Jump to content

NunChukaKata

Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral
  1. This didn't work either. I added the exe plus the Apple TV IP. I also added the DNS for my router as the alternate DNS. Nothing helped get it connected back. Thanks
  2. I had already tried adding the IP of the apple tv to the list but still couldn't get it to connect back. Unless there is another stop, it may not be a resolution. Thanks
  3. I have an assumption. Home sharing is reliant on the devices being on the same network. Once you install and activate Privacy, it makes another active network (the malwarebytes vpn) on my computer and appears to kick off my normal wifi causing it to show no internet access. Since it does this, I'm assuming the Apple TV doesn't see it as being on the same network anymore causing the issue. So I'm guessing if there was some way to connect the apple device to the mbvpn network on the computer (or allow the normal network to still show access in a home network), it would fix the issue. You can see the active networks in the screenshot. I may be incorrect with my assumption, but it does make some sense. Thanks
  4. No need to rush or think it’s solely yours to figure out, I was just curious if any progress had been made since it’s been a month when the last response was posted. It would be easier if a Malwarebytes tech could give feedback. Thanks for the response
  5. Was this resolved? I'm having the same issue. I have to uninstall Privacy completely before I'm able to use the home share feature again. I just purchased Privacy today and haven't downloaded any programs besides that on my computer so it definitely has something to do with Privacy. I'm using latest Windows 10 update and latest iTunes/Apple TV iOS software. Thanks
  6. Possibly on my machine. However, I believe one of our servers may be infected and is trying to reinfect my machine but MSE catches it and quarantines it. Our MIS department is working to find the server(s) that could be infected and cleaning them. Thanks for all your help. Very much appreciated.
  7. It didn't find the virus on a normal scan either: Log: ************************************************************ Beginning threat actions Start time:‎08‎-‎30‎-‎2012 11:08:59 Threat Name:Worm:Win32/Conficker.B Threat ID:2147618124 Action:quarantine Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:containerfile Path:\\?\C:\WINDOWS\system32\wtmxv.seg Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:5E53B6ADD8D41F56832BA8A357E8E52F779CD713 File cleaned/removed successfully File Name:C:\WINDOWS\Tasks\At1.job Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA File cleaned/removed successfully File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX) Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Removal Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Finished threat ID:2147618124 Threat result:0 Threat status flags:128 Finished threat actions End time:‎08‎-‎30‎-‎2012 11:09:04 Result:0 DSS Timeout:Received results after timeout 2012-08-30T16:09:06.426Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) Begin Resource Scan Scan ID:{0ACD8C29-40B6-4168-A357-CA895329F2AB} Scan Source:3 Start Time:‎08‎-‎30‎-‎2012 11:21:16 End Time:‎08‎-‎30‎-‎2012 11:21:18 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-30T16:21:18.301Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX); 2012-08-30T16:21:18.301Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-30T16:21:23.238Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg 2012-08-30T16:21:23.238Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX); Begin Resource Scan Scan ID:{69B1118E-E7E7-47E4-8D3A-2BC3F76BE249} Scan Source:6 Start Time:‎08‎-‎30‎-‎2012 11:21:21 End Time:‎08‎-‎30‎-‎2012 11:21:23 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-30T16:21:25.472Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2012-08-30T16:21:59.528Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-30T16:21:59.528Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job 2012-08-30T16:21:59.528Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job; Begin Resource Scan Scan ID:{EA4961FE-6628-4E5F-99FC-6E21A088766B} Scan Source:6 Start Time:‎08‎-‎30‎-‎2012 11:21:23 End Time:‎08‎-‎30‎-‎2012 11:21:59 Explicit resource to scan Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:4 Resource Schema:file Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:taskscheduler Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ Beginning threat actions Start time:‎08‎-‎30‎-‎2012 11:21:59 Threat Name:Worm:Win32/Conficker.B Threat ID:2147618124 Action:quarantine Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:containerfile Path:\\?\C:\WINDOWS\system32\wtmxv.seg Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:8BC8C3B1B3DDCEA08C7B41C4559EFAF2A0539AA2 File cleaned/removed successfully File Name:C:\WINDOWS\Tasks\At1.job Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA File cleaned/removed successfully File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX) Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Removal Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Finished threat ID:2147618124 Threat result:0 Threat status flags:128 Finished threat actions End time:‎08‎-‎30‎-‎2012 11:22:04 Result:0 2012-08-30T16:22:04.542Z Task(SpyNetService -RestrictPrivileges -AccessKey 60AE3386-2D06-1ADA-8BA1-1856F380E4B4) launched 2012-08-30T16:22:06.058Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) DSS Timeout:Received results after timeout 2012-08-30T16:53:08.497Z Task(SignaturesUpdateService -UnmanagedUpdate) launched 2012-08-30T16:53:47.161Z Verifying engine and signature files (source: 0) ... 2012-08-30T16:53:48.224Z verified! 2012-08-30T16:53:57.066Z Initializing SQM in engine... 2012-08-30T16:53:57.066Z SQM initialized in the engine successfully 2012-08-30T16:53:57.316Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:‎08‎-‎30‎-‎2012 07:27:54 Last Perf:‎08‎-‎30‎-‎2012 07:27:54 First RTP Scan:‎08‎-‎30‎-‎2012 07:27:54 Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:1 System File Cache: Hits:1052 Misses:2200 BM Queue:0,660,0 Proc:0,181,0 File:0,660,0 Plugin Queue:0,1,0 Threat:0,1,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,3,0 SetEngine:1,1,0 SetState:0,1,0 SetUser:0,0,0 Config:0,1,0 ProcExcl:0,1,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:5871 Pending:0 RegSize:6056 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:2117566 AsyncQCurrent:0 BMFlags:3 ServiceMaj:0 ServiceMin:0 ProcBitmap:4096 NumInstance:3 TotalStreamCon:5966 TotalBitmap:71112 **************************END RTP Perf Log************************* Detection: 2012-08-27T12:31:49.500Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-27T12:32:04.468Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0 2012-08-27T12:58:18.062Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-27T12:58:19.656Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0 2012-08-27T20:06:31.171Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-27T20:06:45.875Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0 2012-08-28T12:28:25.906Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-28T12:28:28.906Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0 2012-08-28T13:55:57.781Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-28T13:56:13.875Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.517.0 AV 1.133.517.0 2012-08-28T14:17:22.687Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-28T14:17:39.531Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.517.0 AV 1.133.517.0 2012-08-28T14:44:51.406Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-28T14:44:53.468Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.517.0 AV 1.133.517.0 2012-08-28T15:02:27.062Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-28T15:02:28.640Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.517.0 AV 1.133.517.0 2012-08-28T17:39:31.796Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-28T17:39:34.156Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.517.0 AV 1.133.517.0 2012-08-29T17:15:33.859Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-29T17:15:50.484Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8704.0 AS 1.135.3.0 AV 1.135.3.0 2012-08-29T17:40:56.250Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-29T17:40:59.609Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8704.0 AS 1.135.3.0 AV 1.135.3.0 2012-08-29T21:29:15.046Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-29T21:29:30.093Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8704.0 AS 1.135.81.0 AV 1.135.81.0 2012-08-30T12:27:51.265Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-30T12:27:54.843Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8704.0 AS 1.135.81.0 AV 1.135.81.0
