCFD . 1316864 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18005_none_ae092067ef732bd0\ole32.dll
[7] 2008-01-21 . 3B634E4BE373D6D987EBF906B43FAAB3 . 1315328 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\ole32.dll
.
[7] 2010-04-16 . E609A492AD596187CEA24E8418FF082F . 502784 . . [1.0626.6002.22384] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.22384_none_af1813076efd8bc3\usp10.dll
[7] 2010-04-16 . 80FFF14F1757B9AF8BE9D314FC1AE88B . 502272 . . [1.0626.6002.18244] . . c:\windows\System32\usp10.dll
[7] 2010-04-16 . 80FFF14F1757B9AF8BE9D314FC1AE88B . 502272 . . [1.0626.6002.18244] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18244_none_aeb9b5ec55bf7c35\usp10.dll
[7] 2010-04-16 . 8CB1162DD3586683D71BCB303C1FF54F . 502272 . . [1.0626.6001.22672] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.22672_none_ad3a707771d0e800\usp10.dll
[7] 2010-04-16 . A23E4692716C25E5AEA300ED74E73A1C . 501760 . . [1.0626.6001.18461] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18461_none_acbaa16858ac15c7\usp10.dll
[7] 2009-04-11 . 5A8E28037289FCCBF7AD3FC57DF7048F . 502272 . . [1.0626.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18005_none_aee5f21a559e2b7a\usp10.dll
[7] 2008-01-21 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18000_none_acfa790e587c602e\usp10.dll
.
[7] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ksuser.dll
[7] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.0.6001.18000_none_e8019c5c974c4491\ksuser.dll
.
[7] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe
[7] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
.
[7] 2009-07-10 . 1E3FDB80E40A3CE645F229DFBDFB7694 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18287_none_cce0e39c1d282219\shsvcs.dll
[7] 2009-07-10 . 94285A002D2826D2FD1C0806455136E9 . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16883_none_caf6a3ce20052bcc\shsvcs.dll
[7] 2009-07-10 . 6898575E052CE7CB1CB87622EF187CDA . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.21081_none_cb7e18273924cc2a\shsvcs.dll
[7] 2009-07-10 . 6669714ACE90E9BB4E8C1D550C67B160 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.22467_none_cd80222536358728\shsvcs.dll
[7] 2009-07-10 . F0942394F642F5CE3D9A86474FA293FA . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_cf6894a1335a0efa\shsvcs.dll
[7] 2009-07-10 . C7230FBEE14437716701C15BE02C27B8 . 247808 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2009-07-10 . C7230FBEE14437716701C15BE02C27B8 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18063_none_ced8f61a1a41d726\shsvcs.dll
[7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
[7] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
.
[7] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\System32\cngaudit.dll
[7] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
.
[7] 2008-01-21 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6000.16386] . . c:\windows\System32\wininit.exe
[7] 2008-01-21 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
.
[7] 2009-04-11 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll
[7] 2009-04-11 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6002.18005_none_8b517ec580991c4d\regsvc.dll
[7] 2008-01-21 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6001.18000_none_896605b983775101\regsvc.dll
.
[7] 2010-11-06 . 7B587B8A6D4A99F79D2902D0385F29BD . 603648 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18551_none_2ecc18bd972a0f87\schedsvc.dll
[7] 2010-11-05 . 4B71C228530440F853F9C30E308F00E9 . 604672 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.22791_none_2f2a77beb0681c3c\schedsvc.dll
[7] 2010-11-05 . 38AE0400578FD396628F21A571473A3B . 602112 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.22519_none_316f6d3cad4659b7\schedsvc.dll
[7] 2010-11-04 . 1A58069DB21D05EB2AB58EE5753EBE8D . 601600 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll
[7] 2010-11-04 . 1A58069DB21D05EB2AB58EE5753EBE8D . 601600 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18342_none_30be5cc194475f38\schedsvc.dll
[7] 2009-04-11 . 323AE0BDFD2EB15B668DDA50CC597329 . 595456 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18005_none_30ec979d94244404\schedsvc.dll
[7] 2008-01-21 . 1D5E99DB3C10F4FA034010DC49043CA4 . 596992 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18000_none_2f011e91970278b8\schedsvc.dll
[7] 2008-01-21 . 886CEC884B5BE29AB9828B8AB46B11F7 . 595456 . . [6.0.6000.16609] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6\schedsvc.dll
[7] 2008-01-21 . BF17DA9F25A4F84C2577AC13EE126CB7 . 595968 . . [6.0.6000.20734] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0\schedsvc.dll
.
[7] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll
[7] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.0.6001.18000_none_7fc972ebd13849b5\ssdpsrv.dll
.
[7] 2009-04-11 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll
[7] 2009-04-11 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll
[7] 2008-01-21 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
.
[7] 2008-01-21 . A952D0DED445F26AEFCF593A935AB300 . 289792 . . [6.0.6000.16386] . . c:\windows\System32\hnetcfg.dll
[7] 2008-01-21 . A952D0DED445F26AEFCF593A935AB300 . 289792 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.0.6001.18000_none_b03645b494998691\hnetcfg.dll
.
