Windows Security Center won't turn on (and isn't listed)

F

fan1bsb97

New member
Local time
1:48 PM
Messages
16
Hi everyone. Here is my problem - I'll include all the details I can.

I'm running Win 7 64 bit home premium on a Sony Vaio VPCEB11FM laptop.
Yesterday I did a Windows Update and when I restarted I saw the problem start.
First I was having a SmartWi configuration utility problem that popped up twice on startup. Then I saw a pop up that states: oobefcdregistration has stopped working

I installed Malware Bytes and did both that and McAfee scans which both came up with nothing. System restore wouldn't work saying there was a transient error. Suddenly McAfee stopped working. I tried reinstalling but it was giving me nothing but problems. McAfee tech support seems to have fixed the problem, but a few viruses kept popping up (one is ZeroAccess, I can't remember the other one). I was also able to do a system restore in safe mode but it seems like all checkpoints are now gone.

Upon restarting I still got those errors, along with oobesendinfo has stopped working.

I disabled the smartwi utility on startup and now that error as well as the oobesendinfo has stopped working both stopped (but the other oobefcdregistration still pops up).

Now I noticed that my Windows Security Center Service is disabled. When I click for it to turn on it says "The Windows Security Center can't be started." It's also not listed in the services.msc

I tried the system file checker which said it fixed some errors, but apparently not, since upon restart the problem is still there!
I've also checked out this thread but I'm not really sure of what everything means:
http://www.sevenforums.com/system-security/150535-windows-security-center-service-cant-started.html

Also, Sony Care's "one click care" isn't working. I click it and nothing happens.

Please help!!! Thank you so much!!!
 
Last edited:

My Computer My Computer

At a glance

Windows 7
Computer Manufacturer/Model Number
Sony Vaio
OS
Windows 7
Will you please try and run a system restore back to a date and time prior to when you installed the program that prompted McAfee to say you had a virus.
To restore the operating system to an earlier point in time, follow these steps:
1. Click Start, type system restore in the Start Search box, and then click System Restore in the Programs list. If you are prompted for an administrator password or confirmation, type your password or click Continue.
2. In the System Restore dialog box, click Choose a different restore point, and then click next.
3. In the list of restore points, click a restore point that was created before you began to experience the issue, and then click next.
4. Click Finish.
 

My Computer My Computer

At a glance

Windows 7
Computer Manufacturer/Model Number
Microsoft
OS
Windows 7
No system restore dates show up past yesterday afternoon when I did the other restore in safe mode.
 

My Computer My Computer

At a glance

Windows 7
Computer Manufacturer/Model Number
Sony Vaio
OS
Windows 7
Please help someone...
 

My Computer My Computer

At a glance

Windows 7
Computer Manufacturer/Model Number
Sony Vaio
OS
Windows 7
Please run the following commands, and post the results....

SC QC WSCSVC
SC QC WINMGMT
SC QC RPCEPTMAPPER

Here are some instructions to make life easier :)
1) To open an Elevated Command Prompt Window (the CP window), click on Start, All Programs, Accessories – then right-click on Command Prompt, and select Run as Administrator. Accept the UAC prompt.
2) To run the commands easier, highlight the block of commands, and right-click on the highlight – select Copy. In the CP Windows, click on the black/white icon at top left – select Paste. The commands will run but may not complete the last command, so hit the Enter Key once.
3) To copy the results... click on the Black/White icon in the top left, and select Edit... 'Select All', and hit the Enter key - then use Ctrl+V or r-click+Paste to paste it into your response.
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
You may need to run SFC /SCANNOW up to three times with a reboot between each.
 

My Computer My Computer

At a glance

Microsoft Windows 7 Home Premium 64-bit Servi...Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz8 GB DDR3Intel(R) HD Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
Hewlett-Packard/G62-107SA Notebook
OS
Microsoft Windows 7 Home Premium 64-bit Service Pack 1
CPU
Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Motherboard
Hewlett-Packard 1425
Memory
8 GB DDR3
Graphics Card(s)
Intel(R) HD Graphics
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Builtin
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
250 GB SATA Hard Disk Drive 7200 rpm
2TB Seagate GoFlex USB 2 Drive
1TB Iomega Prestige USB 2 Drive
1.5TB Iomega Prestige USB 2 Drive (Samsung)
2TB WD MyBook Live NAS.
Mouse
Logitech Anywhere MX
Internet Speed
152 Mbs download 10 Mbs upload
Antivirus
Norton 360
Browser
Chrome
I doubt very much that SFC will do anything to fix that Security Center problem, no matter how many times it's run. The problem is almost certainly a Registry Cleaner-induced one, and it's deleted the service entry in HKLM (which SFC won't touch)
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
Fair enough. It was just that he said he had run it and it fixed some problems.
 

