Laina emmanuel
Posts: 41 +0
Dear all,
Thank you for running this great forum! The 5-step procedure helped stem a panic attack about my computer.
I have followed the 5 steps and below here are the logs. I would appreciate any help (This is my office computer, and I would be able to access it only in the morning tomorrow. I hope that's not a problem)
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.23.01
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Doc Lib :: MANDAKANI-305 [administrator]
4/23/2012 3:45:24 PM
mbam-log-2012-04-23 (15-45-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259214
Time elapsed: 13 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\WINDOWS\system32\drivers\usmvjs.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-23 17:01:01
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e ST3320813AS rev.HP21
Running: dt0pp4s0.exe; Driver: C:\DOCUME~1\DOCLIB~1\LOCALS~1\Temp\kfryiuob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA7FFAB24] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA7FFAB46] <-- ROOTKIT !!!
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A5100B8
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] usmvjs <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Doc Lib at 16:59:10 on 2012-04-23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.969 [GMT 5.5:30]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Doc Lib\Application Data\Dropbox\bin\Dropbox.exe
svchost.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.socio.fusionace.com
uWindow Title = Fusion|Ace Enterprises - Internet Explorer
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.4\iobitToolbarIE.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\wscript.exe c:\windows\system32\AntiVirus.vbs,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.4\iobitToolbarIE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\prxtbMin1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\prxtbMin1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.4\iobitToolbarIE.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\doc lib\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\doclib~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\doc lib\application data\dropbox\bin\Dropbox.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\scieplgn.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{C8F6F484-DE91-43E5-AABD-CE1EE1D0A8A6} : NameServer = 202.56.230.5,202.56.230.6,202.56.215.54
TCP: Interfaces\{CE0F0E23-3C87-4AE8-9044-E822C9B8E194} : NameServer = 202.56.230.5,202.56.230.6
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\doc lib\application data\mozilla\firefox\profiles\a9cjtpjn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\doc lib\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-11-12 126480]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-1-25 231512]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 MpKsl69f8ca39;MpKsl69f8ca39;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f10b813d-c784-4332-ab2e-afcd7087fce4}\MpKsl69f8ca39.sys [2012-4-23 29904]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-12 784792]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-10-27 54760]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\hwdeviceservice.exe -/service --> c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe -/service [?]
R2 klnagent;Kaspersky Lab Network Agent;c:\program files\kaspersky lab\networkagent 8\klnagent.exe [2010-10-20 141688]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-6-18 72576]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
RUnknown MpKslabb16ceb;MpKslabb16ceb; [x]
S2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe [2010-3-12 311680]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-18 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-23 253088]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-4-29 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-18 135664]
.
=============== Created Last 30 ================
.
2012-04-23 11:26:5929904----a-w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f10b813d-c784-4332-ab2e-afcd7087fce4}\MpKsl69f8ca39.sys
2012-04-23 10:52:4429904----a-w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f10b813d-c784-4332-ab2e-afcd7087fce4}\MpKslabb16ceb.sys
2012-04-23 10:47:48--------d-----w-c:\documents and settings\doc lib\local settings\application data\Zotero
2012-04-23 10:47:48--------d-----w-c:\documents and settings\doc lib\application data\Zotero
2012-04-23 10:46:32--------d-----w-c:\program files\Zotero Standalone
2012-04-23 10:37:1256200----a-w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f10b813d-c784-4332-ab2e-afcd7087fce4}\offreg.dll
2012-04-23 09:16:37--------d-----w-c:\documents and settings\doc lib\application data\Malwarebytes
2012-04-23 09:16:25--------d-----w-c:\documents and settings\all users\application data\Malwarebytes
2012-04-23 09:16:2422344----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-23 09:16:24--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-04-23 04:06:54418464----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-04-18 05:39:246582328----a-w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f10b813d-c784-4332-ab2e-afcd7087fce4}\mpengine.dll
2012-04-16 10:41:58--------d-----w-c:\documents and settings\doc lib\.freemind
2012-04-16 10:40:27--------d-----w-c:\program files\FreeMind
2012-04-14 06:23:30--------d-----w-c:\documents and settings\doc lib\application data\Search Settings
2012-04-14 06:23:23--------d-----w-c:\program files\IObit Toolbar
2012-04-14 06:23:23--------d-----w-c:\program files\common files\Spigot
2012-04-14 06:23:23--------d-----w-c:\program files\Application Updater
.
