Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Security Center won't turn on (and isn't listed)

15 Jun 2012   #11
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

Go to this link
https://skydrive.live.com/?cid=93673...8FCEB92F%21115
find the 'good wscsvc.zip' fiple and download it
extract the .reg file to your desktop
right-click on the file, and select Merge.
accept the warnings, and reboot after you get the success message -
now test the Security Center.


My System SpecsSystem Spec
.
15 Jun 2012   #12
fan1bsb97

Windows 7
 
 

Ok I installed/merged the reg. file.

Now it says under security: "Spyware and unwanted software protection (Important)"

Windows Defender and McAfee Anti-Virus and Anti-Spyware both report that they are turned off.

There is a button to view antispyware options but when I click on it it takes me to a few options. The first one says to turn on windows defender and update definitions. When I click on that it takes me to the Windows/system32 folder. When I click on update Mcafee nothing happens.
My System SpecsSystem Spec
15 Jun 2012   #13
NoelDP

Microsoft Community Contributor Award Recipient

Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
 
 

You should always use McAfee's own options to turn it on and off. Chances are that it's been broken by your vairus infections and will require uninstall/reinstall (if even that works - if the virus is still active, it may prevent it).

If it's not behaving properly, then it would tend to indicate that there are more problems than just the Security Center - and you may well be looking at a reformat/reinstall as your best/safest option.
My System SpecsSystem Spec
.

15 Jun 2012   #14
fan1bsb97

Windows 7
 
 

McAfee was just reinstalled and appears to be working properly, aside from the windows security screen saying it's not. How do I know if it is or not?
My System SpecsSystem Spec
15 Jun 2012   #15
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

fan1bsb97,
First and foremost:
Run WDO. WDO will automatically run a quick scan. You will need to select full/compleete scan after the quick scan finishes.
McAfee,malwarebytes are both programs that require you to start up your Win 7 and thus do NOT remove all malware.

First, run WDO.
Immediately, thereafter UNINSTALL MuckAfee (McAfee).
Install MSE, Microsoft Security Essentials (link in my signature). This is the one and the only anti-malware you need.

After these steps, be sure to upload the LOG files mentioned in the folllowing write-up and to let us know the status.

Distinct possibility is that you will need to wipe the disk clean and perform a fresh install if the above procedures do not solve your problem. Oh yes, if you are, then cease and desist from using torrent software.
HOW TO USE WINDOWS DEFENDER OFFLINE ON A USB STICK
Windows Defender Offline
is a free standalone, bootable malware and virus remover from Microsoft.
performs an offline scan of an infected PC to remove viruses, rootkits and other advanced malware.

Download Windows Defender Offline (about 764 kB)

You will have the choice of downloading the 32bit version (x86) or the 64 bit version (x64).
The link will help you determine whether you are running a 32 bit version or 64 bit version of Windows

NOTE!! You can download and prepare a 32 bit version using a 64 bit version of Windows
NOTE!! You can download and prepare a 64 bit version using a 32bit version of Windows.

You run the 32 bit version on a 32 bit version of Windows.
You run the 64 bit version on a 64 bit version of Windows.

The 32 bit download file name is: mssstool32.exe
The 64 bit download file name is: mssstool64.exe

For the curious, this program was originally name Microsoft Standalone System Sweeper.


INSTALLATION:
You will need an Internet Connection.
Insert 512 mB (Microsoft’s 256 mB is no longer accurate) or larger USB stick into a usb port.
Run the downloaded program--mssstool64.exe or mssstool32.exe
NEXT button
Choose the option On a USB flash drive that is not password protected
NEXT button
NEXT button
.
The install program will format the usb stick using the NTFS format.
The install program will download about 210 mB.
The install program will name the USB stick WDO_Media32 or WDO_Media64
The WDO_Media32 usb stick will have used space of 255 mB (268,140,544 bytes)
The WDO_Media64 usb stick will have used space of 282 mB (296,165,376 bytes)
You can expect the number of mB to increase as more malware appears.