My Computer My Computer

At a glance

Microsoft Windows 7 Home Premium 64-bit Servi...Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz8 GB DDR3Intel(R) HD Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
Hewlett-Packard/G62-107SA Notebook
OS
Microsoft Windows 7 Home Premium 64-bit Service Pack 1
CPU
Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Motherboard
Hewlett-Packard 1425
Memory
8 GB DDR3
Graphics Card(s)
Intel(R) HD Graphics
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Builtin
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
250 GB SATA Hard Disk Drive 7200 rpm
2TB Seagate GoFlex USB 2 Drive
1TB Iomega Prestige USB 2 Drive
1.5TB Iomega Prestige USB 2 Drive (Samsung)
2TB WD MyBook Live NAS.
Mouse
Logitech Anywhere MX
Internet Speed
152 Mbs download 10 Mbs upload
Antivirus
Norton 360
Browser
Chrome
Here's the results of that:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Joanna>SC QC WSCSVC
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


C:\Users\Joanna>SC QC WINMGMT
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: WINMGMT
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
SERVICE_START_NAME : localSystem

C:\Users\Joanna>SC QC RPCEPTMAPPER
 

My Computer My Computer

At a glance

Windows 7
Computer Manufacturer/Model Number
Sony Vaio
OS
Windows 7
ZeroAccess is a rootkit.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin64%2FSirefef.W

A clean reinstall would be the safest action.

http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

There is a removal tool offered by Symantec. You can find it here along with information about ZeroAccess.

Trojan.Zeroaccess!kmem | Symantec

Another rootkit tool to try is Kaspersky TDSSKiller:

Anti-rootkit utility TDSSKiller

I've listed some additional tools you may wish to try on this post:

http://www.sevenforums.com/system-s...-long-remove-3-types-sirefef.html#post1964698
 

My Computer My Computer

At a glance

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1,...Intel Core 2 Duo 2.93GHzNot much with my ADHDATI Radeon HD 4350
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Hell oh Well
OS
Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
CPU
Intel Core 2 Duo 2.93GHz
Memory
Not much with my ADHD
Graphics Card(s)
ATI Radeon HD 4350
Monitor(s) Displays
24" HDTV/Monitor
Screen Resolution
Blurry after a Scotch or 2
Hard Drives
1 HDD 250 GB, 1 HDD 1 TB, 3 - 1 TB Externals
Case
Don't get on my case...man :D
Cooling
I have an Air Conditioner & Diet Pepsi
Keyboard
Saitek Cyborg
Mouse
10 yr old MS optical mouse that still works
Internet Speed
Never fast enough
Antivirus
Various
Browser
Various

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
Ok I installed/merged the reg. file.

Now it says under security: "Spyware and unwanted software protection (Important)"

Windows Defender and McAfee Anti-Virus and Anti-Spyware both report that they are turned off.

There is a button to view antispyware options but when I click on it it takes me to a few options. The first one says to turn on windows defender and update definitions. When I click on that it takes me to the Windows/system32 folder. When I click on update Mcafee nothing happens.
 

My Computer My Computer

At a glance

Windows 7
Computer Manufacturer/Model Number
Sony Vaio
OS
Windows 7
You should always use McAfee's own options to turn it on and off. Chances are that it's been broken by your vairus infections and will require uninstall/reinstall (if even that works - if the virus is still active, it may prevent it).

If it's not behaving properly, then it would tend to indicate that there are more problems than just the Security Center - and you may well be looking at a reformat/reinstall as your best/safest option.
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
McAfee was just reinstalled and appears to be working properly, aside from the windows security screen saying it's not. How do I know if it is or not?
 

My Computer My Computer

At a glance

Windows 7
Computer Manufacturer/Model Number
Sony Vaio
OS
Windows 7
fan1bsb97,
First and foremost:
Run WDO. WDO will automatically run a quick scan. You will need to select full/compleete scan after the quick scan finishes.
McAfee,malwarebytes are both programs that require you to start up your Win 7 and thus do NOT remove all malware.

First, run WDO.
Immediately, thereafter UNINSTALL MuckAfee (McAfee).
Install MSE, Microsoft Security Essentials (link in my signature). This is the one and the only anti-malware you need.

After these steps, be sure to upload the LOG files mentioned in the folllowing write-up and to let us know the status.

Distinct possibility is that you will need to wipe the disk clean and perform a fresh install if the above procedures do not solve your problem. Oh yes, if you are, then cease and desist from using torrent software.
HOW TO USE WINDOWS DEFENDER OFFLINE ON A USB STICK
Windows Defender Offline
· is a free standalone, bootable malware and virus remover from Microsoft.
· performs an offline scan of an infected PC to remove viruses, rootkits and other advanced malware.

Download Windows Defender Offline (about 764 kB)

You will have the choice of downloading the 32bit version (x86) or the 64 bit version (x64).
The link will help you determine whether you are running a 32 bit version or 64 bit version of Windows

NOTE!! You can download and prepare a 32 bit version using a 64 bit version of Windows
NOTE!! You can download and prepare a 64 bit version using a 32bit version of Windows.

You run the 32 bit version on a 32 bit version of Windows.
You run the 64 bit version on a 64 bit version of Windows.

The 32 bit download file name is: mssstool32.exe
The 64 bit download file name is: mssstool64.exe

For the curious, this program was originally name Microsoft Standalone System Sweeper.


INSTALLATION:
You will need an Internet Connection.
Insert 512 mB (Microsoft’s 256 mB is no longer accurate) or larger USB stick into a usb port.
Run the downloaded program--mssstool64.exe or mssstool32.exe
NEXT button
Choose the option On a USB flash drive that is not password protected
NEXT button
NEXT button
.
The install program will format the usb stick using the NTFS format.
The install program will download about 210 mB.
The install program will name the USB stick WDO_Media32 or WDO_Media64
The WDO_Media32 usb stick will have used space of 255 mB (268,140,544 bytes)
The WDO_Media64 usb stick will have used space of 282 mB (296,165,376 bytes)
You can expect the number of mB to increase as more malware appears.