  8. That possibly could be what is happening. I ran a full scan in safe mode last night and MSE found no signs of a virus. I've posted some of the last few instances where it found something and automatically quarantined the virus. 2012-08-29T20:25:07.114Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2012-08-29T20:25:34.460Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-29T20:25:34.460Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job 2012-08-29T20:25:34.460Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job; Begin Resource Scan Scan ID:{17B7FD55-CBD8-4A82-AE7E-A8D10E28C4C8} Scan Source:6 Start Time:‎08‎-‎29‎-‎2012 15:25:05 End Time:‎08‎-‎29‎-‎2012 15:25:34 Explicit resource to scan Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:4 Resource Schema:file Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:taskscheduler Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ Beginning threat actions Start time:‎08‎-‎29‎-‎2012 15:25:34 Threat Name:Worm:Win32/Conficker.B Threat ID:2147618124 Action:quarantine Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:containerfile Path:\\?\C:\WINDOWS\system32\wtmxv.seg Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:A10C53FDAE40C189CB725910F36EB5D6689C42E1 File cleaned/removed successfully File Name:C:\WINDOWS\Tasks\At1.job Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA File cleaned/removed successfully File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX) Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Removal Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Finished threat ID:2147618124 Threat result:0 Threat status flags:128 Finished threat actions End time:‎08‎-‎29‎-‎2012 15:25:36 Result:0 2012-08-29T20:25:36.538Z Task(SpyNetService -RestrictPrivileges -AccessKey 88A7B8F3-C3C0-2AE3-EFA6-328B038FD477) launched DSS Timeout:Received results after timeout 2012-08-29T20:25:38.054Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) Begin Resource Scan Scan ID:{D45CFE02-166E-4E6B-9C22-2A2C15C10014} Scan Source:3 Start Time:‎08‎-‎29‎-‎2012 15:31:02 End Time:‎08‎-‎29‎-‎2012 15:31:03 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-29T20:31:03.607Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX); 2012-08-29T20:31:03.607Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-29T20:31:08.636Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg 2012-08-29T20:31:08.636Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX); Begin Resource Scan Scan ID:{5510E89D-AEAF-4BDB-93FC-EE09288191CF} Scan Source:6 Start Time:‎08‎-‎29‎-‎2012 15:31:07 End Time:‎08‎-‎29‎-‎2012 15:31:08 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎29‎-‎2012 16:29:15 ************************************************************ 2012-08-29T21:29:15.687Z Trace session started - MpWppTracing-08292012-162915-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 31573 Each Bucket has max capacity of -> 1 entries number of Entries is 27825 Number of invalid entries is 0 Number of Inserts issued is 113491 Number of replaces issued is 0 Number of Insert failures is 25 Number of lookups is 1892788 Number of misses is 1673279 Number of false fast lookups is 295475 Number of invalidations is 3992 Number of maintenance invalidations is 0 Current File Size is 761856 Journal ID = 1cd7fa0f8752055 Trusted image state = 1 USN = 0 2012-08-29T21:29:17.921Z Verifying RTP plugin... 2012-08-29T21:29:18.046Z verified! 2012-08-29T21:29:19.062Z Loading engine... 2012-08-29T21:29:19.203Z Verifying engine and signature files (source: 1) ... 2012-08-29T21:29:19.437Z verified! 2012-08-29T21:29:29.703Z Initializing SQM in engine... 2012-08-29T21:29:29.703Z SQM initialized in the engine successfully 2012-08-29T21:29:29.859Z loaded! 2012-08-29T21:29:29.890Z NisUpdate from SignatureDropLocation returns S_OK 2012-08-29T21:29:29.890Z NisUpdate from SignatureDefaultLocation returns S_OK 2012-08-29T21:29:29.906Z Verifying license file... 2012-08-29T21:29:29.906Z verified! 2012-08-29T21:29:29.906Z Product supports installmode: 1 2012-08-29T21:29:29.953Z Task(-GenuineCheck -RestrictPrivileges) launched 2012-08-29T21:29:30.093Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.0.1526.0 Service Version: 4.0.1526.0 Engine Version: 1.1.8704.0 AS Signature Version: 1.135.81.0 AV Signature Version: 1.135.81.0 ************************************************************ 2012-08-29T21:29:35.125Z Error retrieving instance AntiSpywareProduct:0x80041002 2012-08-29T21:29:35.796Z Successfully wrote instance of AntiVirusProduct with state(0) and up-to-date state(1) 2012-08-29T21:29:38.234Z WAT report: machine genuine, state(1) error(0x0) 2012-08-29T21:39:30.015Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2012-08-29T21:39:30.015Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 33510466(ms) 2012-08-29T21:39:30.125Z AutoPurgeWorker triggered with dwWork=0x3 2012-08-29T21:39:30.125Z Product supports installmode: 1 2012-08-29T21:39:30.390Z Task(-GenuineCheck -RestrictPrivileges) launched 2012-08-29T21:39:31.515Z WAT report: machine genuine, state(1) error(0x0) 2012-08-29T21:39:48.187Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
  9. I did the steps in the guide. When I ran the EConfickerRemover, it said didn't find any instances of Conficker and the memory and asked if I wanted to continue with the scan so I hit yes and the cmd prompt just went away. Could it be possible that I am not infected anymore? And another network drive we use be infected with the virus trying to reinstall it on my machine only to be quarantined by MSE? Here are fresh dds files: DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.6.2 Run by dedmanj at 14:02:26 on 2012-08-29 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2140 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe svchost.exe svchost.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Neon Responder Service.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Documents and Settings\dedmanj\Application Data\Dropbox\bin\Dropbox.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = www.msn.com uInternet Connection Wizard,ShellNext = hxxp://www.slizone.com/ uInternet Settings,ProxyOverride = 192.168.1.*;127.0.0.*;*.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] StartupFolder: c:\docume~1\dedmanj\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\dedmanj\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe uPolicies-system: EnableLUA = 0 (0x0) IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: microsoft.com\update DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {4592C0F5-3382-44C6-9F79-BEA2CCBDA2EA} - hxxp://onbase.lebanontn.org/activex/OBXWebSelect.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342212263919 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342212249872 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/ballistik/sis/slgwebinstall.cab DPF: {87237C1E-D4C7-4632-88D5-157F4D0258F8} - hxxp://onbase.lebanontn.org/AppNet/activex/OBXWebViewer.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxp://onbase.lebanontn.org/AppNet/activex/OBXPopup.cab DPF: {A9CEF04E-E6CE-45B5-BFAD-158103BB1007} - hxxp://onbase.lebanontn.org/AppNet/activex/OBXWebSelect.cab DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F5876F16-5217-4B38-96F3-C2BB80215302} - hxxp://onbase.lebanontn.org/activex/OBXWebViewer.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: Interfaces\{AF77C8D5-D52F-4A5C-B534-C63748B804AA} : NameServer = 192.168.1.11,192.168.1.88,8.8.8.8 TCP: Interfaces\{C464620F-5B21-484A-A733-9A8D2368D828} : NameServer = 192.168.1.11,192.168.1.5 Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - c:\program files\imagistics\desktop document manager\ExplorerExtensions.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\dedmanj\application data\mozilla\firefox\profiles\mv1z7qyd.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=61615&p= FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\dedmanj\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\dedmanj\application data\mozilla\firefox\profiles\mv1z7qyd.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll FF - plugin: c:\documents and settings\dedmanj\application data\mozilla\firefox\profiles\mv1z7qyd.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\dedmanj\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R2 LeicaCOMM;Leica Virtual COM Port Driver;c:\windows\system32\drivers\SS1VCOMM.sys [2008-10-6 29862] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-7-6 374184] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-10-22 47640] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-15 655944] R2 Neon Responder;Neon Responder;c:\windows\Neon Responder Service.exe [2010-3-11 271952] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-15 22344] S0 uuvy;uuvy;c:\windows\system32\drivers\lvlmv.sys --> c:\windows\system32\drivers\lvlmv.sys [?] S1 jgameenp;jgameenp;\??\c:\windows\system32\drivers\jgameenp.sys --> c:\windows\system32\drivers\jgameenp.