UPDATE Windows Defender Offline USB stick:
reinsert the usb stick
run the installation program, mssstool64.exe or mssstool32.exe, again.
the update will download about 66 mB (mssstool32.exe) and 68 mB (mssstool64.exe).

Since the malware database is sometimes updated several times in a day, always update before running.

PERFORM AN OFFLINE SCAN
Bootup your computer from the USB stick
Windows Defender Offline will automatically perform a quick scan.
After the quick scan finishes, Choose Full Scan
Select all of your drives

The initial, full scan can easily take several hours, but
Remember, your computer is being very thoroughly checked for all types of malware.


RESULTS OF THE SCAN
The results will be in 4 log files on your computer's disk in:
\Windows\Microsoft Antimalware\Support
Upload the four log files please.
My System SpecsSystem Spec
15 Jun 2012   #16
fan1bsb97

Windows 7
 
 

Thanks I'm starting this progress- quick question - how do I boot up from the usb stick?
My System SpecsSystem Spec
15 Jun 2012   #17
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

You consult the documentation for your computer which will tell you how to boot to USB.

Incidentally, you can help us to help you by fully and completely filling in your system specs:

Update your SevenForums System Specs
User CP (located on the top menu bar) |
Your Profile | Edit System Spec
(left-hand column)

To gather info, use Speccy (my favorite) or SIW or System Info

ADD the word laptop or desktop or netbook to the
“system manufacturer” block, for example,
Toshiba Satellite L305D notebook.

Provide full windows version info, for example:
MS Windows 7 Ultimate SP1 64-bit

Use the “Other Info” block for Optical Reader,
Mouse, touchpad, wifi adapter, speakers, monitor, etc

Scroll down and click on SAVE CHANGES.
======================================================
My System SpecsSystem Spec
15 Jun 2012   #18
fan1bsb97

Windows 7
 
 

Thanks for all your help. I will fill that out soon.

It went right into the quick scan. How do I start the full scan? Can I choose it after this one is over? It looks like it's almost done, but it seems to have froze (the time isn't elapsing anymore and the items scaned has stopped)...it says that the prelimiary scan results show tha tmalicious or potentially unwanted software miight exixt on your system. What should I do? Oh wait it started again lol. But how do I do the full scan?

Edit: The quick scan detected the trojan win64/sirefef.Y. I just removed it.

I guess I'll try to restart normally now? *nervous*

Oh I'm sorry I didn't see that I need to do the full scan next. I will do that now.
My System SpecsSystem Spec
16 Jun 2012   #19
fan1bsb97

Windows 7
 
 

Here's the results. I don't know how to disable smilies.

Quote:
**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 0
Number of invalid entries is 0
Number of Inserts issued is 0
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 0
Number of misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 311296
Journal ID = 0
Trusted image state = 0 USN = 0
Quote:
2012-06-16T05:05:23.996Z Version: Product 4.0.1538.0 Service 4.0.1538.0 Engine 0.0.0.0 AS 0.0.0.0 AV 0.0.0.0
2012-06-16T05:05:39.409Z Version: Product 4.0.1538.0 Service 4.0.1538.0 Engine 1.1.8403.0 AS 1.127.2110.0 AV 1.127.2110.0
2012-06-16T05:20:20.842Z DETECTION Trojan:Win64/Sirefef.Y file:\Windows\system32\services.exe->731
Quote:
--------------------------------------------------------------------------------
2012-06-16T05:05:23.903Z Trace session started - MpWppTracing-06152012-210523-00000003-ffffffff.bin
2012-06-16T05:05:23.903Z Service is asked to be reenabled.
2012-06-16T05:05:23.918Z Task(-EnableService) launched**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 0
Number of invalid entries is 0
Number of Inserts issued is 0
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 0
Number of misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 311296
Journal ID = 0
Trusted image state = 0 USN = 0