[7] 2009-04-11 . 0FE769CAE5855B53C90E23F85E7E89FF . 148992 . . [6.0.6000.16386] . . c:\windows\System32\appmgmts.dll
[7] 2009-04-11 . 0FE769CAE5855B53C90E23F85E7E89FF . 148992 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.0.6002.18005_none_83ba6170592b6c85\appmgmts.dll
[7] 2008-01-21 . C56DED3FE618C8BAE1AAAF4E801CCB3E . 148992 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.0.6001.18000_none_81cee8645c09a139\appmgmts.dll
.
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6000.16386] . . c:\windows\System32\drivers\AGP440.sys
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[7] 2006-11-02 . EF23439CDD587F64C2C1B8825CEAD7D8 . 53864 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
.
[7] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll
[7] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.0.6001.18000_none_f900daa442864318\ias.dll
[7] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.0.6002.18005_none_faec53b03fa80e64\ias.dll
.
[7] 2010-08-31 16:49 . 5E9F187AC6BADB58C21C4E3A18DD1F62 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6002.22478_none_f53f7ef86c05abb0\mfc40u.dll
[7] 2010-08-31 15:46 . 2A64FE405579BB073FBABD68AF1468E7 . 954288 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll
[7] 2010-08-31 15:46 . 2A64FE405579BB073FBABD68AF1468E7 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6002.18305_none_f4fe90c352b1fc4a\mfc40u.dll
[7] 2010-08-31 15:41 . 13D0F7769927B74782CB59D8CCEF9E10 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6001.18523_none_f3007c89559daf33\mfc40u.dll
[7] 2010-08-31 15:17 . 1C1486BB262DF6DFD298110BC495906E . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6001.22754_none_f36aabc06ed2b94e\mfc40u.dll
[7] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6000.16386_none_f0dc500958a528b5\mfc40u.dll
.
[7] 2011-10-27 . 5B3C5FBBE4FB0DCFFCEC402B44BC6719 . 3603840 . . [6.0.6002.22732] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22732_none_6e821239ca7d7436\ntkrnlpa.exe
[7] 2011-10-27 . CA537C1021ACDF5B3D14A01B0D4A09B7 . 3602816 . . [6.0.6002.18533] . . c:\windows\System32\ntkrnlpa.exe
[7] 2011-10-27 . CA537C1021ACDF5B3D14A01B0D4A09B7 . 3602816 . . [6.0.6002.18533] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18533_none_6df973d2b15ef09c\ntkrnlpa.exe
[7] 2010-10-15 . 950C425C9E1FA4DDEC8A6B7915E3D892 . 3600272 . . [6.0.6001.18538] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18538_none_6c17fdaab43422b6\ntkrnlpa.exe
[7] 2010-10-15 . C391DF1007E54B1FE06A4EF02DB6FA61 . 3602320 . . [6.0.6002.18327] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18327_none_6e08411ab1533fb9\ntkrnlpa.exe
[7] 2010-10-15 . 3BEF21D45A74AD2C6EAD894BA6C6A502 . 3602832 . . [6.0.6001.22777] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22777_none_6c755c61cd731614\ntkrnlpa.exe
[7] 2010-10-15 . FEB9209E1D2B97DB4AE8FBF1DB0F54B6 . 3603856 . . [6.0.6002.22505] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22505_none_6ea57f0fca62721a\ntkrnlpa.exe
[7] 2009-04-11 . 1260BEACF2F023807A1087BBB0E15BBD . 3601896 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18005_none_6e1bdaacb144ddb4\ntkrnlpa.exe
[7] 2009-03-03 . FEB3FB3309EBA85917BDE7F4FD019C9D . 3599328 . . [6.0.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntkrnlpa.exe
[7] 2009-03-03 . 641C0F376136E5B6F389016EC48374D2 . 3600880 . . [6.0.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntkrnlpa.exe
[7] 2009-03-03 . 06BCF21AAA1890328D1F58F0ACBE668D . 3503584 . . [6.0.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntkrnlpa.exe
[7] 2009-03-03 . 191C702B48681FB2BA5A96F416207ACF . 3505120 . . [6.0.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntkrnlpa.exe
[7] 2008-04-26 . 6BB1994F5B62FEF6268F1EBB4014E293 . 3600952 . . [6.0.6001.18063] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntkrnlpa.exe
[7] 2008-04-26 . 68EEF02A8846442FE98AD0E0517EE6BC . 3601464 . . [6.0.6001.22167] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntkrnlpa.exe
[7] 2008-01-21 . FE51E8DBBEF2D01EF886499FECBF2D78 . 3600440 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntkrnlpa.exe
.
[7] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll
[7] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.0.6001.18000_none_c1e834753483fdcf\upnphost.dll
.
[7] 2009-04-11 . 84B8827562B005C118CADBA0F25DB2C6 . 444416 . . [6.0.6000.16386] . . c:\windows\System32\dsound.dll
[7] 2009-04-11 . 84B8827562B005C118CADBA0F25DB2C6 . 444416 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.0.6002.18005_none_5a8737643f04aa4c\dsound.dll
[7] 2008-01-21 . 8A7B8DA5CA558D2DE47086BB23556543 . 444416 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.0.6001.18000_none_589bbe5841e2df00\dsound.dll
.