UPDATE Windows Defender Offline USB stick:
· reinsert the usb stick
· run the installation program, mssstool64.exe or mssstool32.exe, again.
· the update will download about 66 mB (mssstool32.exe) and 68 mB (mssstool64.exe).

Since the malware database is sometimes updated several times in a day, always update before running.

PERFORM AN OFFLINE SCAN
Bootup your computer from the USB stick
Windows Defender Offline will automatically perform a quick scan.
After the quick scan finishes, Choose Full Scan
Select all of your drives

The initial, full scan can easily take several hours, but
Remember, your computer is being very thoroughly checked for all types of malware.


RESULTS OF THE SCAN
The results will be in 4 log files on your computer's disk in:
\Windows\Microsoft Antimalware\Support
Upload the four log files please.
 

My Computer My Computer

At a glance

MS Windows 7 Ultimate SP1 64-bitAMD A10-4600M6.00 GB Dual-Channel DDR3 @ 798MHz (11-11-12-28)AMD Radeon HD 7660G
Computer Manufacturer/Model Number
Toshiba Satellite S875D-S7239 laptop
OS
MS Windows 7 Ultimate SP1 64-bit
CPU
AMD A10-4600M
Motherboard
AMD Pumori (Socket FT1)
Memory
6.00 GB Dual-Channel DDR3 @ 798MHz (11-11-12-28)
Graphics Card(s)
AMD Radeon HD 7660G
Sound Card
High Definition Audio Device
Monitor(s) Displays
Generic PnP Monitor (1600x900@60Hz)
Screen Resolution
1600x900@60Hz
Hard Drives
SSD 119GB Corsair CSSD-V128GB2 ATA Device
Keyboard
Standard PS/2 Keyboard
Mouse
HP Wireless Optical Mobile Mouse Model FHA-3410
Internet Speed
What the local pub, local coffee shop offers.
Other Info
Optical Drive:MATSHITA BD-CMB UJ160B ATA Device


Also have an Asus ha1002xp netbook with Win 7 Ultimate installed.
Thanks I'm starting this progress- quick question - how do I boot up from the usb stick?
 

My Computer My Computer

At a glance

Windows 7
Computer Manufacturer/Model Number
Sony Vaio
OS
Windows 7
You consult the documentation for your computer which will tell you how to boot to USB.

Incidentally, you can help us to help you by fully and completely filling in your system specs:

Update your SevenForums System Specs
User CP (located on the top menu bar) |
Your Profile | Edit System Spec (left-hand column)

To gather info, use Speccy (my favorite) or SIW or System Info

ADD the word laptop or desktop or netbook to the
“system manufacturer” block, for example,
Toshiba Satellite L305D notebook.

Provide full windows version info, for example:
MS Windows 7 Ultimate SP1 64-bit

Use the “Other Info” block for Optical Reader,
Mouse, touchpad, wifi adapter, speakers, monitor, etc

Scroll down and click on SAVE CHANGES.
======================================================
 

My Computer My Computer

At a glance

MS Windows 7 Ultimate SP1 64-bitAMD A10-4600M6.00 GB Dual-Channel DDR3 @ 798MHz (11-11-12-28)AMD Radeon HD 7660G
Computer Manufacturer/Model Number
Toshiba Satellite S875D-S7239 laptop
OS
MS Windows 7 Ultimate SP1 64-bit
CPU
AMD A10-4600M
Motherboard
AMD Pumori (Socket FT1)
Memory
6.00 GB Dual-Channel DDR3 @ 798MHz (11-11-12-28)
Graphics Card(s)
AMD Radeon HD 7660G
Sound Card
High Definition Audio Device
Monitor(s) Displays
Generic PnP Monitor (1600x900@60Hz)
Screen Resolution
1600x900@60Hz
Hard Drives
SSD 119GB Corsair CSSD-V128GB2 ATA Device
Keyboard
Standard PS/2 Keyboard
Mouse
HP Wireless Optical Mobile Mouse Model FHA-3410
Internet Speed
What the local pub, local coffee shop offers.
Other Info
Optical Drive:MATSHITA BD-CMB UJ160B ATA Device


Also have an Asus ha1002xp netbook with Win 7 Ultimate installed.
Thanks for all your help. I will fill that out soon.

It went right into the quick scan. How do I start the full scan? Can I choose it after this one is over? It looks like it's almost done, but it seems to have froze (the time isn't elapsing anymore and the items scaned has stopped)...it says that the prelimiary scan results show tha tmalicious or potentially unwanted software miight exixt on your system. What should I do? Oh wait it started again lol. But how do I do the full scan?

Edit: The quick scan detected the trojan win64/sirefef.Y. I just removed it.

I guess I'll try to restart normally now? *nervous*

Oh I'm sorry I didn't see that I need to do the full scan next. I will do that now.
 

My Computer My Computer

At a glance

Windows 7
Computer Manufacturer/Model Number
Sony Vaio
OS
Windows 7
Here's the results. I don't know how to disable smilies.