2012-06-16T05:05:23.965Z Loading engine...
2012-06-16T05:05:23.965Z loaded!
2012-06-16T05:05:23.981Z NisUpdate from SignatureDropLocation returns S_OK
2012-06-16T05:05:23.981Z NisUpdate from SignatureDefaultLocation returns S_OK
2012-06-16T05:05:23.981Z Cache Disabled: 0
2012-06-16T05:05:23.981Z Verifying license file...
2012-06-16T05:05:23.996Z verified!
2012-06-16T05:05:23.996Z Product supports installmode: 0
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2012-06-16T05:05:33.746Z Verifying engine and signature files (source: 0) ...
2012-06-16T05:05:34.043Z verified!
2012-06-16T05:05:39.316Z Initializing SQM in engine...
2012-06-16T05:05:39.316Z SQM initialized in the engine successfully
Signature updated on ‎06‎-‎15‎-‎2012 21:05:39
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 1.1.8403.0
AS Signature Version: 1.127.2110.0
AV Signature Version: 1.127.2110.0
************************************************************
2012-06-16T05:19:51.888Z Task(SpyNetService -RestrictPrivileges -AccessKey B41301BE-9C78-0CC8-8904-5FCCD6E7B8D2) launched
2012-06-16T05:20:20.842Z DETECTIONEVENT Trojan:Win64/Sirefef.Y containerfile:\Windows\system32\services.exe;file:\Windows\system32\services.exe->731;
2012-06-16T05:20:20.842Z DETECTION_ADD Trojan:Win64/Sirefef.Y containerfile:\Windows\system32\services.exe
2012-06-16T05:20:20.842Z DETECTION_ADD Trojan:Win64/Sirefef.Y file:\Windows\system32\services.exe->731
Begin Quick Scan
Scan ID:{799EB158-AE43-4701-B791-4361C86C2655}
Scan Source:2
Start Time:‎06‎-‎15‎-‎2012 21:05:39
End Time:‎06‎-‎15‎-‎2012 21:20:20
Result Count:1
Threat Name:Trojan:Win64/Sirefef.Y
ID:2147655285
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:\Windows\system32\services.exe->731
Extended Info:40388481833002
Resource Schema:containerfile
Resource Path:\Windows\system32\services.exe
Extended Info:0
End Scan
************************************************************

Begin Resource Scan
Scan ID:{117B0B44-AFF6-4BB3-B870-4EE1EB45AA9B}
Scan Source:6
Start Time:‎06‎-‎15‎-‎2012 21:23:07
End Time:‎06‎-‎15‎-‎2012 21:23:15
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Windows\system32\services.exe
Explicit resource to scan
Resource Schema:file
Resource Path:\Windows\system32\services.exe->731
Result Count:1
Threat Name:Trojan:Win64/Sirefef.Y
ID:2147655285
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:\Windows\system32\services.exe->731
Extended Info:40388481833002
Resource Schema:containerfile
Resource Path:\Windows\system32\services.exe
Extended Info:0
End Scan
************************************************************

Beginning threat actions
Start time:‎06‎-‎15‎-‎2012 21:23:16
Threat Name:Trojan:Win64/Sirefef.Y
Threat ID:2147655285
Action:remove
File to act on SHA1:F9509DA95286D5BC9DC8E393868D3A2B80A03F93
!ERROR
Resource action complete:Removal
Schema:file
Path:\\?\D:\Windows\system32\services.exe->731
Threat ID:2147655285
Resource refcount:1
Result:1260
!ERROR
Finished threat ID:2147655285
Threat result:1260
Threat status flags:1
Finished threat actions
End time:‎06‎-‎15‎-‎2012 21:23:16
Result:0
2012-06-16T05:23:16.873Z Task(SpyNetService -RestrictPrivileges -AccessKey 6D539E56-3755-E8E4-575E-5AB8EAB1BB84) launched
--------------------------------------------------------------------------------
2012-06-16T05:31:54.948Z Trace session started - MpWppTracing-06152012-213154-00000003-ffffffff.bin
2012-06-16T05:31:54.948Z Service is asked to be reenabled.
2012-06-16T05:31:54.948Z Task(-EnableService) launched**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 0
Number of invalid entries is 0
Number of Inserts issued is 0
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 0
Number of misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 311296
Journal ID = 0
Trusted image state = 0 USN = 0