[7] 2009-04-11 . 8AAEEE8E59A70F37579993D118A34EE0 . 1788416 . . [6.0.6002.18005] . . c:\windows\System32\d3d9.dll
[7] 2009-04-11 . 8AAEEE8E59A70F37579993D118A34EE0 . 1788416 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6002.18005_none_c438e5b15de80145\d3d9.dll
[7] 2008-01-21 . FAB8F08EC64A54917C07BDB6DC811C95 . 1788928 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\d3d9.dll
.
[7] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\System32\ddraw.dll
[7] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd\ddraw.dll
.
[7] 2009-04-11 06:28 . A944A73CEC5921B871542FE5CC5E03E4 . 88576 . . [6.0.6002.18005] . . c:\windows\System32\olepro32.dll
[7] 2009-04-11 06:28 . A944A73CEC5921B871542FE5CC5E03E4 . 88576 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6002.18005_none_3bff339efed611ca\olepro32.dll
[7] 2008-01-21 02:24 . AE70AE6F0760793D4893C3735EEC7292 . 88576 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6001.18000_none_3a13ba9301b4467e\olepro32.dll
.
[7] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\System32\perfctrs.dll
[7] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfctrs.dll
[7] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6002.18005_none_335eb6cf5a3b9de4\perfctrs.dll
.
[7] 2009-04-11 . 69827805A221C21450BA22F4326A2EE3 . 20480 . . [6.0.6002.18005] . . c:\windows\System32\version.dll
[7] 2009-04-11 . 69827805A221C21450BA22F4326A2EE3 . 20480 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6002.18005_none_16e9c83b4e078740\version.dll
[7] 2008-01-21 . 187D588F7A1A45DE48B8540401A90850 . 20480 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6001.18000_none_14fe4f2f50e5bbf4\version.dll
.
[7] 2011-04-21 . 77B9A891222FB46B13E414B99E1AF842 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18639_none_2f4a9e431a0ea795\iexplore.exe
[7] 2011-04-21 . 6C93AC7C0A8718E2A1543DB1B1B3B19F . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22905_none_2ff0ad763317887e\iexplore.exe
[7] 2011-02-18 . C84ABBF7D7AF2F7D004D800D10430FF5 . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18602_none_2f640c0119fca261\iexplore.exe
[7] 2011-02-18 . BECD30E162ACFD7A04B1F87FBBAFF70E . 634648 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22857_none_2fbc9c88333e49ba\iexplore.exe
[7] 2009-04-11 . 2C5168C856455CC43C4B4E1CC1920001 . 636080 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[7] 2008-01-21 . 5B92133D3E7FB2644677686305E29E81 . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
.
.
[7] 2011-10-27 . C7D1507B837BC41D13D6EAC31A032AE3 . 3550080 . . [6.0.6002.18533] . . c:\windows\System32\ntoskrnl.exe
[7] 2011-10-27 . C7D1507B837BC41D13D6EAC31A032AE3 . 3550080 . . [6.0.6002.18533] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18533_none_6df973d2b15ef09c\ntoskrnl.exe
[7] 2011-10-27 . D91407C7DF48B369E35E9E1426563EFA . 3552640 . . [6.0.6002.22732] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22732_none_6e821239ca7d7436\ntoskrnl.exe
[7] 2010-10-15 . A573338BDCED710795C618EA5FCF48D5 . 3548048 . . [6.0.6001.18538] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18538_none_6c17fdaab43422b6\ntoskrnl.exe
[7] 2010-10-15 . 8B5EEAA99965E26C3FBB9FAC8BD3B6A1 . 3552144 . . [6.0.6002.22505] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22505_none_6ea57f0fca62721a\ntoskrnl.exe
[7] 2010-10-15 . F276ABE13DD0BA1024A42A443E47A4A2 . 3550608 . . [6.0.6001.22777] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22777_none_6c755c61cd731614\ntoskrnl.exe
[7] 2010-10-15 . 1ACD7FC485D0E0FF9097E08900D834CC . 3550096 . . [6.0.6002.18327] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18327_none_6e08411ab1533fb9\ntoskrnl.exe
[7] 2009-04-11 . 6798DBF3F25721637AEF5B6C69911C9C . 3549672 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18005_none_6e1bdaacb144ddb4\ntoskrnl.exe
[7] 2009-03-03 . 393BB8FE05D66ABA7B091E6032179272 . 3547632 . . [6.0.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntoskrnl.exe
[7] 2009-03-03 . DFF34C5D66AB4BF1EED47BF19D1267BB . 3548656 . . [6.0.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntoskrnl.exe
[7] 2009-03-03 . 3910FE042C707E6BACD0FEC5AB9ECDE6 . 3469280 . . [6.0.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntoskrnl.exe
[7] 2009-03-03 . 808C86316AED98716C5F305A6265F393 . 3471328 . . [6.0.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntoskrnl.exe
[7] 2008-04-26 . C9CD31B3CBA8134F2B47FB5E78376ACC . 3549240 . . [6.0.6001.18063] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntoskrnl.exe
[7] 2008-04-26 . 22D444D3D88A4C299894B3638A114BF7 . 3549240 . . [6.0.6001.22167] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntoskrnl.exe
[7] 2008-01-21 . 6700F35EBA206E5C89AC27C9A124DC01 . 3548728 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntoskrnl.exe
.