**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 0
Number of invalid entries is 0
Number of Inserts issued is 0
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 0
Number of misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 311296
Journal ID = 0
Trusted image state = 0 USN = 0
Click to expand...
2012-06-16T05:05:23.996Z Version: Product 4.0.1538.0 Service 4.0.1538.0 Engine 0.0.0.0 AS 0.0.0.0 AV 0.0.0.0
2012-06-16T05:05:39.409Z Version: Product 4.0.1538.0 Service 4.0.1538.0 Engine 1.1.8403.0 AS 1.127.2110.0 AV 1.127.2110.0
2012-06-16T05:20:20.842Z DETECTION Trojan:Win64/Sirefef.Y file:D:\Windows\system32\services.exe->731
Click to expand...
--------------------------------------------------------------------------------
2012-06-16T05:05:23.903Z Trace session started - MpWppTracing-06152012-210523-00000003-ffffffff.bin
2012-06-16T05:05:23.903Z Service is asked to be reenabled.
2012-06-16T05:05:23.918Z Task(-EnableService) launched**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 0
Number of invalid entries is 0
Number of Inserts issued is 0
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 0
Number of misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 311296
Journal ID = 0
Trusted image state = 0 USN = 0

2012-06-16T05:05:23.965Z Loading engine...
2012-06-16T05:05:23.965Z loaded!
2012-06-16T05:05:23.981Z NisUpdate from SignatureDropLocation returns S_OK
2012-06-16T05:05:23.981Z NisUpdate from SignatureDefaultLocation returns S_OK
2012-06-16T05:05:23.981Z Cache Disabled: 0
2012-06-16T05:05:23.981Z Verifying license file...
2012-06-16T05:05:23.996Z verified!
2012-06-16T05:05:23.996Z Product supports installmode: 0
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2012-06-16T05:05:33.746Z Verifying engine and signature files (source: 0) ...
2012-06-16T05:05:34.043Z verified!
2012-06-16T05:05:39.316Z Initializing SQM in engine...
2012-06-16T05:05:39.316Z SQM initialized in the engine successfully
Signature updated on ‎06‎-‎15‎-‎2012 21:05:39
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 1.1.8403.0
AS Signature Version: 1.127.2110.0
AV Signature Version: 1.127.2110.0
************************************************************
2012-06-16T05:19:51.888Z Task(SpyNetService -RestrictPrivileges -AccessKey B41301BE-9C78-0CC8-8904-5FCCD6E7B8D2) launched
2012-06-16T05:20:20.842Z DETECTIONEVENT Trojan:Win64/Sirefef.Y containerfile:D:\Windows\system32\services.exe;file:D:\Windows\system32\services.exe->731;
2012-06-16T05:20:20.842Z DETECTION_ADD Trojan:Win64/Sirefef.Y containerfile:D:\Windows\system32\services.exe
2012-06-16T05:20:20.842Z DETECTION_ADD Trojan:Win64/Sirefef.Y file:D:\Windows\system32\services.exe->731
Begin Quick Scan
Scan ID:{799EB158-AE43-4701-B791-4361C86C2655}
Scan Source:2
Start Time:‎06‎-‎15‎-‎2012 21:05:39
End Time:‎06‎-‎15‎-‎2012 21:20:20
Result Count:1
Threat Name:Trojan:Win64/Sirefef.Y
ID:2147655285
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:D:\Windows\system32\services.exe->731
Extended Info:40388481833002
Resource Schema:containerfile
Resource Path:D:\Windows\system32\services.exe
Extended Info:0
End Scan
************************************************************

Begin Resource Scan
Scan ID:{117B0B44-AFF6-4BB3-B870-4EE1EB45AA9B}
Scan Source:6
Start Time:‎06‎-‎15‎-‎2012 21:23:07
End Time:‎06‎-‎15‎-‎2012 21:23:15
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Windows\system32\services.exe
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Windows\system32\services.exe->731
Result Count:1
Threat Name:Trojan:Win64/Sirefef.Y
ID:2147655285
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:D:\Windows\system32\services.exe->731
Extended Info:40388481833002
Resource Schema:containerfile
Resource Path:D:\Windows\system32\services.exe
Extended Info:0
End Scan
************************************************************

Beginning threat actions
Start time:‎06‎-‎15‎-‎2012 21:23:16
Threat Name:Trojan:Win64/Sirefef.Y
Threat ID:2147655285
Action:remove
File to act on SHA1:F9509DA95286D5BC9DC8E393868D3A2B80A03F93
!ERROR
Resource action complete:Removal
Schema:file
Path:\\?\D:\Windows\system32\services.exe->731
Threat ID:2147655285
Resource refcount:1
Result:1260
!ERROR
Finished threat ID:2147655285
Threat result:1260
Threat status flags:1
Finished threat actions
End time:‎06‎-‎15‎-‎2012 21:23:16
Result:0
2012-06-16T05:23:16.873Z Task(SpyNetService -RestrictPrivileges -AccessKey 6D539E56-3755-E8E4-575E-5AB8EAB1BB84) launched
--------------------------------------------------------------------------------
2012-06-16T05:31:54.948Z Trace session started - MpWppTracing-06152012-213154-00000003-ffffffff.bin
2012-06-16T05:31:54.948Z Service is asked to be reenabled.
2012-06-16T05:31:54.948Z Task(-EnableService) launched**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 0
Number of invalid entries is 0
Number of Inserts issued is 0
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 0
Number of misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 311296
Journal ID = 0
Trusted image state = 0 USN = 0