2012-06-16T05:31:54.979Z Loading engine...
2012-06-16T05:31:54.979Z loaded!
2012-06-16T05:31:54.979Z NisUpdate from SignatureDropLocation returns S_OK
2012-06-16T05:31:54.979Z NisUpdate from SignatureDefaultLocation returns S_OK
2012-06-16T05:31:54.979Z Cache Disabled: 0
2012-06-16T05:31:54.979Z Verifying license file...
2012-06-16T05:31:54.995Z verified!
2012-06-16T05:31:54.995Z Product supports installmode: 0
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2012-06-16T05:32:05.041Z Verifying engine and signature files (source: 0) ...
2012-06-16T05:32:05.353Z verified!
2012-06-16T05:32:10.782Z Initializing SQM in engine...
2012-06-16T05:32:10.782Z SQM initialized in the engine successfully
Signature updated on ‎06‎-‎15‎-‎2012 21:32:10
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 1.1.8403.0
AS Signature Version: 1.127.2110.0
AV Signature Version: 1.127.2110.0
************************************************************
2012-06-16T08:17:40.043Z Task(SpyNetService -RestrictPrivileges -AccessKey 46F38A1C-1ABE-43D3-7CAC-8455A966EAA1) launched
2012-06-16T08:18:08.857Z DETECTIONEVENT Trojan:Win64/Sirefef.Y containerfile:\Windows\system32\services.exe;containerfile:\Windows\winsxs\Temp\PendingDeletes\$ $DeleteMe.services.exe.01cd49b92031c702.0000;file:\Windows\system32\services.exe->731;file:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731;
2012-06-16T08:18:08.872Z DETECTION_ADD Trojan:Win64/Sirefef.Y containerfile:\Windows\system32\services.exe
2012-06-16T08:18:08.872Z DETECTION_ADD Trojan:Win64/Sirefef.Y containerfile:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000
2012-06-16T08:18:08.872Z DETECTION_ADD Trojan:Win64/Sirefef.Y file:\Windows\system32\services.exe->731
2012-06-16T08:18:08.872Z DETECTION_ADD Trojan:Win64/Sirefef.Y file:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
2012-06-16T08:18:08.872Z DETECTIONEVENT Exploit:Java/CVE-2011-3544.gen!A containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809;containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba;containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9;containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd 594-52f9bcba->dhycnvdbqlpbdahs.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57f a2f-79483df9->dhycnvdbqlpbdahs.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038 ef4-5b35e16d->dhycnvdbqlpbdahs.class;
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
2012-06-16T08:18:08.872Z DETECTIONEVENT Exploit:Java/CVE-2011-3544.E containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class;
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.E containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.E file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
2012-06-16T08:18:08.872Z DETECTIONEVENT Exploit:Java/CVE-2010-0840.NS containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c;containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889;containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class;
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
2012-06-16T08:18:08.872Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection.OU containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248;containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386;containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class;
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
2012-06-16T08:18:08.903Z DETECTIONEVENT Exploit:Java/CVE-2011-3544.L containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e;containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4;containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class;
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
2012-06-16T08:18:08.903Z DETECTIONEVENT Exploit:Java/CVE-2010-0840.NZ containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\ 46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class;
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NZ containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NZ file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NZ file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NZ file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
2012-06-16T08:18:08.903Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection.OS containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386;containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class;file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class;
2012-06-16T08:18:08.903Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OS containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
2012-06-16T08:18:08.903Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OS containerfile:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
2012-06-16T08:18:08.903Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OS file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
2012-06-16T08:18:08.903Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OS file:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Begin Full Scan
Scan ID:{5C9ACFA3-FD64-4259-9DFE-3CEF2EAEFCAF}
Scan Source:2
Start Time:‎06‎-‎15‎-‎2012 21:32:17
End Time:‎06‎-‎16‎-‎2012 00:18:08
Result Count:10
Threat Name:Trojan:Win64/Sirefef.Y
ID:2147655285
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Extended Info:40388481833002
Resource Schema:file
Resource Path:\Windows\system32\services.exe->731
Extended Info:40388481833002
Resource Schema:containerfile
Resource Path:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000
Extended Info:0
Resource Schema:containerfile
Resource Path:\Windows\system32\services.exe
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.gen!A
ID:2147654402
Severity:5
Number of Resources:8
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.E
ID:2147652149
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Extended Info:18144559980572
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:0
Unknown File
Identifier:8434420172026019838
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:\Users\Joanna\Documents\Random\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll1.cab
Extended Info:5864262463416
Unknown File
Identifier:2032954425894502398
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:5864554302986
Threat Name:Exploit:Java/CVE-2010-0840.NS
ID:2147652622
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection.OU
ID:2147649594
Severity:5
Number of Resources:9
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Extended Info:18144109131890
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Extended Info:18144109131890
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Extended Info:18143587116110
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.L
ID:2147652623
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Extended Info:18144749453986
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Extended Info:18144749453986
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Extended Info:18144749453986
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e
Extended Info:0
Threat Name:Exploit:Java/CVE-2010-0840.NZ
ID:2147653114
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Extended Info:18144863684845
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Extended Info:18145099024128
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Extended Info:18142143267630
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection.OS
ID:2147649428
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Extended Info:18145884567196
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Extended Info:18145884567196
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Extended Info:0
End Scan
************************************************************