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 136176] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2012-08-29 18:54:39 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3db557d9-f0c0-4b93-aa58-ea50c7187273}\mpengine.dll 2012-08-29 18:49:26 -------- d-----w- c:\documents and settings\dedmanj\application data\HpUpdate 2012-08-29 18:49:23 -------- d-----w- c:\windows\Hewlett-Packard 2012-08-28 18:51:05 7022536 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-08-28 17:49:40 271704 ----a-r- C:\hpzids01.dll 2012-08-28 15:02:08 -------- d-----w- c:\documents and settings\dedmanj\local settings\application data\ApplicationHistory 2012-08-28 14:59:35 -------- d-----w- c:\windows\system32\URTTEMP 2012-08-28 14:49:39 -------- d-----w- c:\documents and settings\dedmanj\local settings\application data\PCHealth 2012-08-28 14:12:50 -------- d-----w- c:\windows\system32\XPSViewer 2012-08-28 12:53:25 -------- d-s---w- C:\ComboFix 2012-08-27 19:21:55 -------- d-----w- c:\windows\hpoj7000e809a 2012-08-27 19:21:22 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2012-08-27 19:21:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2012-08-27 19:20:52 311808 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp091.dll 2012-08-27 19:20:52 271704 ----a-r- c:\windows\system32\hpzids01.dll 2012-08-27 19:20:52 121344 ----a-w- c:\windows\system32\hpf3l091.dll 2012-08-27 19:20:46 364544 ----a-r- c:\windows\system32\hppldcoi.dll 2012-08-27 19:20:46 309760 ----a-r- c:\windows\system32\difxapi.dll 2012-08-27 19:20:46 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2012-08-27 19:17:59 -------- d-----w- c:\program files\HP 2012-08-25 00:26:42 -------- d-----w- c:\program files\ESET 2012-08-22 21:20:34 33280 -c--a-w- c:\windows\system32\dllcache\rundll32.exe 2012-08-22 21:20:34 33280 ----a-w- c:\windows\system32\rundll32.exe 2012-08-22 18:59:36 -------- d-----w- c:\documents and settings\dedmanj\application data\NVIDIA 2012-08-22 17:49:29 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-08-22 17:49:29 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-08-22 17:49:29 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-08-22 17:49:15 -------- d-----w- c:\program files\NVIDIA Corporation 2012-08-21 13:30:04 -------- d-----w- c:\windows\system32\winrm 2012-08-21 13:29:53 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$ 2012-08-21 13:28:45 -------- d-----w- c:\program files\Windows Desktop Search 2012-08-21 13:27:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll 2012-08-21 13:27:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll 2012-08-21 13:27:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll 2012-08-21 13:26:18 -------- d-----w- c:\program files\Windows Media Connect 2 2012-08-21 13:20:42 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2012-08-20 21:17:43 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-16 19:36:09 -------- d-----w- c:\windows\system32\MpEngineStore 2012-08-16 14:21:33 -------- d-----w- c:\documents and settings\dedmanj\application data\ElevatedDiagnostics 2012-08-16 13:56:15 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-08-14 20:13:48 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-08-03 13:58:48 -------- d-----w- c:\documents and settings\dedmanj\application data\AVG2012 2012-08-02 12:43:49 -------- d-----w- c:\documents and settings\all users\application data\AVG2012 2012-08-02 12:43:00 -------- d-----w- c:\program files\AVG 2012-08-02 12:39:51 -------- d--h--w- c:\documents and settings\all users\application data\Common Files 2012-08-02 12:39:51 -------- d-----w- c:\documents and settings\all users\application data\MFAData . ==================== Find3M ==================== . 2012-08-16 13:56:00 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-16 13:55:59 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-16 13:55:59 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-14 19:23:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-14 19:23:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-13 12:27:47 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-07-13 12:27:47 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2012-07-13 12:27:46 87456 ----a-w- c:\windows\system32\LMIinit.dll 2012-07-13 12:27:46 30624 ----a-w- c:\windows\system32\LMIport.dll 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec 2012-06-07 01:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui . ============= FINISH: 14:03:35.36 =============== ATTACH: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 10/11/2007 3:04:28 PM System Uptime: 8/29/2012 12:40:27 PM (2 hours ago) . Motherboard: Supermicro | | X7DAL Processor: Intel® Xeon® CPU 5160 @ 3.00GHz | LGA771/CPU1 | 3000/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 84.218 GiB free. E: is NetworkDisk (NTFS) - 466 GiB total, 272.194 GiB free. I: is NetworkDisk (NTFS) - 668 GiB total, 405.582 GiB free. J: is NetworkDisk (NTFS) - 668 GiB total, 405.582 GiB free. L: is CDROM () S: is CDROM () V: is NetworkDisk (NTFS) - 466 GiB total, 272.194 GiB free. W: is NetworkDisk (NTFS) - 668 GiB total, 405.582 GiB free. Y: is NetworkDisk (FAT) - 112 GiB total, 5.843 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Intel® PRO/1000 EB Network Connection with I/O Acceleration Device ID: PCI\VEN_8086&DEV_1096&SUBSYS_000015D9&REV_01\6&1185AD87&0&00100018 Manufacturer: Intel Name: Intel® PRO/1000 EB Network Connection with I/O Acceleration PNP Device ID: PCI\VEN_8086&DEV_1096&SUBSYS_000015D9&REV_01\6&1185AD87&0&00100018 Service: e1express . Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Device ID: ACPI\PNP0303\5&6B1A51C&0 Manufacturer: (Standard keyboards) Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard PNP Device ID: ACPI\PNP0303\5&6B1A51C&0 Service: i8042prt . Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: PS/2 Compatible Mouse Device ID: ACPI\PNP0F13\5&6B1A51C&0 Manufacturer: Microsoft Name: PS/2 Compatible Mouse PNP Device ID: ACPI\PNP0F13\5&6B1A51C&0 Service: i8042prt . Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: DesignJet 1055CM (C6075A) Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: Hewlett-Packard Name: DesignJet 1055CM (C6075A) PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: HP LaserJet CP1525nw Device ID: ROOT\MULTIFUNCTION\0001 Manufacturer: Hewlett-Packard Name: HP LaserJet CP1525nw PNP Device ID: ROOT\MULTIFUNCTION\0001 Service: . Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: HP LaserJet CP1525nw Device ID: ROOT\MULTIFUNCTION\0002 Manufacturer: Hewlett-Packard Name: HP LaserJet CP1525nw PNP Device ID: ROOT\MULTIFUNCTION\0002 Service: . Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Centronics Printer/Plotter Device ID: ROOT\MULTIFUNCTION\0003 Manufacturer: Name: Centronics Printer/Plotter PNP Device ID: ROOT\MULTIFUNCTION\0003 Service: . Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: HP LaserJet P4014 Device ID: ROOT\MULTIFUNCTION\0004 Manufacturer: Hewlett-Packard Name: HP LaserJet P4014 PNP Device ID: ROOT\MULTIFUNCTION\0004 Service: . Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Centronics Printer/Plotter Device ID: ROOT\MULTIFUNCTION\0005 Manufacturer: Name: Centronics Printer/Plotter PNP Device ID: ROOT\MULTIFUNCTION\0005 Service: . Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Centronics Printer/Plotter Device ID: ROOT\MULTIFUNCTION\0006 Manufacturer: Name: Centronics Printer/Plotter PNP Device ID: ROOT\MULTIFUNCTION\0006 Service: . Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: hp LaserJet 4250 Device ID: ROOT\MULTIFUNCTION\0007 Manufacturer: Hewlett-Packard Name: hp LaserJet 4250 PNP Device ID: ROOT\MULTIFUNCTION\0007 Service: . Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Officejet 7000 E809a Device ID: ROOT\MULTIFUNCTION\0008 Manufacturer: HP Name: Officejet 7000 E809a PNP Device ID: ROOT\MULTIFUNCTION\0008 Service: . Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318} Description: Officejet 7000 E809a Device ID: ROOT\PRINTER\0000 Manufacturer: HP Name: Officejet 7000 E809a PNP Device ID: ROOT\PRINTER\0000 Service: . ==== System Restore Points =================== . RP1: 8/28/2012 8:56:29 AM - System Checkpoint RP2: 8/28/2012 9:02:02 AM - Software Distribution Service 3.0 RP3: 8/28/2012 9:10:10 AM - Software Distribution Service 3.0 RP4: 8/28/2012 9:27:53 AM - Software Distribution Service 3.0 RP5: 8/28/2012 9:43:57 AM - Removed HP Update RP6: 8/28/2012 9:50:57 AM - Software Distribution Service 3.0 RP7: 8/28/2012 9:59:12 AM - Software Distribution Service 3.0 RP8: 8/28/2012 10:01:06 AM - Software Distribution Service 3.0 RP9: 8/28/2012 10:09:25 AM - Software Distribution Service 3.0 RP10: 8/28/2012 10:38:56 AM - Removed HP Update RP11: 8/28/2012 1:50:42 PM - Software Distribution Service 3.0 RP12: 8/29/2012 12:01:13 PM - Installed Windows XP KB958644. RP13: 8/29/2012 12:02:44 PM - Installed Windows XP KB957097. RP14: 8/29/2012 12:04:29 PM - Installed Windows XP KB958687. RP15: 8/29/2012 1:54:36 PM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer 3DVIA Shape for Maps 7-Zip 4.65 7000E809a 7000E809a_eDocs 7000E809a_Help Adobe Acrobat 7.0 Standard - English, Français, Deutsch Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Amazon MP3 Downloader 1.0.15 APC PowerChute Personal Edition Apple Application Support Apple Mobile Device Support Apple Software Update ArcGIS ArcReader 10 ArcGIS ArcReader 10 Service Pack 1 ArcGIS ArcReader 10 Service Pack 2 ArcGIS Desktop 10 ArcGIS Desktop 10 Service Pack 1 ArcGIS Desktop 10 Service Pack 2 ArcGIS Desktop 10 Service Pack 3 ArcGIS Desktop 10 Service Pack 4 ArcGIS Editor Info ArcGIS Mobile 10 AviSynth 2.5 Barracuda Message Archiver Outlook Add-In 2.4.17 Bing Maps 3D Bonjour BPDSoftware BPDSoftware_Ini BufferChm CCleaner Compatibility Pack for the 2007 