==================== Find3M ====================
.
2012-04-23 11:29:16741376----a-w-c:\windows\system32\drivers\usmvjs.sys
2012-04-23 05:05:1670304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05237072------w-c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:59:29.06 ===============
-
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2010 11:44:30 AM
System Uptime: 4/23/2012 4:44:39 PM (0 hours ago)
.
Motherboard: MSI | | Boston
Processor: Intel Pentium III Xeon processor | Socket 775 | 2666/1066mhz
Processor: Intel Pentium III Xeon processor | Socket 775 | 2666/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 7.26 GiB free.
D: is FIXED (NTFS) - 156 GiB total, 45.606 GiB free.
E: is FIXED (NTFS) - 93 GiB total, 77.407 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&1AF1648C&0&00F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&1AF1648C&0&00F0
Service: rtl8139
.
==== System Restore Points ===================
.
RP467: 4/18/2012 12:41:48 PM - Software Distribution Service 3.0
RP468: 4/19/2012 1:28:07 PM - System Checkpoint
RP469: 4/20/2012 1:41:11 PM - System Checkpoint
RP470: 4/21/2012 2:01:51 PM - System Checkpoint
RP471: 4/22/2012 3:01:52 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Asset Services CS4
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe PageMaker 6.5
Adobe PDF Library Files CS4
Adobe Setup
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Compendium 2.0 Beta 1
CustomerResearchQFolder
Dropbox
Foxit Reader 5.1
FreeMind
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954708)
HP Color LaserJet CP1210 Series
HP Customer Participation Program 10.0
HP LaserJet P2050 Series 4.0
HP Update
HPCarePackCore
HPCarePackProducts
hppFonts
hppQFolderP2050
hppusgCP1215
hppusgP2050
HPSSupply
IMAPSize 0.3.7
Inkscape 0.48.2
Intel(R) Graphics Media Accelerator Driver
IObit Toolbar v5.4
iPod movie Converter 3
iTunes
J2SE Runtime Environment 5.0 Update 13
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Kaspersky Anti-Virus 6.0 for Windows Workstations
Kaspersky Lab Network Agent
KeePass Password Safe 1.20
Malwarebytes Anti-Malware version 1.61.0.1400
Mangal to Kruti Converter
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mininova-Vuze Toolbar
Mozilla Firefox 5.0 (x86 en-US)
MrvlUsgTracking
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
Nero OEM
Paint.NET v3.5.1
PDF Settings
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2229593)
Segoe UI
Skype Click to Call
Skype™ 5.5
Sonic UDF Reader
Sony Picture Utility
Suite Shared Configuration CS4
Tata Photon+
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB914882)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB961503)
VLC media player 1.1.9
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows XP SP2 LIP update
WinRAR archiver
Xenu's Link Sleuth
Xerox Phaser 3122
XLSTAT-Pro
Yahoo! Detect
Zotero Standalone 3.0.3 (x86 en-US)
.
==== Event Viewer Messages From Past Week ========
.
4/22/2012 6:03:16 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: DownloadSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80240022Error description: The program can't check for definition updates.
4/22/2012 6:03:16 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: DownloadSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80240022Error description: The program can't check for definition updates.
4/22/2012 2:08:15 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: SearchSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80072f78Error description: The server returned an invalid or unrecognized response
4/21/2012 6:03:18 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: DownloadSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80240022Error description: The program can't check for definition updates.
4/21/2012 6:03:18 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: DownloadSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80240022Error description: The program can't check for definition updates.
4/20/2012 11:11:23 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/20/2012 11:11:23 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/20/2012 11:08:35 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: DownloadSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80240022Error description: The program can't check for definition updates.
4/20/2012 11:08:35 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: DownloadSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80240022Error description: The program can't check for definition updates.
4/19/2012 10:18:23 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:.
4/18/2012 12:41:22 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000056' while processing the file 'wmp.dll.new' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
.
==== End Of File ===========================
Thank you for running this great forum! The 5-step procedure helped stem a panic attack about my computer.