Begin Resource Scan
Scan ID:{700460E1-70F5-410B-9774-B51A85A1FC8E}
Scan Source:7
Start Time:‎06‎-‎16‎-‎2012 00:18:08
End Time:‎06‎-‎16‎-‎2012 00:19:07
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:\Users\Joanna\Documents\Random\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll1.cab
Result Count:3
Threat Name:Exploit:Java/CVE-2011-3544.E
ID:2147652149
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Extended Info:18144559980572
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:0
Unknown File
Identifier:8434420172026019838
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:\Users\Joanna\Documents\Random\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll1.cab
Extended Info:5864262463416
Unknown File
Identifier:2032954425894502398
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:5864554302986
End Scan
************************************************************

2012-06-16T15:22:02.439Z Task(SpyNetService -RestrictPrivileges -AccessKey 6099EAB7-010C-A77D-43DF-2EF0AF5E9FE0) launched
Begin Resource Scan
Scan ID:{693F90B7-DD3B-4E0F-894E-D798F1664412}
Scan Source:6
Start Time:‎06‎-‎16‎-‎2012 07:21:50
End Time:‎06‎-‎16‎-‎2012 07:22:31
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Windows\system32\services.exe
Explicit resource to scan
Resource Schema:containerfile
Resource Path:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Explicit resource to scan
Resource Schema:file
Resource Path:\Windows\system32\services.exe->731
Explicit resource to scan
Resource Schema:file
Resource Path:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Result Count:9
Threat Name:Exploit:Java/CVE-2011-3544.gen!A
ID:2147654402
Severity:5
Number of Resources:8
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.E
ID:2147652149
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Extended Info:18144559980572
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:0
Unknown File
Identifier:2032954425894502398
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:5864554302986
Threat Name:Exploit:Java/CVE-2010-0840.NS
ID:2147652622
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.L
ID:2147652623
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Extended Info:18144749453986
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Extended Info:18144749453986
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Extended Info:18144749453986
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection.OU
ID:2147649594
Severity:5
Number of Resources:9
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Extended Info:18144109131890
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Extended Info:18144109131890
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Extended Info:18143587116110
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248
Extended Info:0
Threat Name:Exploit:Java/CVE-2010-0840.NZ
ID:2147653114
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Extended Info:18144863684845
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Extended Info:18145099024128
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Extended Info:18142143267630
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection.OS
ID:2147649428
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Extended Info:18145884567196
Resource Schema:file
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Extended Info:18145884567196
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Extended Info:0
Resource Schema:containerfile
Resource Path:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Extended Info:0
Threat Name:Trojan:Win64/Sirefef.Y
ID:2147655285
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Extended Info:40388481833002
Resource Schema:file
Resource Path:\Windows\system32\services.exe->731
Extended Info:40388481833002
Resource Schema:containerfile
Resource Path:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000
Extended Info:0
Resource Schema:containerfile
Resource Path:\Windows\system32\services.exe
Extended Info:0
End Scan
************************************************************