Office system Corpscon 6.0.1 Dassault Systemes Software Prerequisites x86 Desktop Document Manager DeviceDiscovery Dropbox ESET Online Scanner v3 Eye-Fi Center 3.4 ffdshow [rev 2583] [2009-01-05] Free DWG Viewer 7.1 GIS DataPRO Google Chrome Google Earth Google Update Helper GoToMeeting 4.8.0.723 GPBaseService2 GPS Pathfinder Office Haali Media Splitter Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Business Inkjet 2800 HP Business Inkjet 2800 series HP Customer Participation Program 12.0 HP Imaging Device Functions 12.0 HP Officejet 7000 E809a Series HP Smart Web Printing HP Solution Center 12.0 HP Update HPProductAssistant HPSSupply Imagistics im3511/im4511 Series PCL Printer Driver Imagistics PCL6 T1 Printer Driver Intel® PRO Network Connections 12.0.36.0 IrfanView (remove only) iTunes Java 7 Update 6 Java Auto Updater Java 6 Update 31 JavaFX 2.1.1 LightScribe 1.8.15.1 LogMeIn Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft ActiveSync Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office Access Runtime (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2008 Native Client Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileMe Control Panel Move Media Player Mozilla Firefox 9.0.1 (x86 en-US) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Ultra Edition neroxml Network NVIDIA Drivers Océ WPD OGA Notifier 2.0.0048.0 PCMark05 PerformanceTest v6.1 PixiePack Codec Pack ProductContext Python 2.5 numpy-1.0.3 Python 2.5.1 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek AC'97 Audio RealUpgrade 1.1 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Sentinel System Driver Shop for HP Supplies SiSoftware Sandra Lite XIIc SmartWebPrinting SolutionCenter Status TextPad 5 Toolbox TrayApp Trimble TrimPix Pro Configuration Center Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB2632503) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB943729) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Visual C++ 8.0 ATL (x86) WinSXS MSM Visual C++ 8.0 CRT (x86) WinSXS MSM VLC media player 2.0.2 WebFldrs XP WebReg WIDCOMM Bluetooth Software Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows Mobile Developer Power Toys Windows Mobile® Device Handbook Windows XP Service Pack 3 Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 8/29/2012 12:16:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips i8042prt intelppm IPSec jgameenp MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip WS2IFSL 8/25/2012 3:10:39 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/25/2012 3:10:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/25/2012 3:04:30 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/25/2012 3:04:19 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/25/2012 12:50:49 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/25/2012 12:48:18 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/25/2012 12:45:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/25/2012 12:44:22 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/24/2012 9:32:06 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Sophos AutoUpdate Service with arguments "-Service" in order to run the server: {BF515489-25C1-472D-8F02-378E6CC06B3C} 8/24/2012 9:31:55 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Sophos AutoUpdate Service with arguments "-Service" in order to run the server: {7CBCADE4-7AA7-43AE-BD20-D88223B6353E} 8/24/2012 9:29:42 AM, error: NETLOGON [5719] - No Domain Controller is available for domain CITYHALL due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 8/24/2012 8:32:24 PM, error: Service Control Manager [7028] - The nuunfzpr Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. 8/24/2012 1:56:11 PM, error: Service Control Manager [7023] - The Config Security service terminated with the following error: Access is denied. 8/24/2012 1:54:45 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 8/23/2012 8:48:32 AM, error: Print [33] - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 6ba 8/22/2012 8:54:13 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Conficker.B&threatid=2147618124 Name: Worm:Win32/Conficker.B ID: 2147618124 Severity: Severe Category: Worm Path: containerfile:_C:\WINDOWS\system32\wtmxv.seg;file:_C:\WINDOWS\system32\wtmxv.seg->(UPX) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.133.61.0, AS: 1.133.61.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8703.0, NIS: 0.0.0.0 8/22/2012 8:47:57 AM, error: SAVOnAccessControl [81] - 8/22/2012 8:32:57 AM, error: NETLOGON [5719] - No Domain Controller is available for domain CITYHALL due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 8/22/2012 3:48:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 8/22/2012 3:48:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips i8042prt intelppm IPSec jgameenp MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SAVOnAccessControl SAVOnAccessFilter sptd Tcpip WS2IFSL 8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/22/2012 3:48:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 8/22/2012 3:48:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/22/2012 12:23:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt jgameenp sptd 8/22/2012 12:23:27 PM, error: Service Control Manager [7001] - The Sentinel service depends on the Parport service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/22/2012 12:17:49 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1. . ==== End Of File ===========================
  10. Did that and same result. The program found the virus again after the desktop loaded. I should also mention that I tried to update MSE and it errored out. Error Code: 0x80070422 Error Description: Security Essentials can't start the update service because it's been turned off by the security administrator or because of a problem in the registry data. MPLog: Beginning threat actions Start time:‎08‎-‎25‎-‎2012 14:15:43 Threat Name:Worm:Win32/Conficker.B Threat ID:2147618124 Action:quarantine Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:containerfile Path:\\?\C:\WINDOWS\system32\wtmxv.seg Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:48A0002A7F257825476274158FA7EF5B55617040 File cleaned/removed successfully File Name:C:\WINDOWS\Tasks\At1.job Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA File cleaned/removed successfully File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX) Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Removal Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Finished threat ID:2147618124 Threat result:0 Threat status flags:128 Finished threat actions End time:‎08‎-‎25‎-‎2012 14:15:44 Result:0 2012-08-25T19:15:45.092Z Task(SpyNetService -RestrictPrivileges -AccessKey C6A6F33C-A950-1FA1-5DD6-DC9F0C5B81D0) launched 2012-08-25T19:15:46.607Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) DSS Timeout:Received results after timeout 2012-08-25T19:41:05.971Z Task(SpyNetService -RestrictPrivileges -AccessKey 4FD6930E-8D67-3CF9-F635-C1BC09FC5934) launched Begin Resource Scan Scan ID:{3C896337-481C-4403-AD8E-9FCB847406C0} Scan Source:7 Start Time:‎08‎-‎25‎-‎2012 14:41:07 End Time:‎08‎-‎25‎-‎2012 14:41:18 Explicit resource to scan Resource Schema:queryfilertsig Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe Result Count:1 Known File Number of Resources:43 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-zip.3XE) Extended Info:35874228808723 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_78.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_77.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_76.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_75.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_74.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_73.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_72.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_71.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_70.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2062.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2061.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2060.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2059.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2058.