[7] 2009-04-11 . 96EA68B9EB310A69C25EBB0282B2B9DE . 282624 . . [6.0.6001.18000] . . c:\windows\System32\w32time.dll
[7] 2009-04-11 . 96EA68B9EB310A69C25EBB0282B2B9DE . 282624 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.0.6002.18005_none_8a92dcbb6a6c707b\w32time.dll
[7] 2008-01-21 . 1CF9206966A8458CDA9A8B20DF8AB7D3 . 282624 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.0.6001.18000_none_88a763af6d4aa52f\w32time.dll
.
[7] 2009-04-11 . 5DE7D67E49B88F5F07F3E53C4B92A352 . 453120 . . [6.0.6000.16386] . . c:\windows\System32\wiaservc.dll
[7] 2009-04-11 . 5DE7D67E49B88F5F07F3E53C4B92A352 . 453120 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_347fb41db0752753\wiaservc.dll
[7] 2008-01-21 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\wiaservc.dll
.
[7] 2009-04-11 . 83199EF88D691E730B80666E29F90D58 . 17408 . . [6.0.6000.16386] . . c:\windows\System32\midimap.dll
[7] 2009-04-11 . 83199EF88D691E730B80666E29F90D58 . 17408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6002.18005_none_8ee941100db1acf2\midimap.dll
[7] 2008-01-21 . D7F1F6C72276A15579D5761098018891 . 17408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\midimap.dll
.
[7] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\System32\rasadhlp.dll
[7] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1094952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-11 3077528]
"Facebook Update"="c:\users\Hector\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-09 215360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 112936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 917440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 499712]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 126976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 491368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 538696]
.
c:\users\Hector\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
2069F2.lnk - c:\windows\System32\01DFF4\2069F2.EXE [N/A]
2WireSetup.lnk - c:\program files\2Wire\LaunchSetupWiz.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"ANTIVIRUSDISABLENOTIFY"=dword:00000001
"FIREWALLDISABLENOTIFY"=dword:00000001
"UPDATESDISABLENOTIFY"=dword:00000001
"UacDisableNotify"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1595074931-3511647410-710645076-1000Core.job
- c:\users\Hector\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-09 05:36]
.
2012-02-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1595074931-3511647410-710645076-1000UA.job
- c:\users\Hector\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-09 05:36]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 15:38]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 15:38]
.
2012-02-09 c:\windows\Tasks\User_Feed_Synchronization-{6194D9E6-1291-4ECE-B9FD-772425D7E4EE}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:25]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\z9fnat44.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-02-09 16:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\Tablet.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\users\Hector\AppData\Local\Temp\winhthpc.exe
c:\windows\system32\netsh.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\WerCon.exe
c:\windows\servicing\TrustedInstaller.exe
c:\users\Hector\AppData\Local\Temp\winffqx.exe
.
**************************************************************************
.
Completion time: 2012-02-09 16:31:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-10 00:31
.
Pre-Run: 43,885,641,728 bytes free
Post-Run: 45,300,285,440 bytes free
.
- - End Of File - - B52B7F591B8FFA3FA310EAC503917630

maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by Superdave on 10th February 2012, 2:54 am

Can you turn on your firewall now?

Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
****************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 10th February 2012, 3:12 am

The Firewall is still off when my computer starts, and I can turn it on, but it turns off every few minutes.

Results of screen317's Security Check version 0.99.31
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
SUPERAntiSpyware
Java(TM) 6 Update 29
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
``````````End of Log````````````

maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 10th February 2012, 3:46 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8C4D1000
Module End: 8C4DC000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8C4DC000
Module End: 8C4E4000
Hidden: Yes

Module Name: \??\C:\Users\Hector\AppData\Local\Temp\catchme.sys
Service Name: catchme
Module Base: 9C4F4000
Module End: 9C4FC000
Hidden: Yes

Module Name: \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: 9C522000
Module End: 9C524000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: 877D2640
Driver Base: 877C8000
Driver End: 877EA000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Users\Hector\Music\iTunes\01 SHOCK(Japanese Version).mp3
Status: Hidden

Object: C:\Users\Hector\Music\iTunes\02 LOVE ME! ~???????????.mp3
Status: Hidden

Object: C:\Users\Hector\Music\iTunes\??????3 ???? ?????? SeeU 1st ????? "RUN".mp3
Status: Hidden

Object: C:\Windows\CSC\v2.0.6\namespace
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\pq
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\sm
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\temp
Status: Access denied

Object: C:\Windows\CSC\v2.0.6
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Microsoft-Windows-Backup.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied


maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by Superdave on 10th February 2012, 7:05 pm

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

I still need to see the SysProt AntiRootkit log.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 11th February 2012, 12:11 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8C4DA000
Module End: 8C4E5000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8C4E5000
Module End: 8C4ED000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: 877D1640
Driver Base: 877C7000
Driver End: 877E9000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Users\Hector\Music\iTunes\01 SHOCK(Japanese Version).mp3
Status: Hidden

Object: C:\Users\Hector\Music\iTunes\02 LOVE ME! ~???????????.mp3
Status: Hidden

Object: C:\Users\Hector\Music\iTunes\??????3 ???? ?????? SeeU 1st ????? "RUN".mp3
Status: Hidden

Object: C:\Windows\CSC\v2.0.6\namespace
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\pq
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\sm
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\temp
Status: Access denied

Object: C:\Windows\CSC\v2.0.6
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Microsoft-Windows-Backup.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied


maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by Superdave on 11th February 2012, 2:23 am

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 11th February 2012, 7:20 am

C:\autorun.inf INF/Autorun.gen trojan cleaned by deleting (after the next restart) - quarantined
C:\nfje.pif Win32/Sality.NBA virus cleaned by deleting - quarantined
C:\a895073a609dddfbe9\Setup.exe Win32/Sality.NAU virus cleaned - quarantined
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\ose.exe Win32/Sality.NAU virus cleaned - quarantined
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\setup.exe Win32/Sality.NAU virus cleaned - quarantined
C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe Win32/Sality.NAU virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\English\setup.exe Win32/Sality.NAU virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\English\Display.Driver\dbInstaller.exe Win32/Sality.NAU virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\English\Display.Update\ComUpdatus.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\English\Display.Update\daemonu.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\English\Display.Update\nvlhr.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\English\DisplayControlPanel\nvcplui.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\English\DisplayControlPanel\nvSmartMaxapp.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\English\DisplayControlPanel\nvTray.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\English\DisplayControlPanel\nvvsvc.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\English\DisplayControlPanel\nvxdsync.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\English\NV3DVision\3DVision_280.26.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\English\NV3DVisionUSB.Driver\NvIRUSB.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7\English\setup.exe Win32/Sality.NAU virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7\English\Display.Driver\dbInstaller.exe Win32/Sality.NAU virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7\English\Display.Update\ComUpdatus.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7\English\Display.Update\daemonu.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7\English\Display.Update\nvlhr.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7\English\DisplayControlPanel\nvcplui.exe Win32/Sality.NAU virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7\English\DisplayControlPanel\nvSmartMaxapp.exe Win32/Sality.NBA virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7\English\DisplayControlPanel\nvTray.exe Win32/Sality.NAU virus cleaned - quarantined