I have followed the 5 steps and below here are the logs. I would appreciate any help (This is my office computer, and I would be able to access it only in the morning tomorrow. I hope that's not a problem)
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.23.01
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Doc Lib :: MANDAKANI-305 [administrator]
4/23/2012 3:45:24 PM
mbam-log-2012-04-23 (15-45-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259214
Time elapsed: 13 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\WINDOWS\system32\drivers\usmvjs.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-23 17:01:01
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e ST3320813AS rev.HP21
Running: dt0pp4s0.exe; Driver: C:\DOCUME~1\DOCLIB~1\LOCALS~1\Temp\kfryiuob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xA7FFAB24] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xA7FFAB46] <-- ROOTKIT !!!
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A5100B8
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] usmvjs <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Doc Lib at 16:59:10 on 2012-04-23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.969 [GMT 5.5:30]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Doc Lib\Application Data\Dropbox\bin\Dropbox.exe
svchost.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doc Lib\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.socio.fusionace.com
uWindow Title = Fusion|Ace Enterprises - Internet Explorer
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.4\iobitToolbarIE.dll
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\wscript.exe c:\windows\system32\AntiVirus.vbs,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.4\iobitToolbarIE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\prxtbMin1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\prxtbMin1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.4\iobitToolbarIE.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\doc lib\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\doclib~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\doc lib\application data\dropbox\bin\Dropbox.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\scieplgn.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{C8F6F484-DE91-43E5-AABD-CE1EE1D0A8A6} : NameServer = 202.56.230.5,202.56.230.6,202.56.215.54
TCP: Interfaces\{CE0F0E23-3C87-4AE8-9044-E822C9B8E194} : NameServer = 202.56.230.5,202.56.230.6
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\doc lib\application data\mozilla\firefox\profiles\a9cjtpjn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\doc lib\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-11-12 126480]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-1-25 231512]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 MpKsl69f8ca39;MpKsl69f8ca39;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f10b813d-c784-4332-ab2e-afcd7087fce4}\MpKsl69f8ca39.sys [2012-4-23 29904]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-12 784792]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-10-27 54760]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\hwdeviceservice.exe -/service --> c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe -/service [?]
R2 klnagent;Kaspersky Lab Network Agent;c:\program files\kaspersky lab\networkagent 8\klnagent.exe [2010-10-20 141688]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-6-18 72576]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
RUnknown MpKslabb16ceb;MpKslabb16ceb; [x]
S2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe [2010-3-12 311680]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-18 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-23 253088]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-4-29 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-18 135664]
.
=============== Created Last 30 ================
.
2012-04-23 11:26:5929904----a-w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f10b813d-c784-4332-ab2e-afcd7087fce4}\MpKsl69f8ca39.sys
2012-04-23 10:52:4429904----a-w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f10b813d-c784-4332-ab2e-afcd7087fce4}\MpKslabb16ceb.sys
2012-04-23 10:47:48--------d-----w-c:\documents and settings\doc lib\local settings\application data\Zotero
2012-04-23 10:47:48--------d-----w-c:\documents and settings\doc lib\application data\Zotero
2012-04-23 10:46:32--------d-----w-c:\program files\Zotero Standalone
2012-04-23 10:37:1256200----a-w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f10b813d-c784-4332-ab2e-afcd7087fce4}\offreg.dll
2012-04-23 09:16:37--------d-----w-c:\documents and settings\doc lib\application data\Malwarebytes
2012-04-23 09:16:25--------d-----w-c:\documents and settings\all users\application data\Malwarebytes
2012-04-23 09:16:2422344----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-23 09:16:24--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-04-23 04:06:54418464----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-04-18 05:39:246582328----a-w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f10b813d-c784-4332-ab2e-afcd7087fce4}\mpengine.dll
2012-04-16 10:41:58--------d-----w-c:\documents and settings\doc lib\.freemind
2012-04-16 10:40:27--------d-----w-c:\program files\FreeMind
2012-04-14 06:23:30--------d-----w-c:\documents and settings\doc lib\application data\Search Settings
2012-04-14 06:23:23--------d-----w-c:\program files\IObit Toolbar
2012-04-14 06:23:23--------d-----w-c:\program files\common files\Spigot
2012-04-14 06:23:23--------d-----w-c:\program files\Application Updater
.
==================== Find3M ====================
.