2012-06-16T05:31:54.979Z Loading engine...
2012-06-16T05:31:54.979Z loaded!
2012-06-16T05:31:54.979Z NisUpdate from SignatureDropLocation returns S_OK
2012-06-16T05:31:54.979Z NisUpdate from SignatureDefaultLocation returns S_OK
2012-06-16T05:31:54.979Z Cache Disabled: 0
2012-06-16T05:31:54.979Z Verifying license file...
2012-06-16T05:31:54.995Z verified!
2012-06-16T05:31:54.995Z Product supports installmode: 0
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2012-06-16T05:32:05.041Z Verifying engine and signature files (source: 0) ...
2012-06-16T05:32:05.353Z verified!
2012-06-16T05:32:10.782Z Initializing SQM in engine...
2012-06-16T05:32:10.782Z SQM initialized in the engine successfully
Signature updated on ‎06‎-‎15‎-‎2012 21:32:10
Product Version: 4.0.1538.0
Service Version: 4.0.1538.0
Engine Version: 1.1.8403.0
AS Signature Version: 1.127.2110.0
AV Signature Version: 1.127.2110.0
************************************************************
2012-06-16T08:17:40.043Z Task(SpyNetService -RestrictPrivileges -AccessKey 46F38A1C-1ABE-43D3-7CAC-8455A966EAA1) launched
2012-06-16T08:18:08.857Z DETECTIONEVENT Trojan:Win64/Sirefef.Y containerfile:D:\Windows\system32\services.exe;containerfile:D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000;file:D:\Windows\system32\services.exe->731;file:D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731;
2012-06-16T08:18:08.872Z DETECTION_ADD Trojan:Win64/Sirefef.Y containerfile:D:\Windows\system32\services.exe
2012-06-16T08:18:08.872Z DETECTION_ADD Trojan:Win64/Sirefef.Y containerfile:D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000
2012-06-16T08:18:08.872Z DETECTION_ADD Trojan:Win64/Sirefef.Y file:D:\Windows\system32\services.exe->731
2012-06-16T08:18:08.872Z DETECTION_ADD Trojan:Win64/Sirefef.Y file:D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
2012-06-16T08:18:08.872Z DETECTIONEVENT Exploit:Java/CVE-2011-3544.gen!A containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809;containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba;containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9;containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class;
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.gen!A file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
2012-06-16T08:18:08.872Z DETECTIONEVENT Exploit:Java/CVE-2011-3544.E containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class;
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.E containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2011-3544.E file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
2012-06-16T08:18:08.872Z DETECTIONEVENT Exploit:Java/CVE-2010-0840.NS containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c;containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889;containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class;
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
2012-06-16T08:18:08.872Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NS file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
2012-06-16T08:18:08.872Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection.OU containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248;containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386;containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class;
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
2012-06-16T08:18:08.872Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OU file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
2012-06-16T08:18:08.903Z DETECTIONEVENT Exploit:Java/CVE-2011-3544.L containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e;containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4;containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class;
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2011-3544.L file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
2012-06-16T08:18:08.903Z DETECTIONEVENT Exploit:Java/CVE-2010-0840.NZ containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class;
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NZ containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NZ file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NZ file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
2012-06-16T08:18:08.903Z DETECTION_ADD Exploit:Java/CVE-2010-0840.NZ file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
2012-06-16T08:18:08.903Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection.OS containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386;containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class;file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class;
2012-06-16T08:18:08.903Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OS containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
2012-06-16T08:18:08.903Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OS containerfile:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
2012-06-16T08:18:08.903Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OS file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
2012-06-16T08:18:08.903Z DETECTION_ADD TrojanDownloader:Java/OpenConnection.OS file:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Begin Full Scan
Scan ID:{5C9ACFA3-FD64-4259-9DFE-3CEF2EAEFCAF}
Scan Source:2
Start Time:‎06‎-‎15‎-‎2012 21:32:17
End Time:‎06‎-‎16‎-‎2012 00:18:08
Result Count:10
Threat Name:Trojan:Win64/Sirefef.Y
ID:2147655285
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Extended Info:40388481833002
Resource Schema:file
Resource Path:D:\Windows\system32\services.exe->731
Extended Info:40388481833002
Resource Schema:containerfile
Resource Path:D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Windows\system32\services.exe
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.gen!A
ID:2147654402
Severity:5
Number of Resources:8
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.E
ID:2147652149
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Extended Info:18144559980572
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:0
Unknown File
Identifier:8434420172026019838
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\Users\Joanna\Documents\Random\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll1.cab
Extended Info:5864262463416
Unknown File
Identifier:2032954425894502398
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:5864554302986
Threat Name:Exploit:Java/CVE-2010-0840.NS
ID:2147652622
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection.OU
ID:2147649594
Severity:5
Number of Resources:9
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Extended Info:18144109131890
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Extended Info:18144109131890
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Extended Info:18143587116110
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.L
ID:2147652623
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Extended Info:18144749453986
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Extended Info:18144749453986
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Extended Info:18144749453986
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e
Extended Info:0
Threat Name:Exploit:Java/CVE-2010-0840.NZ
ID:2147653114
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Extended Info:18144863684845
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Extended Info:18145099024128
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Extended Info:18142143267630
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection.OS
ID:2147649428
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Extended Info:18145884567196
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Extended Info:18145884567196
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Extended Info:0
End Scan
************************************************************