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2057.dat Extended Info:35872938128285 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-tail.3XE) Extended Info:35872753132949 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-swxcacls.3XE) Extended Info:35873857938707 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-swsc.3XE) Extended Info:35872419590621 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-swreg.3XE) Extended Info:35875489031665 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-streamtools.zip)->SF.exe Extended Info:35872676068749 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-sed.3XE) Extended Info:35874606311326 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-s0rt.3XE) Extended Info:35872142884299 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-pev.3XE) Extended Info:35874998851487 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-NirCmd.chm)->/$WWKeywordLinks/Property Extended Info:35871963681930 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-NirCmd.chm)->/$WWAssociativeLinks/Property Extended Info:35871963681930 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-NirCmd.chm)->/$FIftiMain Extended Info:35872925223583 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-NirCmd.chm)->/#ITBITS Extended Info:35872925223583 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-mynul.dat) Extended Info:35872925223583 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-iexplore.exe) Extended Info:35871981075714 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-gsar.3XE) Extended Info:35875104298964 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-grep.3XE) Extended Info:35872805577254 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-extract.3XE) Extended Info:35872707659250 Resource Schema:file Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-ERUNT.3XE) MPDetection: 2012-08-25T01:07:26.445Z DETECTION Worm:Win32/Conficker.B file:C:\Qoobox\Quarantine\C\WINDOWS\system32\wtmxv.seg.vir->(UPX) 2012-08-25T01:31:58.429Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.dll->(UPX) 2012-08-25T11:19:11.729Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.dll->(UPX) 2012-08-25T11:20:48.548Z Service stopped with exit code 0x0 2012-08-25T11:20:53.890Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-25T11:20:56.468Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0 2012-08-25T11:22:35.383Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-25T11:23:14.157Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-25T17:39:33.234Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-25T17:39:36.125Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0
  11. MPDetection: 2012-08-20T21:18:18.046Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-20T21:18:22.925Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 0.0.0.0 AS 0.0.0.0 AV 0.0.0.0 2012-08-20T21:22:59.922Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8601.0 AS 1.131.2388.0 AV 1.131.2388.0 2012-08-20T21:51:57.653Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-21T05:12:37.635Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.25.0 AV 1.133.25.0 2012-08-21T11:18:26.721Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-21T11:19:08.998Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-21T12:19:53.090Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-21T12:41:05.921Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-21T12:46:17.661Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-21T12:46:28.082Z Service stopped with exit code 0x0 2012-08-21T12:59:00.718Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-21T12:59:05.453Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.25.0 AV 1.133.25.0 2012-08-21T14:01:00.343Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-21T14:01:04.343Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.50.0 AV 1.133.50.0 2012-08-21T15:17:05.609Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-21T15:17:07.781Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.50.0 AV 1.133.50.0 2012-08-21T15:22:36.070Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-21T16:53:39.656Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-21T16:53:54.375Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.50.0 AV 1.133.50.0 2012-08-21T17:19:50.796Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-21T17:19:52.906Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.50.0 AV 1.133.50.0 2012-08-21T19:28:12.859Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-21T19:28:14.765Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.50.0 AV 1.133.50.0 2012-08-21T19:57:46.562Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-21T19:57:48.781Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.50.0 AV 1.133.50.0 2012-08-21T21:10:46.335Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-21T21:30:49.307Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-21T22:18:15.574Z DETECTION Worm:Win32/Conficker.gen!B file:C:\WINDOWS\System32\wtmxv.seg 2012-08-22T04:17:09.137Z DETECTION Worm:Win32/Conficker.gen!B file:C:\WINDOWS\system32\wtmxv.seg 2012-08-22T04:41:51.072Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.61.0 AV 1.133.61.0 2012-08-22T12:46:36.472Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-22T13:53:58.341Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-22T17:21:16.692Z Service stopped with exit code 0x0 2012-08-22T17:21:48.000Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-22T17:21:51.843Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.61.0 AV 1.133.61.0 2012-08-22T18:51:08.718Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-22T18:51:12.109Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.61.0 AV 1.133.61.0 2012-08-22T20:47:23.687Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-22T20:47:38.218Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.61.0 AV 1.133.61.0 2012-08-22T21:08:21.484Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-22T21:08:23.562Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.61.0 AV 1.133.61.0 2012-08-23T12:31:41.375Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-23T12:31:55.968Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.174.0 AV 1.133.174.0 2012-08-23T13:47:28.828Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-23T13:47:32.359Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.174.0 AV 1.133.174.0 2012-08-23T13:51:00.209Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.200.0 AV 1.133.200.0 2012-08-23T15:03:20.316Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T15:04:01.192Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-23T15:37:45.106Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T15:38:18.492Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-23T16:10:28.435Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T16:11:00.804Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-23T17:06:46.696Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T17:07:16.037Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-23T17:11:16.595Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T17:11:49.624Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-23T18:23:54.755Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T18:24:26.873Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-23T18:38:02.956Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T18:38:35.096Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-23T19:25:49.924Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T19:26:20.830Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-23T20:08:23.938Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T20:08:56.765Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-23T20:33:26.643Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T20:33:58.861Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-23T21:41:55.814Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T21:42:24.330Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-23T22:44:19.257Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T22:44:51.273Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-23T22:49:18.176Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T22:49:50.145Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-23T23:54:33.308Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-23T23:55:01.495Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T00:28:48.969Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T00:29:27.421Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T00:56:24.186Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T00:56:59.905Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T01:52:44.416Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T01:53:17.482Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T01:59:53.194Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T02:00:02.928Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T02:00:23.773Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T03:04:48.109Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T03:05:19.968Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T03:14:15.812Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T03:14:47.671Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T04:07:51.626Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T04:08:19.895Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T04:31:23.834Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T04:31:55.725Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T05:09:07.225Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T05:09:39.163Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T05:48:56.256Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T05:49:29.834Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T06:13:03.022Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T06:13:31.553Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T07:09:46.857Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T07:10:18.841Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T07:13:14.716Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T07:13:46.591Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T08:12:41.044Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T08:13:14.951Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T08:29:40.966Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T08:30:13.029Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T09:15:05.154Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T09:15:37.060Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T09:47:12.591Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T09:47:44.591Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T10:16:35.529Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T10:17:03.857Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T11:04:55.747Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T11:05:27.732Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T11:17:59.372Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T11:18:31.279Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T12:18:36.810Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T12:19:06.497Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T12:22:45.029Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T12:23:17.013Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T13:21:21.835Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T13:21:58.388Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T13:44:21.582Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T13:44:54.847Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T14:29:19.375Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-24T14:29:22.812Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0 2012-08-24T14:30:46.250Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-24T14:30:46.250Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-24T14:46:39.328Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-24T14:46:42.421Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0 2012-08-24T18:54:29.921Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-24T18:54:33.109Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0 2012-08-25T01:07:26.445Z DETECTION Worm:Win32/Conficker.B file:C:\Qoobox\Quarantine\C\WINDOWS\system32\wtmxv.seg.vir->(UPX) 2012-08-25T01:31:58.429Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.dll->(UPX) 2012-08-25T11:19:11.729Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.dll->(UPX) 2012-08-25T11:20:48.548Z Service stopped with exit code 0x0 2012-08-25T11:20:53.890Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) 2012-08-25T11:20:56.468Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0 2012-08-25T11:22:35.383Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-25T11:23:14.157Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job
  12. MPLog: -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎25‎-‎2012 06:20:53 ************************************************************ 2012-08-25T11:20:54.046Z Trace session started - MpWppTracing-08252012-062053-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 31573 Each Bucket has max capacity of -> 1 entries number of Entries is 28204 Number of invalid entries is 0 Number of Inserts issued is 110239 Number of replaces issued is 0 Number of Insert failures is 14 Number of lookups is 1330887 Number of misses is 1198864 Number of false fast lookups is 201601 Number of invalidations is 778 Number of maintenance invalidations is 0 Current File Size is 761856 Journal ID = 1cd7fa0f8752055 Trusted image state = 1 USN = 0 2012-08-25T11:20:54.156Z Verifying RTP plugin... 2012-08-25T11:20:54.156Z verified! 2012-08-25T11:20:54.156Z Verifying Nis plugin... 2012-08-25T11:20:54.156Z Loading engine... 2012-08-25T11:20:54.156Z Verifying engine and signature files (source: 1) ... 2012-08-25T11:20:54.562Z verified! 2012-08-25T11:20:56.390Z Initializing SQM in engine... 2012-08-25T11:20:56.390Z SQM initialized in the engine successfully 2012-08-25T11:20:56.421Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:(null) First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:282 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:2 TotalStreamCon:737 TotalBitmap:71112 **************************END RTP Perf Log************************* 2012-08-25T11:20:56.421Z initialized! 2012-08-25T11:20:56.421Z loaded! 2012-08-25T11:20:56.421Z NisUpdate from SignatureDropLocation returns S_OK 2012-08-25T11:20:56.421Z NisUpdate from SignatureDefaultLocation returns S_OK 2012-08-25T11:20:56.453Z Verifying license file... 2012-08-25T11:20:56.453Z verified! 2012-08-25T11:20:56.453Z Product supports installmode: 1 2012-08-25T11:20:56.468Z Task(-GenuineCheck -RestrictPrivileges) launched 2012-08-25T11:20:56.468Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.0.1526.0 Service Version: 4.0.1526.0 Engine Version: 1.1.8703.0 AS Signature Version: 1.133.248.0 AV Signature Version: 1.133.248.0 ************************************************************ 2012-08-25T11:21:08.218Z Error retrieving instance AntiSpywareProduct:0x80041002 2012-08-25T11:21:08.781Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2012-08-25T11:21:25.036Z WAT report: machine genuine, state(1) error(0x0) 2012-08-25T11:21:31.402Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2012-08-25T11:21:57.861Z Process scan (poststartupscan) started. 2012-08-25T11:22:08.768Z Process scan (poststartupscan) completed. 2012-08-25T11:22:23.397Z Task(SpyNetService -RestrictPrivileges -AccessKey D058B4B4-2641-2444-8C1B-91D5C303A982) launched Begin Resource Scan Scan ID:{6C1FA04D-478D-416F-B585-68F88FA67723} Scan Source:3 Start Time:‎08‎-‎25‎-‎2012 06:22:20 End Time:‎08‎-‎25‎-‎2012 06:22:34 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T11:22:35.244Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX); 2012-08-25T11:22:35.383Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-25T11:22:37.053Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg 2012-08-25T11:22:37.053Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX); Begin Resource Scan Scan ID:{1B5AFBB2-E1A0-49B7-B553-BEA8A16068F0} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 06:22:35 End Time:‎08‎-‎25‎-‎2012 06:22:37 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T11:22:40.984Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2012-08-25T11:23:14.157Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-25T11:23:14.157Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job 2012-08-25T11:23:14.157Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job; Begin Resource Scan Scan ID:{EAD12FC5-DD12-4F5E-8DDB-7A10DB6E742F} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 06:22:37 End Time:‎08‎-‎25‎-‎2012 06:23:14 Explicit resource to scan Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:4 Resource Schema:file Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:taskscheduler Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ Beginning threat actions Start time:‎08‎-‎25‎-‎2012 06:23:14 Threat Name:Worm:Win32/Conficker.B Threat ID:2147618124 Action:quarantine Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:containerfile Path:\\?\C:\WINDOWS\system32\wtmxv.seg Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:3C12F8247BE9CFC37BC4BE68D39A686277D26DC6 File cleaned/removed successfully File Name:C:\WINDOWS\Tasks\At1.job Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA File cleaned/removed successfully File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX) Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Removal Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Finished threat ID:2147618124 Threat result:0 Threat status flags:128 Finished threat actions End time:‎08‎-‎25‎-‎2012 06:23:16 Result:0 DSS Timeout:Received results after timeout 2012-08-25T11:23:18.732Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2012-08-25T11:26:25.646Z Task(SpyNetService -RestrictPrivileges -AccessKey C88DAB32-6D2B-BD83-16DC-7D19D192E316) launched 2012-08-25T11:31:41.689Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2012-08-25T11:31:41.689Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 71086054(ms) 2012-08-25T11:31:41.705Z AutoPurgeWorker triggered with dwWork=0x3 2012-08-25T11:31:41.705Z Product supports installmode: 1 2012-08-25T11:31:41.737Z Task(-GenuineCheck -RestrictPrivileges) launched 2012-08-25T11:31:46.437Z WAT report: machine genuine, state(1) error(0x0) 2012-08-25T11:31:55.056Z Detection State: Finished(1) Failed(0) CriticalFailed(0) Additional Actions(0) 2012-08-25T11:31:55.105Z Trace buffers written: 3, events lost: 0, buffers lost: 0, days: 0 2012-08-25T11:31:55.105Z Task(-UploadSQM -RestrictPrivileges) launched Begin Resource Scan Scan ID:{7C14A96B-056B-4A6B-A318-A28FA8020247} Scan Source:3 Start Time:‎08‎-‎25‎-‎2012 06:33:40 End Time:‎08‎-‎25‎-‎2012 06:33:41 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T11:33:41.538Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX); 2012-08-25T11:33:41.538Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-25T11:33:46.612Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg 2012-08-25T11:33:46.612Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX); Begin Resource Scan Scan ID:{14E0B876-1682-4652-AA5C-311FC33BC996} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 06:33:45 End Time:‎08‎-‎25‎-‎2012 06:33:46 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T11:33:48.673Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2012-08-25T11:34:15.673Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-25T11:34:15.673Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job 2012-08-25T11:34:15.673Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job; Begin Resource Scan Scan ID:{2F0D9AF0-94EB-48FB-888A-A04E3C66EF44} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 06:33:46 End Time:‎08‎-‎25‎-‎2012 06:34:15 Explicit resource to scan Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:4 Resource Schema:file Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:taskscheduler Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ Beginning threat actions Start time:‎08‎-‎25‎-‎2012 06:34:15 Threat Name:Worm:Win32/Conficker.B Threat ID:2147618124 Action:quarantine Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:containerfile Path:\\?