2012-04-23 11:29:16741376----a-w-c:\windows\system32\drivers\usmvjs.sys
2012-04-23 05:05:1670304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05237072------w-c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:59:29.06 ===============
-
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2010 11:44:30 AM
System Uptime: 4/23/2012 4:44:39 PM (0 hours ago)
.
Motherboard: MSI | | Boston
Processor: Intel Pentium III Xeon processor | Socket 775 | 2666/1066mhz
Processor: Intel Pentium III Xeon processor | Socket 775 | 2666/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 7.26 GiB free.
D: is FIXED (NTFS) - 156 GiB total, 45.606 GiB free.
E: is FIXED (NTFS) - 93 GiB total, 77.407 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&1AF1648C&0&00F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&1AF1648C&0&00F0
Service: rtl8139
.
==== System Restore Points ===================
.
RP467: 4/18/2012 12:41:48 PM - Software Distribution Service 3.0
RP468: 4/19/2012 1:28:07 PM - System Checkpoint
RP469: 4/20/2012 1:41:11 PM - System Checkpoint
RP470: 4/21/2012 2:01:51 PM - System Checkpoint
RP471: 4/22/2012 3:01:52 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Asset Services CS4
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe PageMaker 6.5
Adobe PDF Library Files CS4
Adobe Setup
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Compendium 2.0 Beta 1
CustomerResearchQFolder
Dropbox
Foxit Reader 5.1
FreeMind
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954708)
HP Color LaserJet CP1210 Series
HP Customer Participation Program 10.0
HP LaserJet P2050 Series 4.0
HP Update
HPCarePackCore
HPCarePackProducts
hppFonts
hppQFolderP2050
hppusgCP1215
hppusgP2050
HPSSupply
IMAPSize 0.3.7
Inkscape 0.48.2
Intel(R) Graphics Media Accelerator Driver
IObit Toolbar v5.4
iPod movie Converter 3
iTunes
J2SE Runtime Environment 5.0 Update 13
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Kaspersky Anti-Virus 6.0 for Windows Workstations
Kaspersky Lab Network Agent
KeePass Password Safe 1.20
Malwarebytes Anti-Malware version 1.61.0.1400
Mangal to Kruti Converter
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mininova-Vuze Toolbar
Mozilla Firefox 5.0 (x86 en-US)
MrvlUsgTracking
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
Nero OEM
Paint.NET v3.5.1
PDF Settings
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2229593)
Segoe UI
Skype Click to Call
Skype™ 5.5
Sonic UDF Reader
Sony Picture Utility
Suite Shared Configuration CS4
Tata Photon+
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB914882)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB961503)
VLC media player 1.1.9
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows XP SP2 LIP update
WinRAR archiver
Xenu's Link Sleuth
Xerox Phaser 3122
XLSTAT-Pro
Yahoo! Detect
Zotero Standalone 3.0.3 (x86 en-US)
.
==== Event Viewer Messages From Past Week ========
.
4/22/2012 6:03:16 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: DownloadSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80240022Error description: The program can't check for definition updates.
4/22/2012 6:03:16 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: DownloadSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80240022Error description: The program can't check for definition updates.
4/22/2012 2:08:15 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: SearchSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80072f78Error description: The server returned an invalid or unrecognized response
4/21/2012 6:03:18 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: DownloadSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80240022Error description: The program can't check for definition updates.
4/21/2012 6:03:18 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: DownloadSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80240022Error description: The program can't check for definition updates.
4/20/2012 11:11:23 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/20/2012 11:11:23 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/20/2012 11:08:35 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: DownloadSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80240022Error description: The program can't check for definition updates.
4/20/2012 11:08:35 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.123.1973.0Update Source: Microsoft Update ServerUpdate Stage: DownloadSource Path: http://www.microsoft.comSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8202.0Error code: 0x80240022Error description: The program can't check for definition updates.
4/19/2012 10:18:23 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:.
4/18/2012 12:41:22 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000056' while processing the file 'wmp.dll.new' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
4/18/2012 11:11:41 AM, error: Microsoft Antimalware [1008] - Microsoft Antimalware has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sality.AM&threatid=2147605602User: NT AUTHORITY\SYSTEMName: Virus:Win32/Sality.AMID: 2147605602Severity: SevereCategory: VirusPath: Action: CleanError Code: 0x80508023Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.123.1973.0, AS: 1.123.1973.0Engine Version: 1.1.8202.0
.
==== End Of File ===========================