Begin Resource Scan
Scan ID:{700460E1-70F5-410B-9774-B51A85A1FC8E}
Scan Source:7
Start Time:‎06‎-‎16‎-‎2012 00:18:08
End Time:‎06‎-‎16‎-‎2012 00:19:07
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\Users\Joanna\Documents\Random\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll1.cab
Result Count:3
Threat Name:Exploit:Java/CVE-2011-3544.E
ID:2147652149
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Extended Info:18144559980572
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:0
Unknown File
Identifier:8434420172026019838
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\Users\Joanna\Documents\Random\Downloaded Installations\Adobe Dreamweaver CS3\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll1.cab
Extended Info:5864262463416
Unknown File
Identifier:2032954425894502398
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:5864554302986
End Scan
************************************************************

2012-06-16T15:22:02.439Z Task(SpyNetService -RestrictPrivileges -AccessKey 6099EAB7-010C-A77D-43DF-2EF0AF5E9FE0) launched
Begin Resource Scan
Scan ID:{693F90B7-DD3B-4E0F-894E-D798F1664412}
Scan Source:6
Start Time:‎06‎-‎16‎-‎2012 07:21:50
End Time:‎06‎-‎16‎-‎2012 07:22:31
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Windows\system32\services.exe
Explicit resource to scan
Resource Schema:containerfile
Resource Path:D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Windows\system32\services.exe->731
Explicit resource to scan
Resource Schema:file
Resource Path:D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Result Count:9
Threat Name:Exploit:Java/CVE-2011-3544.gen!A
ID:2147654402
Severity:5
Number of Resources:8
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Extended Info:398847067998336
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.E
ID:2147652149
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Extended Info:18144559980572
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:0
Unknown File
Identifier:2032954425894502398
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550
Extended Info:5864554302986
Threat Name:Exploit:Java/CVE-2010-0840.NS
ID:2147652622
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Extended Info:18142952055238
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544.L
ID:2147652623
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Extended Info:18144749453986
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Extended Info:18144749453986
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Extended Info:18144749453986
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection.OU
ID:2147649594
Severity:5
Number of Resources:9
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Extended Info:18144109131890
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Extended Info:18144109131890
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Extended Info:18145772123681
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Extended Info:18143587116110
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248
Extended Info:0
Threat Name:Exploit:Java/CVE-2010-0840.NZ
ID:2147653114
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Extended Info:18144863684845
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Extended Info:18145099024128
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Extended Info:18142143267630
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection.OS
ID:2147649428
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Extended Info:18145884567196
Resource Schema:file
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Extended Info:18145884567196
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386
Extended Info:0
Threat Name:Trojan:Win64/Sirefef.Y
ID:2147655285
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Extended Info:40388481833002
Resource Schema:file
Resource Path:D:\Windows\system32\services.exe->731
Extended Info:40388481833002
Resource Schema:containerfile
Resource Path:D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000
Extended Info:0
Resource Schema:containerfile
Resource Path:D:\Windows\system32\services.exe
Extended Info:0
End Scan
************************************************************