C:\NVIDIA\DisplayDriver\285.62\WinVista_Win7\English\NV3DVision\3DVision_285.62.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\7-Zip\7z.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\7-Zip\7zFM.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\7-Zip\7zG.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\7-Zip\Uninstall.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Adobe\Adobe Help Center\ahc.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Adobe\Adobe Help Center\ahcremind.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe Win32/Sality.NBA virus error while cleaning
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoDownloader.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Adobe\Photoshop Elements 4.0\Photoshop Elements 4.0.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsEditor.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Adobe\Photoshop Elements 4.0\PseProxy.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Adobe\Reader 10.0\Reader\AcroBroker.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Adobe\Reader 10.0\Reader\AcroTextExtractor.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Adobe\Reader 10.0\Reader\Eula.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Adobe\Reader 10.0\Reader\LogTransport2.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Apple Software Update\SoftwareUpdate.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\ComcastUI\Desktop Software\bin\kui.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Apple Application Support\defaults.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Apple Application Support\plutil.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileBackup.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileSync.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\com.apple.IE.client.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\com.apple.Outlook.client.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\com.apple.Safari.client.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\com.apple.WindowsContacts.client.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\com.apple.WindowsMail.client.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\com.google.ContactSync.client.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\Mingler.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncDiagnostics.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\syncli.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncPlanObserver.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUIHandler.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Apple\Mobile Device Support\upgradedb.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\GRETECH\uninstall_gomtvx.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Hewlett-Packard\Scanjet\bin\hpsjrreg.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Java\Java Update\jaucheck.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Java\Java Update\jaureg.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\Java\Java Update\jucheck.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\LogiShrd\WUApp32.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.0.1278\LgDrvInst.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.0.1278\ELCH\WUApp32.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.0.1278\IM2\WUApp32.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.0.1278\PRO5\WUApp32.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe Win32/Sality.NAU virus error while cleaning
C:\Program Files\Common Files\LogiShrd\LQCVFX\HWRendererTest.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\LogiShrd\LQCVFX\ModelFileHandler.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\LogiShrd\LQCVFX\VideoEffectsPerfMon.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\LogiShrd\LWSDiag\LWS_Diagnostic.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\microsoft shared\DW\DW20.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\microsoft shared\DW\DWTRIG20.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\microsoft shared\MSInfo\OINFOP12.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\microsoft shared\OFFICE12\ACECNFLT.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\microsoft shared\OFFICE12\MSE7.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLED.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\microsoft shared\OFFICE12\OFFDIAG.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\microsoft shared\OFFICE12\Office Setup Controller\ODEPLOY.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\microsoft shared\OFFICE12\Office Setup Controller\SETUP.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe Win32/Sality.NBA virus error while cleaning
C:\Program Files\Google\Update\GoogleUpdate.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Google\Update\1.3.21.99\GoogleUpdate.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Google\Update\1.3.21.99\GoogleUpdateBroker.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Google\Update\1.3.21.99\GoogleUpdateOnDemand.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Google\Update\Download\{0EEB323A-EC00-44BB-89E1-3E5E8059B2BB}\GoogleUpdateSetup.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.99\GoogleUpdateSetup.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\GRETECH\GomPlayer\GOM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\GRETECH\GomPlayer\GomWiz.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\GRETECH\GomPlayer\GrLauncher.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\GRETECH\GomPlayer\KillGom.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\GRETECH\GomPlayer\RtParser.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\GRETECH\GomPlayer\ShellRegister.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\GRETECH\GomPlayer\srt2smi.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\GRETECH\GomPlayer\Uninstall.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\DestTest.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpospd08.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hposvc08.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqacdse.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqaol08.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\HpqApKil.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqclpbd.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqcsaha.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqdash.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqdstcp.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqEmlsz.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe Win32/Sality.NBA virus error while cleaning
C:\Program Files\HP\Digital Imaging\bin\hpqgplgt01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqirs08.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqkiosk.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqpprop.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\HPQPrntW.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqptc08.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqqpawp.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\HpqSplFix08.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtax08.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqtbx01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\HpqTrMgr.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqudc08.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqusgl.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpsjrreg.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\ppcue.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\svtf.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Document Manager\hpqdcmgr.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\bin\Document Manager\hpqDM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\devicemanagement\hpzmsi01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\devicemanagement\hpzscr01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DigitalImaging\hpDocCvt.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\DocProc.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\dpe_ocr.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\DocProc\Binary\pdf2bmp.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\documentmanager\hpzmsi01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\documentmanager\hpzscr01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\esupport\hpzmsi01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\esupport\hpzscr01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\extcapuninstall\hpzmsi01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\extcapuninstall\hpzscr01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Help\player\FlashPla.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Help\player\fscommand\inkjet23_clean_ADF.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Help\player\fscommand\inkjet23_insert_card.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Help\player\fscommand\inkjet23_jams.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Help\player\fscommand\inkjet23_load_ADF.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Help\player\fscommand\inkjet23_load_envelopes.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Help\player\fscommand\inkjet23_load_glass.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Help\player\fscommand\inkjet23_load_small.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Help\player\fscommand\inkjet23_load_standard.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Help\player\fscommand\inkjet23_replace_cartridge.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Help\player\fscommand\inkjet23_scan_card.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Help\player\fscommand\inkjet23_transfer_scanner.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\ocr\hpzmsi01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\ocr\hpzscr01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqanipl.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqhlp01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqsrlp.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Search\hpqsrres.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_EditClips.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzmsi01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzswp01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\hpqrrx08.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\hpwlpd01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\hpzcdl01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\hpzsetup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\hpzshl01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\hpzstub.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\TestPage.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzcdl01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzdui01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzfwx01.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzmsi01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpznop01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpznui01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzpnp01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzpsl01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzrcn01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzscr01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzshl01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzwrp01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\HP Software Update\HPWUCli.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Temp\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzmsi01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Temp\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzrcv01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Temp\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzscr01.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\HP\Temp\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpzstub.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\iPod\bin\iPodService.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\iTunes\iTunes.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\iTunes\iTunesHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\java-rmi.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\java.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\javacpl.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\javaw.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\javaws.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\jbroker.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\jp2launcher.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\jqs.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\jqsnotify.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\keytool.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\kinit.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\klist.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\ktab.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\orbd.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\pack200.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\policytool.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\rmid.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\rmiregistry.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\servertool.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\ssvagent.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\tnameserv.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Java\jre6\bin\unpack200.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Logitech\Logitech WebCam Software\LogiMailApp.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Logitech\Logitech WebCam Software\LU\LULnchr.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Malwarebytes' Anti-Malware\mbampt.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\firefox.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\firefox.scr Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.scr Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-killer.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\rundll32.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\CLVIEW.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\CNFNOT32.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\DRAT.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\DSSM.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\excelcnv.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\GRAPH.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\GrooveClean.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\GrooveMigrator.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe Win32/Sality.NBA virus error while cleaning
C:\Program Files\Microsoft Office\Office12\GrooveStdURLLauncher.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\INFOPATH.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\MSOHTMED.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\MSPUB.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\MSQRY32.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\MSTORDB.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\MSTORE.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\OIS.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\REGFORM.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\SCANOST.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\SCANPST.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\SELFCERT.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\SETLANG.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\VPREVIEW.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\Wordconv.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Microsoft Office\Office12\1033\ONELEV.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Mozilla Firefox\crashreporter.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Mozilla Firefox\updater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Mozilla Firefox\uninstall\helper.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\3D Emitter\nvUSBInst.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Display\nvsmartmaxapp.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Drs\dbInstaller.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.0\nvcplui.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.0\nvSmartMaxapp.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.0\nvTray.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.0\nvvsvc.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.0\nvxdsync.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.1\nvcplui.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.1\nvSmartMaxapp.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\Display.ControlPanel.1\nvTray.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.0\dbInstaller.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.1\dbInstaller.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.0\NvIRUSB.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\installer.0\setup.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\installer.1\setup.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\NVIDIA.Update.0\ComUpdatus.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\NVIDIA.Update.0\daemonu.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\NVIDIA.Update.0\nvlhr.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\NVIDIA.Update.1\ComUpdatus.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\NVIDIA.Update.1\daemonu.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\Installer2\NVIDIA.Update.1\nvlhr.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\ComUpdatus.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\Nvlhr.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Pando Networks\Media Booster\BsSndRpt.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Pando Networks\Media Booster\uninst.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\QuickTime\PictureViewer.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\QuickTime\QTTask.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\QuickTime\QTSystem\ExportController.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Smart Virus Remover\run.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Smart Virus Remover\svruninstall.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\SUPERAntiSpyware\BootSafe.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\SUPERAntiSpyware\SASTask.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\SUPERAntiSpyware\SSUpdate.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\SUPERAntiSpyware\Uninstall.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\SystemRequirementsLab\Uninstall.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Tablet\Remove.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\TechSmith\Jing\Jing.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\The Free YouTube Downloader\ffmpeg.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\The Free YouTube Downloader\FLVPlayer.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\The Free YouTube Downloader\The Free YouTube Downloader.exe a variant of Win32/Sality virus deleted - quarantined