Beginning threat actions
Start time:‎06‎-‎16‎-‎2012 07:22:36
Threat Name:Exploit:Java/CVE-2011-3544.gen!A
Threat ID:2147654402
Action:remove
Threat Name:Exploit:Java/CVE-2011-3544.E
Threat ID:2147652149
Action:remove
Threat Name:Unknown
Threat ID:2032954425894502398
Action:unknown
Threat Name:Exploit:Java/CVE-2010-0840.NS
Threat ID:2147652622
Action:remove
Threat Name:Exploit:Java/CVE-2011-3544.L
Threat ID:2147652623
Action:remove
Threat Name:TrojanDownloader:Java/OpenConnection.OU
Threat ID:2147649594
Action:remove
Threat Name:Exploit:Java/CVE-2010-0840.NZ
Threat ID:2147653114
Action:remove
Threat Name:TrojanDownloader:Java/OpenConnection.OS
Threat ID:2147649428
Action:remove
Threat Name:Trojan:Win64/Sirefef.Y
Threat ID:2147655285
Action:remove
File to act on SHA1:F9509DA95286D5BC9DC8E393868D3A2B80A03F93
File cleaned/removed successfully
File Name:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Resource action complete:Removal
Schema:file
Path:\\?\D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Threat ID:2147655285
Resource refcount:1
Result:0
File to act on SHA1:F9509DA95286D5BC9DC8E393868D3A2B80A03F93
!ERROR
Resource action complete:Removal
Schema:file
Path:\\?\D:\Windows\system32\services.exe->731
Threat ID:2147655285
Resource refcount:1
Result:1260
File to act on SHA1:1E156D55A7840CFFBD157DB248544323A62ABDCC
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Threat ID:2147652623
Resource refcount:1
Result:0
File to act on SHA1:57C06ABCCFD997B016B5526BC91ACB12B5BD8952
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Threat ID:2147652622
Resource refcount:1
Result:0
File to act on SHA1:57C06ABCCFD997B016B5526BC91ACB12B5BD8952
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Threat ID:2147652622
Resource refcount:1
Result:0
File to act on SHA1:09FE9BADC5CCF2E21A61A60C5E1B2AD4ADFC9E80
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:314DD209521DF8D3F8220F3379AE0C6484CA915C
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Threat ID:2147649428
Resource refcount:1
Result:0
File to act on SHA1:BBABD90DE83C4639710B20410128866F1D423AF9
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA17C6F61E67A3F4DFF905789F9B48B40D1B81207D
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Threat ID:2147654402
Resource refcount:1
Result:0
File to act on SHA1:2E173E7B52C95406AFAF5804BA74AAC59468E4C5
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:5D4AA3D5B30D011B86F7EE168EEF3A6F0EC4B190
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Threat ID:2147649428
Resource refcount:1
Result:0
File to act on SHA1:83D4F763B8E6A32CD643F65A7B66DE81E8244876
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:1E156D55A7840CFFBD157DB248544323A62ABDCC
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Threat ID:2147652623
Resource refcount:1
Result:0
File to act on SHA17C6F61E67A3F4DFF905789F9B48B40D1B81207D
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Threat ID:2147654402
Resource refcount:1
Result:0
File to act on SHA1:5D1100F12C08098CD7706A63868D9911B79F56A4
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Threat ID:2147653114
Resource refcount:1
Result:0
File to act on SHA1:991DE0DA8D6FF59FC1B1ED7E55682BFD6EB91BC1
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Threat ID:2147653114
Resource refcount:1
Result:0
File to act on SHA1:3756A406E1447F91CD32E75831D8C2F8E7936EA3
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Threat ID:2147653114
Resource refcount:1
Result:0
File to act on SHA1:BAC9E81EBF4EFD6BB66C8C3424A3FF93D2A1DA7B
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:1378B55C3DD4B63D2EB6B77C70FA0D51C8032324
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:1E156D55A7840CFFBD157DB248544323A62ABDCC
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Threat ID:2147652623
Resource refcount:1
Result:0
File to act on SHA17C6F61E67A3F4DFF905789F9B48B40D1B81207D
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Threat ID:2147654402
Resource refcount:1
Result:0
File to act on SHA1:57C06ABCCFD997B016B5526BC91ACB12B5BD8952
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Threat ID:2147652622
Resource refcount:1
Result:0
File to act on SHA1:BD391319787A0CB31E9DB4B8E9E89A77532EB1AF
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Threat ID:2147652149
Resource refcount:1
Result:0
File to act on SHA17C6F61E67A3F4DFF905789F9B48B40D1B81207D
File cleaned/removed successfully
File Name:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Threat ID:2147654402
Resource refcount:1
Result:0
!ERROR
Finished threat ID:2147655285
Threat result:1260
Threat status flags:1
Finished threat ID:2147649428
Threat result:0
Threat status flags:0
Finished threat ID:2147653114
Threat result:0
Threat status flags:0
Finished threat ID:2147649594
Threat result:0
Threat status flags:0
Finished threat ID:2147652623
Threat result:0
Threat status flags:0
Finished threat ID:2147652622
Threat result:0
Threat status flags:0
Finished threat ID:2032954425894502398
Threat result:0
Threat status flags:0
Finished threat ID:2147652149
Threat result:0
Threat status flags:0
Finished threat ID:2147654402
Threat result:0
Threat status flags:0
Finished threat actions
End time:‎06‎-‎16‎-‎2012 07:22:40
Result:0
Quote:
ERRORS_ONLY=0
MAX_SIZE=5120
APPEND=1
MAX_LINE_SIZE=256
-------------------------------------------------
START 2012/06/15 21:05:23:684 TID:916 PID:792