\C:\WINDOWS\system32\wtmxv.seg Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:5CCA6AA2D93493939F58D63FB12CDEF8093ADB27 File cleaned/removed successfully File Name:C:\WINDOWS\Tasks\At1.job Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA File cleaned/removed successfully File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX) Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Removal Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Finished threat ID:2147618124 Threat result:0 Threat status flags:128 Finished threat actions End time:‎08‎-‎25‎-‎2012 06:34:17 Result:0 2012-08-25T11:34:17.765Z Task(SpyNetService -RestrictPrivileges -AccessKey 2C749829-4399-66BE-5EFB-CD00E6A93FE3) launched DSS Timeout:Received results after timeout 2012-08-25T11:34:19.446Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) Begin Resource Scan Scan ID:{7CABCF11-779E-49EA-9E0E-2DB174C70869} Scan Source:3 Start Time:‎08‎-‎25‎-‎2012 06:45:27 End Time:‎08‎-‎25‎-‎2012 06:45:28 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T11:45:28.629Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX); 2012-08-25T11:45:28.644Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-25T11:45:33.633Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg 2012-08-25T11:45:33.633Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX); Begin Resource Scan Scan ID:{04A04F5A-ED1F-4C84-8D9B-F6A66A09954A} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 06:45:32 End Time:‎08‎-‎25‎-‎2012 06:45:33 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T11:45:35.651Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2012-08-25T11:46:00.486Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-25T11:46:00.486Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job 2012-08-25T11:46:00.486Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job; Begin Resource Scan Scan ID:{4FDBCA08-DBC6-4102-B49C-6B83C14118E2} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 06:45:33 End Time:‎08‎-‎25‎-‎2012 06:46:00 Explicit resource to scan Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:4 Resource Schema:file Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:taskscheduler Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ Beginning threat actions Start time:‎08‎-‎25‎-‎2012 06:46:00 Threat Name:Worm:Win32/Conficker.B Threat ID:2147618124 Action:quarantine Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:containerfile Path:\\?\C:\WINDOWS\system32\wtmxv.seg Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:AECFE259887BD5E4DF0DBA78A8C6E972333DAFED File cleaned/removed successfully File Name:C:\WINDOWS\Tasks\At1.job Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA File cleaned/removed successfully File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX) Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Removal Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Finished threat ID:2147618124 Threat result:0 Threat status flags:128 Finished threat actions End time:‎08‎-‎25‎-‎2012 06:46:01 Result:0 2012-08-25T11:46:02.472Z Task(SpyNetService -RestrictPrivileges -AccessKey 2E5738C7-04F4-62D3-72D9-141EAD0D5421) launched 2012-08-25T11:46:03.973Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) DSS Timeout:Received results after timeout Begin Resource Scan Scan ID:{CA81B4D6-DA09-476D-BFB3-EA06E69ED2ED} Scan Source:3 Start Time:‎08‎-‎25‎-‎2012 07:34:58 End Time:‎08‎-‎25‎-‎2012 07:35:00 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T12:35:00.313Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX); 2012-08-25T12:35:00.313Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-25T12:35:05.297Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg 2012-08-25T12:35:05.297Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX); Begin Resource Scan Scan ID:{713EB43E-154D-4F9B-BACA-D427EB77D82A} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 07:35:03 End Time:‎08‎-‎25‎-‎2012 07:35:05 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T12:35:07.329Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2012-08-25T12:35:32.314Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-25T12:35:32.314Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job 2012-08-25T12:35:32.314Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job; Begin Resource Scan Scan ID:{68EFD913-7CF0-4AF3-B68E-DB846B9B956D} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 07:35:05 End Time:‎08‎-‎25‎-‎2012 07:35:32 Explicit resource to scan Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:4 Resource Schema:file Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:taskscheduler Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ Beginning threat actions Start time:‎08‎-‎25‎-‎2012 07:35:32 Threat Name:Worm:Win32/Conficker.B Threat ID:2147618124 Action:quarantine Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:containerfile Path:\\?\C:\WINDOWS\system32\wtmxv.seg Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:7330122A3BEFDCA7E4E1C82A5223615140E2242E File cleaned/removed successfully File Name:C:\WINDOWS\Tasks\At1.job Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA File cleaned/removed successfully File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX) Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Removal Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Finished threat ID:2147618124 Threat result:0 Threat status flags:128 Finished threat actions End time:‎08‎-‎25‎-‎2012 07:35:33 Result:0 2012-08-25T12:35:34.298Z Task(SpyNetService -RestrictPrivileges -AccessKey 95D0C944-D284-0BF6-5CB4-7D83BD52A1CA) launched 2012-08-25T12:35:35.798Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) DSS Timeout:Received results after timeout Begin Resource Scan Scan ID:{82C0856D-0B82-429C-A147-C879463A17EC} Scan Source:3 Start Time:‎08‎-‎25‎-‎2012 07:41:10 End Time:‎08‎-‎25‎-‎2012 07:41:11 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T12:41:11.416Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX); 2012-08-25T12:41:11.416Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-25T12:41:16.401Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg 2012-08-25T12:41:16.401Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX); Begin Resource Scan Scan ID:{114CA60F-E502-458E-B2CC-234D7D672D57} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 07:41:15 End Time:‎08‎-‎25‎-‎2012 07:41:16 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T12:41:18.432Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2012-08-25T12:41:43.370Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-25T12:41:43.370Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job 2012-08-25T12:41:43.370Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job; Begin Resource Scan Scan ID:{3D2E3B9F-9392-464C-BFB0-A5B97D566591} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 07:41:16 End Time:‎08‎-‎25‎-‎2012 07:41:43 Explicit resource to scan Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:4 Resource Schema:file Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:taskscheduler Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ Beginning threat actions Start time:‎08‎-‎25‎-‎2012 07:41:43 Threat Name:Worm:Win32/Conficker.B Threat ID:2147618124 Action:quarantine Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:containerfile Path:\\?