C:\Program Files\The Free YouTube Downloader\uninstall.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Vizzed\Vizzed Retro Game Room\InstallHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Yahoo!\common\unyt.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Program Files\Yahoo!\common\unyt_wrap.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Yahoo!\common\yupdctr.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Program Files\Yahoo!\Companion\Installs\cpn\inyt.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\10016\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\10016\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\10016\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\10236\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\10236\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\10236\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\10271\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\10271\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\10271\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\10367\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\10367\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\10367\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\11155\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\11155\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\11155\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\12342\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\12342\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\12342\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\12849\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\12849\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\12849\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\1390\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\1390\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\1390\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\14106\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\14106\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\14106\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\14200\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\14200\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\14200\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\15414\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\15414\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\15414\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\1562\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\1562\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\1562\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\16209\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\16209\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\16209\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\17383\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\17383\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\17383\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\17800\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\17800\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\17800\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\18087\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\18087\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\18087\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\18460\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\18460\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\18460\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\18948\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\18948\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\18948\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\18972\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\18972\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\18972\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\19136\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\19136\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\19136\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\19562\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\19562\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\19562\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\19691\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\19691\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\19691\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\2037\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\2037\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\2037\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\20474\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\20474\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\20474\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\20534\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\20534\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\20534\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\21153\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\21153\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\21153\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\21228\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\21228\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\21228\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\21281\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\21281\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\21281\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\21844\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\21844\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\21844\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\22315\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\22315\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\22315\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\22716\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\22716\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\22716\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\23379\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\23379\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\23379\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\24819\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\24819\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\24819\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\25717\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\25717\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\25717\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\26034\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\26034\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\26034\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\26494\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\26494\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\26494\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\28154\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\28154\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\28154\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\28419\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\28419\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\28419\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\29578\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\29578\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\29578\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\30580\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\30580\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\30580\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\3078\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\3078\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\3078\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\30835\AdobeARM.exe a variant of Win32/Sality virus deleted - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\30835\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\30835\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\31636\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\31636\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\31636\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\3601\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\3601\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\3601\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\4573\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\4573\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\4573\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\5243\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\5243\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\5243\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\555\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\555\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\555\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\6687\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\6687\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\6687\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\742\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\742\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\742\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\7863\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\7863\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\7863\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\8639\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\8639\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\8639\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\9047\AdobeARM.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\9047\AdobeARMHelper.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Adobe\ARM\Reader_10.1.1\9047\ReaderUpdater.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.5.2.11\SetupAdmin.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\HP\Installer\Temp\hpzmsi01.exe Win32/Sality.NAU virus cleaned - quarantined