INFO 2012/06/15 21:05:23:684 TID:916 PID:792
Binary architecture is amd64

INFO 2012/06/15 21:05:23:716 TID:916 PID:792
UtilIsFileExists(D:\Windows\SysWOW64\ntdll.dll) returned 0x00000000

INFO 2012/06/15 21:05:23:716 TID:916 PID:792
CheckProcessorArchitecture returned 0x00000000

INFO 2012/06/15 21:05:23:716 TID:916 PID:792
Setting target OS key: "D:\Windows"

INFO 2012/06/15 21:05:23:716 TID:916 PID:792
SetRecoveryEnvironmentKey returned 0x00000000

INFO 2012/06/15 21:05:23:716 TID:916 PID:792
Searching for signatures. Default signature path: ""

INFO 2012/06/15 21:05:23:716 TID:916 PID:792
Searching for signatures at root of drives...

WARNING 2012/06/15 21:05:23:716 TID:916 PID:792
Missing definitions file in 'C:\mpam-fex64.exe'

WARNING 2012/06/15 21:05:23:716 TID:916 PID:792
Missing definitions file in 'D:\mpam-fex64.exe'

WARNING 2012/06/15 21:05:23:716 TID:916 PID:792
Missing definitions file in 'E:\mpam-fex64.exe'

WARNING 2012/06/15 21:05:23:731 TID:916 PID:792
Missing definitions file in 'F:\mpam-fex64.exe'

INFO 2012/06/15 21:05:23:731 TID:916 PID:792
Found definitions file in 'G:\mpam-fex64.exe'

INFO 2012/06/15 21:05:23:731 TID:916 PID:792
Using signature path: "G:\mpam-fex64.exe"

INFO 2012/06/15 21:05:23:731 TID:916 PID:792
SearchForSignatures returned 0x00000000

INFO 2012/06/15 21:05:23:731 TID:916 PID:792
Initializing offline environment and service...

INFO 2012/06/15 21:05:39:409 TID:916 PID:792
Launching user interface...

INFO 2012/06/15 21:05:39:425 TID:916 PID:792
Launched UI, waiting...

INFO 2012/06/15 21:25:20:721 TID:916 PID:792
Wait finished (UI signaled)

INFO 2012/06/15 21:25:20:721 TID:916 PID:792
RunCallisto returned 0x00000000

INFO 2012/06/15 21:25:22:734 TID:916 PID:792
Offline scan completed with 0x00000000

FINISH 2012/06/15 21:25:22:734 TID:796 PID:792


START 2012/06/15 21:31:54:620 TID:916 PID:792

INFO 2012/06/15 21:31:54:620 TID:916 PID:792
Binary architecture is amd64

INFO 2012/06/15 21:31:54:667 TID:916 PID:792
UtilIsFileExists(D:\Windows\SysWOW64\ntdll.dll) returned 0x00000000

INFO 2012/06/15 21:31:54:667 TID:916 PID:792
CheckProcessorArchitecture returned 0x00000000

INFO 2012/06/15 21:31:54:667 TID:916 PID:792
Setting target OS key: "D:\Windows"

INFO 2012/06/15 21:31:54:667 TID:916 PID:792
SetRecoveryEnvironmentKey returned 0x00000000

INFO 2012/06/15 21:31:54:667 TID:916 PID:792
Searching for signatures. Default signature path: ""

INFO 2012/06/15 21:31:54:667 TID:916 PID:792
Searching for signatures at root of drives...

WARNING 2012/06/15 21:31:54:667 TID:916 PID:792
Missing definitions file in 'C:\mpam-fex64.exe'

WARNING 2012/06/15 21:31:54:667 TID:916 PID:792
Missing definitions file in 'D:\mpam-fex64.exe'

WARNING 2012/06/15 21:31:54:667 TID:916 PID:792
Missing definitions file in 'E:\mpam-fex64.exe'

WARNING 2012/06/15 21:31:54:683 TID:916 PID:792
Missing definitions file in 'F:\mpam-fex64.exe'

INFO 2012/06/15 21:31:54:698 TID:916 PID:792
Found definitions file in 'G:\mpam-fex64.exe'

INFO 2012/06/15 21:31:54:698 TID:916 PID:792
Using signature path: "G:\mpam-fex64.exe"

INFO 2012/06/15 21:31:54:698 TID:916 PID:792
SearchForSignatures returned 0x00000000

INFO 2012/06/15 21:31:54:698 TID:916 PID:792
Initializing offline environment and service...

INFO 2012/06/15 21:32:10:907 TID:916 PID:792
Launching user interface...

INFO 2012/06/15 21:32:10:922 TID:916 PID:792
Launched UI, waiting...
My System SpecsSystem Spec
16 Jun 2012   #20
fan1bsb97

Windows 7
 
 

I installed Windows Security Essentials and ran a quick scan. It was working fine (other than the fact that I couldn't put the Windows firewall on) but then it found that same trojan. Suddenly there was a script error or something and this pops up:

Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now.

Also, MSE pops up in the bottom corner and says security essentials detected a potential threat and suspended it. Clean PC now.

Now it just keeps restarting itself with that message after the computer turns on. Please help!!! I can't reinstall windows unless all my files are backed up!
My System SpecsSystem Spec
Reply

 Windows Security Center won't turn on (and isn't listed)




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Windows Security Center won't turn on
my Windows Security Center won't turn on. And same with firewall. I've run a bunch of programs on here and one says: Rkill 2.6.5 by Lawrence Abrams (Grinler) Bleeping Computer - Technical Support and Computer Help Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be...
System Security
virus attack: turned windows security center off. cannot turn on
am looking please for help. I went to a website looking for information on the new slide I got to play my guitar. I saw something about virus in the address. it turned off my windows security center. it will not let me turn it back on. I have downloaded and ran malwarebytes. it found 4...
System Security
Can not turn on Windows Security Center Service
Good People, Why can't i turn the windows security center service on?
System Security
Can't turn on Windows Security Center Service
I have a problem with my WSCS, when I tried to turn it on, "The windows security center services can't be started" always appearing. I've tried to enable it with "services.msc", but I can't find "security center" like in the image below. ...
System Security
cant turn windows security center service on
im using a dell pc with windows 7 64 bit. im having problems turnig windows security center on/ printing / some usb devices dont safety remove. last thing i remember doing was deleting folders from username/appdata/local. i did some troubleshooting like going to services.msc and trying...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:30.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App