\C:\WINDOWS\system32\wtmxv.seg Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:0A0B0A262D874605FDFC5CDD05445601BFEC4435 File cleaned/removed successfully File Name:C:\WINDOWS\Tasks\At1.job Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA File cleaned/removed successfully File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX) Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Removal Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Finished threat ID:2147618124 Threat result:0 Threat status flags:128 Finished threat actions End time:‎08‎-‎25‎-‎2012 07:41:44 Result:0 2012-08-25T12:41:45.354Z Task(SpyNetService -RestrictPrivileges -AccessKey EE67C3B0-1FA1-378D-93BA-089E8B25E444) launched DSS Timeout:Received results after timeout 2012-08-25T12:41:46.854Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) Begin Resource Scan Scan ID:{3E2BD182-F29D-486A-B462-89172F755553} Scan Source:3 Start Time:‎08‎-‎25‎-‎2012 07:52:02 End Time:‎08‎-‎25‎-‎2012 07:52:04 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T12:52:04.032Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX); 2012-08-25T12:52:04.032Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-25T12:52:09.047Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg 2012-08-25T12:52:09.047Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX); Begin Resource Scan Scan ID:{51B02179-F77C-48EB-ACD0-5EEBABF43036} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 07:52:07 End Time:‎08‎-‎25‎-‎2012 07:52:09 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T12:52:11.063Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2012-08-25T12:52:35.969Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-25T12:52:35.969Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job 2012-08-25T12:52:35.969Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job; Begin Resource Scan Scan ID:{2F0F19FB-0A30-4F6F-BEBA-539D355073D5} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 07:52:09 End Time:‎08‎-‎25‎-‎2012 07:52:35 Explicit resource to scan Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:4 Resource Schema:file Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:taskscheduler Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ Beginning threat actions Start time:‎08‎-‎25‎-‎2012 07:52:36 Threat Name:Worm:Win32/Conficker.B Threat ID:2147618124 Action:quarantine Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:containerfile Path:\\?\C:\WINDOWS\system32\wtmxv.seg Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:9B95757D4CF9CC5B9A2D00E6F14DC4AEA13E90D4 File cleaned/removed successfully File Name:C:\WINDOWS\Tasks\At1.job Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA File cleaned/removed successfully File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX) Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Removal Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Finished threat ID:2147618124 Threat result:0 Threat status flags:128 Finished threat actions End time:‎08‎-‎25‎-‎2012 07:52:37 Result:0 2012-08-25T12:52:37.937Z Task(SpyNetService -RestrictPrivileges -AccessKey 40D56DC5-4526-8967-1C38-84463A6DC645) launched 2012-08-25T12:52:39.437Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) DSS Timeout:Received results after timeout 2012-08-25T13:40:26.839Z Task(SpyNetService -RestrictPrivileges -AccessKey 186512DA-A422-FF5C-7A52-397207519D59) launched Begin Resource Scan Scan ID:{4F09CC6A-CE5A-4FC6-99F1-748D23FD9277} Scan Source:3 Start Time:‎08‎-‎25‎-‎2012 08:40:24 End Time:‎08‎-‎25‎-‎2012 08:40:30 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T13:40:30.402Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX); 2012-08-25T13:40:30.402Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-25T13:40:31.792Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg 2012-08-25T13:40:31.792Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX); Begin Resource Scan Scan ID:{A52C2C0E-424F-4980-A83F-2213A7F9DA69} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 08:40:30 End Time:‎08‎-‎25‎-‎2012 08:40:31 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T13:40:33.823Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2012-08-25T13:40:58.728Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-25T13:40:58.728Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job 2012-08-25T13:40:58.728Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job; Begin Resource Scan Scan ID:{2E2D248C-8AB8-4565-908C-328A231F71A1} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 08:40:31 End Time:‎08‎-‎25‎-‎2012 08:40:58 Explicit resource to scan Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:4 Resource Schema:file Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:taskscheduler Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ Beginning threat actions Start time:‎08‎-‎25‎-‎2012 08:40:58 Threat Name:Worm:Win32/Conficker.B Threat ID:2147618124 Action:quarantine Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:containerfile Path:\\?\C:\WINDOWS\system32\wtmxv.seg Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:2F77C69132A633566DCB7EBBB686F441D8D5373E File cleaned/removed successfully File Name:C:\WINDOWS\Tasks\At1.job Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA File cleaned/removed successfully File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX) Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX) Threat ID:2147618124 Resource refcount:1 Result:0 Resource action complete:Removal Schema:taskscheduler Path:\\?\C:\WINDOWS\Tasks\At1.job Threat ID:2147618124 Resource refcount:1 Result:0 Finished threat ID:2147618124 Threat result:0 Threat status flags:128 Finished threat actions End time:‎08‎-‎25‎-‎2012 08:41:00 Result:0 DSS Timeout:Received results after timeout 2012-08-25T13:41:02.212Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) Begin Resource Scan Scan ID:{E52326C0-B19A-436D-86DD-FCBA2495F1ED} Scan Source:3 Start Time:‎08‎-‎25‎-‎2012 08:58:18 End Time:‎08‎-‎25‎-‎2012 08:58:19 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T13:58:19.511Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX); 2012-08-25T13:58:19.527Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX) 2012-08-25T13:58:24.510Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg 2012-08-25T13:58:24.510Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX); Begin Resource Scan Scan ID:{15E3108A-CBEC-4CE5-8255-28EEF13C062A} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 08:58:23 End Time:‎08‎-‎25‎-‎2012 08:58:24 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:2 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************ 2012-08-25T13:58:26.526Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2012-08-25T13:58:51.459Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job 2012-08-25T13:58:51.459Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job 2012-08-25T13:58:51.459Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job; Begin Resource Scan Scan ID:{92D4A388-880C-462D-9D58-3439E9EECFCB} Scan Source:6 Start Time:‎08‎-‎25‎-‎2012 08:58:24 End Time:‎08‎-‎25‎-‎2012 08:58:51 Explicit resource to scan Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Result Count:1 Threat Name:Worm:Win32/Conficker.B ID:2147618124 Severity:5 Number of Resources:4 Resource Schema:file Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:file Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX) Extended Info:39128812877358 Resource Schema:taskscheduler Resource Path:C:\WINDOWS\Tasks\At1.job Extended Info:0 Resource Schema:containerfile Resource Path:C:\WINDOWS\system32\wtmxv.seg Extended Info:0 End Scan ************************************************************
  13. According to Microsoft Security Essentials, I had one so I removed it and had to restart. As soon as the desktop came up and everything loaded MSE quarantined another instance of the virus.
  14. <p>Eset:</p> <p> </p> <p> </p> <div>ESETSmartInstaller@High as CAB hook log:</div> <div>OnlineScanner.ocx - registred OK</div> <div># version=7</div> <div># iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)</div> <div># OnlineScanner.ocx=1.0.0.6583</div> <div># api_version=3.0.2</div> <div># EOSSerial=5fb0e6d7919aea45ae8273c0f6f3703c</div> <div># end=finished</div> <div># remove_checked=true</div> <div># archives_checked=false</div> <div># unwanted_checked=true</div> <div># unsafe_checked=false</div> <div># antistealth_checked=false</div> <div># utc_time=2012-08-25 01:32:27</div> <div># local_time=2012-08-24 08:32:27 (-0600, Central Daylight Time)</div> <div># country="United States"</div> <div># lang=1033</div> <div># osver=5.1.2600 NT Service Pack 3</div> <div># compatibility_mode=5891 16776533 42 93 0 12969113 0 0</div> <div># compatibility_mode=8192 67108863 100 0 0 0 0 0</div> <div># scanned=118365</div> <div># found=0</div> <div># cleaned=0</div> <div># scan_time=3568</div> <div>esets_scanner_update returned -1 esets_gle=53251</div> <div># version=7</div> <div># iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)</div> <div># OnlineScanner.ocx=1.0.0.6583</div> <div># api_version=3.0.2</div> <div># EOSSerial=5fb0e6d7919aea45ae8273c0f6f3703c</div> <div># end=finished</div> <div># remove_checked=true</div> <div># archives_checked=false</div> <div># unwanted_checked=true</div> <div># unsafe_checked=false</div> <div># antistealth_checked=false</div> <div># utc_time=2012-08-25 02:39:05</div> <div># local_time=2012-08-24 09:39:05 (-0600, Central Daylight Time)</div> <div># country="United States"</div> <div># lang=1033</div> <div># osver=5.1.2600 NT Service Pack 3</div> <div># compatibility_mode=5891 16776869 42 93 0 12973580 0 0</div> <div># compatibility_mode=8192 67108863 100 0 0 0 0 0</div> <div># scanned=118418</div> <div># found=1</div> <div># cleaned=1</div> <div># scan_time=3098</div> <div>C:\WINDOWS\system32\wtmxv.seg<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Conficker.AA worm (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>B420138B88EDA83A51FEA5298F72864A<span class="Apple-tab-span" style="white-space:pre"> </span>C</div> <div> </div>
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.