Beginning threat actions
Start time:‎06‎-‎16‎-‎2012 07:22:36
Threat Name:Exploit:Java/CVE-2011-3544.gen!A
Threat ID:2147654402
Action:remove
Threat Name:Exploit:Java/CVE-2011-3544.E
Threat ID:2147652149
Action:remove
Threat Name:Unknown
Threat ID:2032954425894502398
Action:unknown
Threat Name:Exploit:Java/CVE-2010-0840.NS
Threat ID:2147652622
Action:remove
Threat Name:Exploit:Java/CVE-2011-3544.L
Threat ID:2147652623
Action:remove
Threat Name:TrojanDownloader:Java/OpenConnection.OU
Threat ID:2147649594
Action:remove
Threat Name:Exploit:Java/CVE-2010-0840.NZ
Threat ID:2147653114
Action:remove
Threat Name:TrojanDownloader:Java/OpenConnection.OS
Threat ID:2147649428
Action:remove
Threat Name:Trojan:Win64/Sirefef.Y
Threat ID:2147655285
Action:remove
File to act on SHA1:F9509DA95286D5BC9DC8E393868D3A2B80A03F93
File cleaned/removed successfully
File Name:D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Resource action complete:Removal
Schema:file
Path:\\?\D:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd49b92031c702.0000->731
Threat ID:2147655285
Resource refcount:1
Result:0
File to act on SHA1:F9509DA95286D5BC9DC8E393868D3A2B80A03F93
!ERROR
Resource action complete:Removal
Schema:file
Path:\\?\D:\Windows\system32\services.exe->731
Threat ID:2147655285
Resource refcount:1
Result:1260
File to act on SHA1:1E156D55A7840CFFBD157DB248544323A62ABDCC
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6b3b7a86-42784762->ropan.class
Threat ID:2147652623
Resource refcount:1
Result:0
File to act on SHA1:57C06ABCCFD997B016B5526BC91ACB12B5BD8952
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\511051c6-1ecdf8db->xmltree/opkat.class
Threat ID:2147652622
Resource refcount:1
Result:0
File to act on SHA1:57C06ABCCFD997B016B5526BC91ACB12B5BD8952
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-63915889->xmltree/opkat.class
Threat ID:2147652622
Resource refcount:1
Result:0
File to act on SHA1:09FE9BADC5CCF2E21A61A60C5E1B2AD4ADFC9E80
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/Zo666.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:314DD209521DF8D3F8220F3379AE0C6484CA915C
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$zordo.class
Threat ID:2147649428
Resource refcount:1
Result:0
File to act on SHA1:BBABD90DE83C4639710B20410128866F1D423AF9
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5f596b05-7ac375a7->datas/wall$1.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:D7C6F61E67A3F4DFF905789F9B48B40D1B81207D
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\15038ef4-5b35e16d->dhycnvdbqlpbdahs.class
Threat ID:2147654402
Resource refcount:1
Result:0
File to act on SHA1:2E173E7B52C95406AFAF5804BA74AAC59468E4C5
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/Zo666.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:5D4AA3D5B30D011B86F7EE168EEF3A6F0EC4B190
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$zordo.class
Threat ID:2147649428
Resource refcount:1
Result:0
File to act on SHA1:83D4F763B8E6A32CD643F65A7B66DE81E8244876
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\665a2cf2-75299386->datas/wall$1.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:1E156D55A7840CFFBD157DB248544323A62ABDCC
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-2ea7a1a4->ropan.class
Threat ID:2147652623
Resource refcount:1
Result:0
File to act on SHA1:D7C6F61E67A3F4DFF905789F9B48B40D1B81207D
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-79483df9->dhycnvdbqlpbdahs.class
Threat ID:2147654402
Resource refcount:1
Result:0
File to act on SHA1:5D1100F12C08098CD7706A63868D9911B79F56A4
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/wmajpugu.class
Threat ID:2147653114
Resource refcount:1
Result:0
File to act on SHA1:991DE0DA8D6FF59FC1B1ED7E55682BFD6EB91BC1
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/ufcqnd.class
Threat ID:2147653114
Resource refcount:1
Result:0
File to act on SHA1:3756A406E1447F91CD32E75831D8C2F8E7936EA3
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4c2baf2e-7389bacb->enlpmsdg/kdtqmpqkhefsqggnmjpjcalhg.class
Threat ID:2147653114
Resource refcount:1
Result:0
File to act on SHA1:BAC9E81EBF4EFD6BB66C8C3424A3FF93D2A1DA7B
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Zo666.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:1378B55C3DD4B63D2EB6B77C70FA0D51C8032324
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\d5e5f9c-6bb31248->datas/Glocker.class
Threat ID:2147649594
Resource refcount:1
Result:0
File to act on SHA1:1E156D55A7840CFFBD157DB248544323A62ABDCC
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5d6255db-5d77638e->ropan.class
Threat ID:2147652623
Resource refcount:1
Result:0
File to act on SHA1:D7C6F61E67A3F4DFF905789F9B48B40D1B81207D
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\6f8bd594-52f9bcba->dhycnvdbqlpbdahs.class
Threat ID:2147654402
Resource refcount:1
Result:0
File to act on SHA1:57C06ABCCFD997B016B5526BC91ACB12B5BD8952
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a6b54d1-2591ee3c->xmltree/opkat.class
Threat ID:2147652622
Resource refcount:1
Result:0
File to act on SHA1:BD391319787A0CB31E9DB4B8E9E89A77532EB1AF
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473a8751-24156550->Final.class
Threat ID:2147652149
Resource refcount:1
Result:0
File to act on SHA1:D7C6F61E67A3F4DFF905789F9B48B40D1B81207D
File cleaned/removed successfully
File Name:D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Resource action complete:Removal
Schema:file
Path:\\?\D:\Users\Joanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15505bcf-390ab809->dhycnvdbqlpbdahs.class
Threat ID:2147654402
Resource refcount:1
Result:0
!ERROR
Finished threat ID:2147655285
Threat result:1260
Threat status flags:1
Finished threat ID:2147649428
Threat result:0
Threat status flags:0
Finished threat ID:2147653114
Threat result:0
Threat status flags:0
Finished threat ID:2147649594
Threat result:0
Threat status flags:0
Finished threat ID:2147652623
Threat result:0
Threat status flags:0
Finished threat ID:2147652622
Threat result:0
Threat status flags:0
Finished threat ID:2032954425894502398
Threat result:0
Threat status flags:0
Finished threat ID:2147652149
Threat result:0
Threat status flags:0
Finished threat ID:2147654402
Threat result:0
Threat status flags:0
Finished threat actions
End time:‎06‎-‎16‎-‎2012 07:22:40
Result:0
Click to expand...
ERRORS_ONLY=0
MAX_SIZE=5120
APPEND=1
MAX_LINE_SIZE=256
-------------------------------------------------
START 2012/06/15 21:05:23:684 TID:916 PID:792

INFO 2012/06/15 21:05:23:684 TID:916 PID:792
Binary architecture is amd64

INFO 2012/06/15 21:05:23:716 TID:916 PID:792
UtilIsFileExists(D:\Windows\SysWOW64\ntdll.dll) returned 0x00000000

INFO 2012/06/15 21:05:23:716 TID:916 PID:792
CheckProcessorArchitecture returned 0x00000000

INFO 2012/06/15 21:05:23:716 TID:916 PID:792
Setting target OS key: "D:\Windows"

INFO 2012/06/15 21:05:23:716 TID:916 PID:792
SetRecoveryEnvironmentKey returned 0x00000000

INFO 2012/06/15 21:05:23:716 TID:916 PID:792
Searching for signatures. Default signature path: ""

INFO 2012/06/15 21:05:23:716 TID:916 PID:792
Searching for signatures at root of drives...

WARNING 2012/06/15 21:05:23:716 TID:916 PID:792
Missing definitions file in 'C:\mpam-fex64.exe'

WARNING 2012/06/15 21:05:23:716 TID:916 PID:792
Missing definitions file in 'D:\mpam-fex64.exe'

WARNING 2012/06/15 21:05:23:716 TID:916 PID:792
Missing definitions file in 'E:\mpam-fex64.exe'

WARNING 2012/06/15 21:05:23:731 TID:916 PID:792
Missing definitions file in 'F:\mpam-fex64.exe'

INFO 2012/06/15 21:05:23:731 TID:916 PID:792
Found definitions file in 'G:\mpam-fex64.exe'

INFO 2012/06/15 21:05:23:731 TID:916 PID:792
Using signature path: "G:\mpam-fex64.exe"

INFO 2012/06/15 21:05:23:731 TID:916 PID:792
SearchForSignatures returned 0x00000000

INFO 2012/06/15 21:05:23:731 TID:916 PID:792
Initializing offline environment and service...

INFO 2012/06/15 21:05:39:409 TID:916 PID:792
Launching user interface...

INFO 2012/06/15 21:05:39:425 TID:916 PID:792
Launched UI, waiting...

INFO 2012/06/15 21:25:20:721 TID:916 PID:792
Wait finished (UI signaled)

INFO 2012/06/15 21:25:20:721 TID:916 PID:792
RunCallisto returned 0x00000000

INFO 2012/06/15 21:25:22:734 TID:916 PID:792
Offline scan completed with 0x00000000

FINISH 2012/06/15 21:25:22:734 TID:796 PID:792


START 2012/06/15 21:31:54:620 TID:916 PID:792

INFO 2012/06/15 21:31:54:620 TID:916 PID:792
Binary architecture is amd64

INFO 2012/06/15 21:31:54:667 TID:916 PID:792
UtilIsFileExists(D:\Windows\SysWOW64\ntdll.dll) returned 0x00000000

INFO 2012/06/15 21:31:54:667 TID:916 PID:792
CheckProcessorArchitecture returned 0x00000000

INFO 2012/06/15 21:31:54:667 TID:916 PID:792
Setting target OS key: "D:\Windows"

INFO 2012/06/15 21:31:54:667 TID:916 PID:792
SetRecoveryEnvironmentKey returned 0x00000000

INFO 2012/06/15 21:31:54:667 TID:916 PID:792
Searching for signatures. Default signature path: ""

INFO 2012/06/15 21:31:54:667 TID:916 PID:792
Searching for signatures at root of drives...

WARNING 2012/06/15 21:31:54:667 TID:916 PID:792
Missing definitions file in 'C:\mpam-fex64.exe'

WARNING 2012/06/15 21:31:54:667 TID:916 PID:792
Missing definitions file in 'D:\mpam-fex64.exe'

WARNING 2012/06/15 21:31:54:667 TID:916 PID:792
Missing definitions file in 'E:\mpam-fex64.exe'

WARNING 2012/06/15 21:31:54:683 TID:916 PID:792
Missing definitions file in 'F:\mpam-fex64.exe'

INFO 2012/06/15 21:31:54:698 TID:916 PID:792
Found definitions file in 'G:\mpam-fex64.exe'

INFO 2012/06/15 21:31:54:698 TID:916 PID:792
Using signature path: "G:\mpam-fex64.exe"

INFO 2012/06/15 21:31:54:698 TID:916 PID:792
SearchForSignatures returned 0x00000000

INFO 2012/06/15 21:31:54:698 TID:916 PID:792
Initializing offline environment and service...

INFO 2012/06/15 21:32:10:907 TID:916 PID:792
Launching user interface...

INFO 2012/06/15 21:32:10:922 TID:916 PID:792
Launched UI, waiting...
Click to expand...
 

My Computer My Computer

At a glance

Windows 7
Computer Manufacturer/Model Number
Sony Vaio
OS
Windows 7
I installed Windows Security Essentials and ran a quick scan. It was working fine (other than the fact that I couldn't put the Windows firewall on) but then it found that same trojan. Suddenly there was a script error or something and this pops up:

Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now.

Also, MSE pops up in the bottom corner and says security essentials detected a potential threat and suspended it. Clean PC now.

Now it just keeps restarting itself with that message after the computer turns on. Please help!!! I can't reinstall windows unless all my files are backed up!
 

My Computer My Computer

At a glance

Windows 7
Computer Manufacturer/Model Number
Sony Vaio
OS
Windows 7
You must log in or register to reply here.

Similar threads

Solved Received BSOD on 04/19/26 after istalling manual windows update
Replies
9
Views
5K
torchwood
torchwood
windows 7 ult 64bit problem loading avast and word 2007
Replies
4
Views
1K
2009joseph
2
Old Sony Vaio with Windows 7 64 bit and Recovery Partition
Replies
9
Views
3K
SIW2
SIW2
Turn off 'Windows Fax and Scan'
Replies
2
Views
6K
GRoston
GRoston
Is my Hard Drive Dead? Virus or Hardware Failure? Data Recoverable?
Replies
5
Views
4K
GoWest
G
Back
Top