C:\ProgramData\HP\Installer\Temp\hpzscr01.EXE Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\NexonUS\NGM\NGM.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\NVIDIA\Updatus\Download\71E59489\drsupdate.r280_11-10530863_RUNASUSER.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\NVIDIA\Updatus\Download\8789D51\drsupdate.r285_58-11403901_RUNASUSER.exe Win32/Sality.NBA virus cleaned - quarantined
C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Qoobox\Quarantine\C\_autorun_.inf.zip INF/Autorun.gen trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files\Shop to Win 11\Uninst.exe.vir Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\AppData\Local\Facebook\Update\FacebookUpdate.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Users\Hector\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MSVJ6TZV\285.62-desktop-win7-winvista-32bit-english-whql[1].exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\AppData\Local\temp\winchufs.exe a variant of Win32/SpamTool.Agent.NET trojan cleaned by deleting - quarantined
C:\Users\Hector\AppData\Local\temp\winvsqmcq.exe probably a variant of Win32/Agent.HLU trojan cleaned by deleting - quarantined
C:\Users\Hector\AppData\Local\temp\Temp1_JavaRa.zip\JavaRa.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\AppData\Local\Zame\PaintTool SAI English Pack\sai.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\AppData\Local\Zame\PaintTool SAI English Pack\start-sai.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\AppData\Local\Zame\PaintTool SAI English Pack\uninstall.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\AppData\LocalLow\FCSB000063127\Toolbar\Uninst.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-7f6cf478 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Hector\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a955edb-4f2af966 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Hector\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\40ecb367-4f2a7b1a a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Hector\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2d4937ea-36ee8def multiple threats deleted - quarantined
C:\Users\Hector\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-566bb376 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Hector\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-5039bba4 multiple threats deleted - quarantined
C:\Users\Hector\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-52915983 multiple threats deleted - quarantined
C:\Users\Hector\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\c393949-34aadf48 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Hector\AppData\Roaming\GRETECH\GomTVStreamer\GrLauncher.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Desktop\dds.scr Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Desktop\SecurityCheck.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Users\Hector\Desktop\JavaRa\JavaRa.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\4.13_forceware_wdm.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\BitZipperH2010.v20110401.TrialSetup-en-pl-techpro.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\dxwebsetup(2).exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\dxwebsetup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\GOMPLAYERENSETUP.EXE Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\GOMTVXNIESETUP.EXE Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\Install_AIM.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\install_flash_player(1).exe Win32/Sality.NAU virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\install_flash_player.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\jxpiinstall.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\mbam-setup-1.50.1.1100.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\MSDownloaderV97.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\sai-eng-pack-1.1.0-f1.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\WDM_R258(2).exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Documents\Downloads\WDM_R258.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Downloads\ccsetup315.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Downloads\DiskHealSetupv1.48R.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Downloads\jxpiinstall(1).exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Downloads\jxpiinstall.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Downloads\mbam-setup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Downloads\MSDownloaderV106.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Downloads\SkypeSetup.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Downloads\smart_vr(1).exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Downloads\smart_vr.exe Win32/Sality.NBA virus cleaned - quarantined
C:\Users\Hector\Downloads\SUPERAntiSpyware.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Users\Hector\Downloads\wmpfirefoxplugin.exe Win32/Sality.NAU virus cleaned - quarantined
C:\Windows\System32\6FF81D\shell.fne probably a variant of Win32/Agent.EFAOFKC trojan cleaned by deleting - quarantined
Operating memory multiple threats

maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by Superdave on 11th February 2012, 7:03 pm

I have bad news. It is actually the Sality infection.

Please read below.


Read about the Sality virus infection: This is the malware that exploits the

.lnk vulnerability.

Sality is a family of file infecting viruses that spread by infecting exe and

scr files. The virus also includes an autorun worm component that allows it to

spread to any removable or discoverable drive. In addition, Sality includes a

downloader trojan component that installs additional malware via the Web

It then creates and starts a service to load the driver. The driver blocks

access to a variety of security software vendor web sites.The virus then

disables security software services and ends security software processes. It

also disables registry editing and the task manager.

[You must be registered and logged in to see this link.]

Additional information about Sality:
Windows fails to correctly parse shortcut files, identified by the ".lnk"

extension. The flaw has been exploited most frequently using USB flash drives.

By crafting a malicious .lnk file, hackers can hijack a Windows PC with little

user interaction: All that's necessary is that the user views the contents of

the USB drive with a file manager like Windows Explorer.

Tests showed that the exploit works even when AutoRun and AutoPlay -- two

functions that have previously been used by attackers to commandeer PCs using

infected flash drives -- are disabled. The rootkit also bypasses all security

mechanisms in Windows, including the User Account Control (UAC) prompts in

Vista and Windows 7, ...
Worm is named Win32/Stuxnet.A.

Because of these actions, We recommend you do a reformat/reinstall. Attempts to

clean this virus to include the backdoor capability usually fail.

It looks like ESET caught a lot of that infection. Does your Firewall stay on now? Please run another scan with ESET. If it comes up with another bunch of those Sality infections I'm afraid we've reached the end of our attempts to clean the computer. You can save your important data and prepare to reinstall the OS.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 11th February 2012, 8:07 pm

Aw, so I'm completely new at this. I have a lot of questions like how d I reinstall the OS? how do I keep this from happening again? and how do I save all my files since I have so much?

maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by Superdave on 11th February 2012, 11:51 pm

I have a lot of questions like how d I reinstall the OS? how do I keep this from happening again? and how do I save all my files since I have so much?.
You should save all your important files, photos, music etc to DVD-RW's. You can erase them and use them again afterwards. Or you can use an external harddrive but you should scan them with at least two good AV programs before restoring them to your computer. Below you will find information about re-formatting and installing your OS. Also, some things you should do to protect yourself.

To wipe the drive clean, [You must be registered and logged in to see this link.] and reinstall the OS.

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.
*************************************************************
Remember to only install one antivirus!

1) [You must be registered and logged in to see this link.]
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
4-a) [You must be registered and logged in to see this link.]
5) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) [You must be registered and logged in to see this link.]

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
******************************************************
[You must be registered and logged in to see this link.]

****************************************************

Remember only install ONE firewall

1) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.]

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 12th February 2012, 4:04 am

okay thank you !

maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by maldotcom on 12th February 2012, 8:51 pm

I don't have a CD to reinstall , what do I do?

maldotcom
Novice
Novice

Posts Posts : 17
Joined Joined : 2012-02-07
OS OS : Windows Vista
Points Points : 17901
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Firewall keeps turning Off

Post by Superdave on 12th February 2012, 10:59 pm

I don't have a CD to reinstall , what do I do?.
In that case we'll have to try to clean the computer. Let's start with this scanner.

Save these instructions so you can have access to them while in Safe Mode.

Please click [You must be registered and logged in to see this link.] to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum